❌

Normal view

There are new articles available, click to refresh the page.
Before yesterdayMain stream

Accessing ExposureGraphNodes and ExposureGraphEdges via advanced hunting api

βœ‡MicrosoftSentinel
By: /u/Old-Illustrator2487
13 October 2025 at 14:49
Accessing ExposureGraphNodes and ExposureGraphEdges via advanced hunting api

Anyone had any success querying the ExposureGraphNodes/Edges tables using a logic app?

I know they haven't exposed the direct API yet for Exposure Management, but it would be nice to be able to automate the search results and sent to developers (attributing CVEs to source repos for remediation).

https://preview.redd.it/hjazvk7wdxuf1.png?width=1275&format=png&auto=webp&s=7cb01bdc614f2f18c2e742c7db0e0c5def9e6a3b

I can use the tables fine via my user in the Portal.

https://preview.redd.it/nurr2q2ldxuf1.png?width=1359&format=png&auto=webp&s=a806b26f650525cd6c03fd8a3c195281be502afa

submitted by /u/Old-Illustrator2487
[link] [comments]

Azure resource graph

βœ‡MicrosoftSentinel
By: /u/Old-Illustrator2487
2 June 2025 at 21:07

I have a use case to filter and query the defender for CSPM security assessments, and run playbooks from there. That data is in the azure resource graph. As some know, the arg(β€œβ€). function doesn’t work in sentinel to do a cross service query. Has someone else had this situation and ended up ingesting the resource graph data, or come up with a different solution?

submitted by /u/Old-Illustrator2487
[link] [comments]
❌
❌