`data.sentinel_incidents` in `microsoft_sentinel` plugin - Githubissues

blackstork-io / fabric

An open-source command-line tool for reporting workflow automation and a configuration language for reusable templates. Reporting-as-Code

https://blackstork.io/fabric/

Apache License 2.0

10 stars 0 forks source link

`data.sentinel_incidents` in `microsoft_sentinel` plugin #129

Open traut opened 2 months ago

traut commented 2 months ago

Description

Microsoft Sentinel is a widely adopted cloud-native security solution that provides SIEM and SOAR capabilities.

Use Case

Sentinel Incidents is an essential feature of Sentinel, and the security team often reports on incident metrics.

Requirements

configuration attributes:
- subscription_id - (required) string attribute (docs)
- resource_group_name - (required) string attribute
- workspace_name - (required) string attribute
- api_version - (optional) string attribute, 2023-11-01 by default
execution attributes:
- filter - (optional) string attribute
- order_by - (optional) string attribute
- limit - (optional) int attribute (== $top query param for the endpoint)

The data source returns a list of values returned by the endpoint.

Additional Information

Sentinel Incidents endpoint docs with examples -- https://learn.microsoft.com/en-us/rest/api/securityinsights/incidents/list?view=rest-securityinsights-2023-11-01&tabs=HTTP
Sentinel Python SDK code - https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py#L635