incident_comments
Creates, updates, deletes, gets or lists a incident_comments resource.
Overview
| Name | incident_comments |
| Type | Resource |
| Id | azure.sentinel.incident_comments |
Fields
- vw_incident_comments
- incident_comments
| Name | Datatype | Description |
|---|---|---|
author | text | field from the properties object |
created_time_utc | text | field from the properties object |
etag | text | Etag of the azure resource |
incidentCommentId | text | field from the properties object |
incidentId | text | field from the properties object |
last_modified_time_utc | text | field from the properties object |
message | text | field from the properties object |
resourceGroupName | text | field from the properties object |
subscriptionId | text | field from the properties object |
workspaceName | text | field from the properties object |
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
properties | object | Incident comment property bag. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | incidentCommentId, incidentId, resourceGroupName, subscriptionId, workspaceName | Gets a comment for a given incident. |
list | SELECT | incidentId, resourceGroupName, subscriptionId, workspaceName | Gets all comments for a given incident. |
create_or_update | INSERT | incidentCommentId, incidentId, resourceGroupName, subscriptionId, workspaceName | Creates or updates a comment for a given incident. |
delete | DELETE | incidentCommentId, incidentId, resourceGroupName, subscriptionId, workspaceName | Deletes a comment for a given incident. |
SELECT examples
Gets all comments for a given incident.
- vw_incident_comments
- incident_comments
SELECT
author,
created_time_utc,
etag,
incidentCommentId,
incidentId,
last_modified_time_utc,
message,
resourceGroupName,
subscriptionId,
workspaceName
FROM azure.sentinel.vw_incident_comments
WHERE incidentId = '{{ incidentId }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
SELECT
etag,
properties
FROM azure.sentinel.incident_comments
WHERE incidentId = '{{ incidentId }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
INSERT example
Use the following StackQL query and manifest file to create a new incident_comments resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO azure.sentinel.incident_comments (
incidentCommentId,
incidentId,
resourceGroupName,
subscriptionId,
workspaceName,
etag,
properties
)
SELECT
'{{ incidentCommentId }}',
'{{ incidentId }}',
'{{ resourceGroupName }}',
'{{ subscriptionId }}',
'{{ workspaceName }}',
'{{ etag }}',
'{{ properties }}'
;
- name: your_resource_model_name
props:
- name: etag
value: string
- name: properties
value:
- name: createdTimeUtc
value: string
- name: lastModifiedTimeUtc
value: string
- name: message
value: string
- name: author
value:
- name: email
value: string
- name: name
value: string
- name: objectId
value: string
- name: userPrincipalName
value: string
DELETE example
Deletes the specified incident_comments resource.
/*+ delete */
DELETE FROM azure.sentinel.incident_comments
WHERE incidentCommentId = '{{ incidentCommentId }}'
AND incidentId = '{{ incidentId }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';