Incident Relations - List
Gets all relations for a given incident.
GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations?api-version=2024-03-01GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations?api-version=2024-03-01&$filter={$filter}&$orderby={$orderby}&$top={$top}&$skipToken={$skipToken}URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
incident
|
path | True |
string |
Incident ID |
|
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string uuid |
The ID of the target subscription. The value must be an UUID. |
|
workspace
|
path | True |
string |
The name of the workspace. Regex pattern: |
|
api-version
|
query | True |
string |
The API version to use for this operation. |
|
$filter
|
query |
string |
Filters the results, based on a Boolean condition. Optional. |
|
|
$orderby
|
query |
string |
Sorts the results. Optional. |
|
|
$skip
|
query |
string |
Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. |
|
|
$top
|
query |
integer int32 |
Returns only the first n results. Optional. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK |
|
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
Get all incident relations.
Sample request
GET https://management.azure.com/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations?api-version=2024-03-01
Sample response
{
"value": [
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014",
"name": "4bb36b7b-26ff-4d1c-9cbe-0d8ab3da0014",
"type": "Microsoft.SecurityInsights/incidents/relations",
"etag": "190057d0-0000-0d00-0000-5c6f5adb0000",
"properties": {
"relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/bookmarks/2216d0e1-91e3-4902-89fd-d2df8c535096",
"relatedResourceName": "2216d0e1-91e3-4902-89fd-d2df8c535096",
"relatedResourceType": "Microsoft.SecurityInsights/bookmarks"
}
},
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/afbd324f-6c48-459c-8710-8d1e1cd03812/relations/9673a17d-8bc7-4ca6-88ee-38a4f3efc032",
"name": "9673a17d-8bc7-4ca6-88ee-38a4f3efc032",
"type": "Microsoft.SecurityInsights/incidents/relations",
"etag": "6f714025-dd7c-46aa-b5d0-b9857488d060",
"properties": {
"relatedResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/entities/1dd267cd-8a1f-4f6f-b92c-da43ac8819af",
"relatedResourceName": "1dd267cd-8a1f-4f6f-b92c-da43ac8819af",
"relatedResourceType": "Microsoft.SecurityInsights/entities",
"relatedResourceKind": "SecurityAlert"
}
}
]
}Definitions
| Name | Description |
|---|---|
|
Cloud |
Error response structure. |
|
Cloud |
Error details. |
|
created |
The type of identity that created the resource. |
| Relation |
Represents a relation between two resources |
|
Relation |
List of relations. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
CloudError
Error response structure.
| Name | Type | Description |
|---|---|---|
| error |
Error data |
CloudErrorBody
Error details.
| Name | Type | Description |
|---|---|---|
| code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
| message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
createdByType
The type of identity that created the resource.
| Name | Type | Description |
|---|---|---|
| Application |
string |
|
| Key |
string |
|
| ManagedIdentity |
string |
|
| User |
string |
Relation
Represents a relation between two resources
| Name | Type | Description |
|---|---|---|
| etag |
string |
Etag of the azure resource |
| id |
string |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties.relatedResourceId |
string |
The resource ID of the related resource |
| properties.relatedResourceKind |
string |
The resource kind of the related resource |
| properties.relatedResourceName |
string |
The name of the related resource |
| properties.relatedResourceType |
string |
The resource type of the related resource |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
RelationList
List of relations.
| Name | Type | Description |
|---|---|---|
| nextLink |
string |
URL to fetch the next set of relations. |
| value |
Relation[] |
Array of relations. |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |