API versions of Microsoft Sentinel REST APIs
This article lists the current and past versions of the Microsoft Sentinel REST APIs.
Note
Starting from the 2021-09-01-preview release, every Preview version contains all Preview operation groups. Starting from the 2021-10-01 release, every Stable version contains all Stable operation groups. If an operation group hasn’t changed since last version, it will carry over as-is to the new version.
Preview versions
Use the latest preview version when you want to take advantage of all the latest Public Preview features. Note that preview versions are also released to test new functionality, gather feedback, and discover and fix issues. Preview APIs are available under the Supplemental Terms of Use for Microsoft Azure Previews.
| API version | Specification | API updates |
|---|---|---|
2023-03-01-preview |
Swagger specification | Release note |
2023-02-01-preview |
Swagger specification | Release note |
2022-12-01-preview |
Swagger specification | Release note |
2022-11-01-preview |
Swagger specification | Release note |
2022-10-01-preview |
Swagger specification | Release note |
2022-09-01-preview |
Swagger specification | Release note |
2022-08-01-preview |
Swagger specification | Release note |
2022-07-01-preview |
Swagger specification | |
2022-06-01-preview |
Swagger specification | |
2022-05-01-preview |
Swagger specification | |
2022-04-01-preview |
Swagger specification | |
2022-01-01-preview |
Swagger specification | |
2021-10-01-preview |
Swagger specification | Release note |
2021-09-01-preview |
Swagger specification | Release note |
2021-03-01-preview |
Swagger specification | |
2019-01-01-preview |
Swagger specification |
Stable versions
Use the latest stable version when you want to access the latest generally available (GA) features.
| API version | Specification | API updates |
|---|---|---|
2023-02-01 |
Swagger specification | Release note |
2022-11-01 |
Swagger specification | |
2022-08-01 |
Swagger specification | Release note |
2021-10-01 |
Swagger specification | Release note |
2021-04-01 |
Swagger specification | Release note |
2020-01-01 |
Swagger specification | Release note |
Release notes
2023-03-01-preview
This is the current Preview release of the Microsoft Sentinel REST APIs. It includes all the previously released Preview features, plus the following additions:
- Playbooks
- Entity Trigger
- New endpoint to allow manual trigger of a playbook on an entity.
2023-02-01
This is the current generally available (GA) release of the Microsoft Sentinel REST APIs. It includes all the previously released GA features, plus the following additions:
- Alert Rules (also known as analytics rules)
- Incidents
- Added provider fields to accommodate Sentinel - Microsoft 365 Defender incidents' bi-directional sync
2023-02-01-preview
It includes all the previously released Preview features, plus the following additions:
- Data Connectors
- New data connector kind added, MicrosoftPurviewInformationProtection. Microsoft Purview Information Protection data connector
- Added filteredProviders property to Microsoft Threat Protection data connector.
- Alert Rules (also known as analytics rules)
- New endpoints added
- triggeredAnalyticsRuleRuns – Get/GetAll
- alertRules/{ruleId}/triggerRuleRun
- New endpoints added
2022-12-01-preview
It includes all the previously released Preview features, plus the following additions:
- Incidents
- Add incident tasks as a nested resource for incidents
2022-11-01-preview
It includes all the previously released Preview features, plus the following additions:
- Recommendations
- Recommendations API version added
2022-10-01-preview
It includes all the previously released Preview features, plus the following additions:
- Automation Rules
- Alert Rules (also known as analytics rules)
- Support alert per event grouping setting for NRT alert rules
2022-09-01-preview
It includes all the previously released Preview features, plus the following additions:
- Automation Rules
- Alert Rules (also known as analytics rules)
- Support alert per event grouping setting for NRT alert rules
2022-08-01
This is the current generally available (GA) release of the Microsoft Sentinel REST APIs. It includes all the previously released GA features, plus the following additions:
- Alert Rules (also known as analytics rules)
- MITRE support
2022-08-01-preview
This version includes all the previously released Preview features, plus the following additions:
- File imports
- New operation group. Allows bulk addition of indicators to Threat Intelligence. Learn more
2021-10-01
This version includes all the previously released generally available (GA) features, plus the following additions:
- Alert Rules (also known as analytics rules)
- Alert grouping alignment
- Entity mapping
- Custom details
- Alert details
- Automation Rules
- Onboarding States
2021-10-01-preview
This version includes all the previously released Preview features, plus the following additions:
- Alert Rules (also known as analytics rules)
- MITRE tactics and techniques have been updated in analytics rules models.
- Automation Rules
- New endpoint added for running playbooks on-demand on incidents.
- Bookmarks
- MITRE techniques have been added.
- Extended entity mapping support has been added.
- Data connectors
- Office connectors have been added.
- Incidents
- Techniques have been added to the incident schema.
- Provider incident URL has been added to incident schema.
2021-09-01-preview
This version includes all the previously released Preview features, plus the following additions:
- Alert Rules (also known as analytics rules)
- Template version
- NRT
- Add Office IRM connector support
- Data connectors
2021-04-01
Generally available features in this release include:
- Incidents
- Threat Intelligence
- Watchlists
- Incidents
2020-01-01
Generally available features in this release include:
- Alert rules
- Alert rules templates
- Bookmarks
- Data connectors
- Incidents