Microsoft Sentinel - Get Incident by ID - Cisco XDR Connect

This atomic belongs to the Microsoft Sentinel atomic group.

This atomic fetches an Incident by ID.

Target: Microsoft Sentinel

Steps:

Build the query string
Fetch incident by ID
Check if the request was successful:
- If it was, set the output variable
- If it wasn't, output an error

More information about this API: https://learn.microsoft.com/en-us/rest/api/securityinsights/incidents/get?view=rest-securityinsights-2025-06-01&tabs=HTTP

Integration

Microsoft Sentinel

Authorship

Cisco Managed