incidents_entities
Creates, updates, deletes, gets or lists a incidents_entities resource.
Overview
| Name | incidents_entities |
| Type | Resource |
| Id | azure.sentinel.incidents_entities |
Fields
| Name | Datatype | Description |
|---|---|---|
entities | array | Array of the incident related entities. |
metaData | array | The metadata from the incident related entities results. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
list | SELECT | incidentId, resourceGroupName, subscriptionId, workspaceName | Gets all entities for an incident. |
SELECT examples
Gets all entities for an incident.
SELECT
entities,
metaData
FROM azure.sentinel.incidents_entities
WHERE incidentId = '{{ incidentId }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';