Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article lists the current and past versions of the Microsoft Sentinel REST APIs.
Note
Starting from the 2021-09-01-preview release, every Preview version contains all Preview operation groups. Starting from the 2021-10-01 release, every Stable version contains all Stable operation groups. If an operation group hasn’t changed since last version, it will carry over as-is to the new version.
Preview versions
To take advantage of all the latest Public Preview features, use the latest preview version. Preview versions are also released to test new functionality, gather feedback, and identify and fix issues. Preview APIs are available under the Supplemental Terms of Use for Microsoft Azure Previews.
Stable versions
Use the latest stable version when you want to access the latest generally available (GA) features.
| API version | Specification | API updates |
|---|---|---|
2025-06-01 |
Swagger specification | Release note |
2025-03-01 |
Swagger specification | Release note |
2024-09-01 |
Swagger specification | Release note |
2024-03-01 |
Swagger specification | Release note |
2023-11-01 |
Swagger specification | Release note |
2023-02-01 |
Swagger specification | Release note |
2022-11-01 |
Swagger specification | |
2022-08-01 |
Swagger specification | Release note |
2021-10-01 |
Swagger specification | Release note |
2021-04-01 |
Swagger specification | Release note |
2020-01-01 |
Swagger specification | Release note |
Release notes
2025-07-01-preview
This API version is the current Preview release of the Microsoft Sentinel REST APIs. It includes all the previously released Preview & GA features.
- SourceControl
- Added support to Workload Identity Federation for authentication and authorization during CI/CD workflow
2025-06-01
This API version is the current generally available (GA) release of the Microsoft Sentinel REST APIs. Generally available features in this release include:
- SourceControl
- Added support to Workload Identity Federation for authentication and authorization during CI/CD workflow
2025-04-01-preview
It includes all the previously released Preview & GA features.
- ContentProductPackages and ContentProductTemplates
- Support new kind CustomDection.
2025-03-01
Generally available features in this release include:
- ContentProductPackages
- Added support for $search in contentProductPackages listing API.
- Added support for new contentKinds SummaryRule.
- SourceControl
2025-01-01-preview
It includes all the previously released Preview & GA features.
- Automation Rules
- Add new automation rule condition type (IncidentCustomDetectionRuleIds) to allow triggering of automation rules for incidents that contain alerts created by specific custom detection rules.
- Add new automation rule condition type (IncidentAlertTitle) to allow triggering of automation rules based on titles of alerts in the triggering incident.
- Source Controls
- The current spec and documentation use the spelling "AnalyticRule" in the {properties.contentTypes} field, but our service recognizes only "AnalyticsRule". The behavior of the service is correct, so we would like to correct the spec - link
- Incidents
- Add 2 new properties to IncidentAdditionalData to enable tracking of merged or redirected incidents: + mergedIncidentUrl: The URL to the incident that the current incident was merged into + mergedIncidentNumber: The incident number of the incident that the current incident was merged into
- Removing the "Create team" action.
2024-10-01-preview
It includes all the previously released Preview & GA features.
- ContentProductPackages
- Added support for $search in contentProductPackages listing API.
- Added support for new contentKinds SummaryRule.
- Data connector
- Added new data connector kind PurviewAudit.
2024-09-01
Generally available features in this release include:
- DataConnectorDefinitions
- New API to support codeless connectors
- Data Connectors
- Added new connector kind RestApiPoller
- Support new data connectors:
- MDTI
- Microsoft Threat Intelligence(MDTI)
- PMDTI
- Premium Microsoft Defender For ThreatIntelligence(PMDTI)
- MDTI
- Watchlist
- Convert the following operations to asynchronous
- DELETE
- PUT
- Convert the following operations to asynchronous
2024-04-01-preview
It includes all the previously released Preview & GA features.
- ThreatIntelligence
- Added new TI CRUD APIs, Bulk Actions, Ingestions Rules
- BusinessApplicationAgents
- Introduced new resources
- BusinessApplicationAgents/Systems/Actions
- Introduced new resources
2024-03-01
Generally available features in this release include:
- Incident tasks
- Add tasks as a nested resource for incidents, and the ability to create tasks from automation rules
- Playbook manual trigger
- Add ability to manually trigger a playbook on an incident, entity, or alert
2024-01-01-preview
It includes all the previously released Preview & GA features.
- Data Connectors
- Added new connector kind RestApiPoller
- Enrichment
- Added new endpoints
- ListGeodataByIp
- ListWhoisByDomain
- Added new endpoints
- Recommendations
- Divided the Recommendation into multiple Suggestions.
- Added a new "InProgress" state and changed existing ones.
- Added new endpoint
- triggerEvaluation
- ThreatIntelligence
- Added new endpoints
- Query
- Count
- Added new endpoints
2023-12-01-preview
It includes all the previously released Preview & GA features.
2023-11-01
Generally available features in this release include:
- Content hub
- Added more supported OData parameters.
2023-10-01-preview
This release includes all the previously released Preview features and in addition, the following enhancements:
- Data Connectors
- DataConnectorDefinitions - Added exception for the word "Criterias" in the file cSpell.json.
- Content hub
- Added more supported OData parameters.
2023-08-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Workspace Manager
- Corrective change on WorkspaceManagerMember parameter name.
2023-07-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Data Connectors
- New API endpoint added to manage Data Connector Definitions.
2023-06-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Source Controls
- Added ability to manage Source Control connections via API by adding repository access parameters.
2023-05-01-preview
This release includes all the previously released Preview features, plus the following additions:
Billing Statistics
- Provides billing statistics, such as current usage of the Microsoft Sentinel solution for SAP applications.
Data Connectors
2023-04-01-preview
This release includes all the previously released Preview features, plus the following additions:
Workspace Manager
- The Microsoft Sentinel Workspace Manager enables customers and partners to manage multiple Microsoft Sentinel workspaces from a central point. Endpoints included:
- WorkspaceManagerConfigurations
- WorkspaceManagerMembers
- WorkspaceManagerGroups
- WorkspaceManagerAssignments
- The Microsoft Sentinel Workspace Manager enables customers and partners to manage multiple Microsoft Sentinel workspaces from a central point. Endpoints included:
Hunts
- Added Hunts endpoint
2023-03-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Playbooks
- Entity Trigger
- New endpoint to allow manual trigger of a playbook on an entity.
2023-02-01
Generally available features in this release include:
- Alert Rules (also known as analytics rules)
- Incidents
- Added provider fields to accommodate Sentinel - Microsoft 365 Defender incidents' bi-directional sync
2023-02-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Data Connectors
- New data connector kind added, MicrosoftPurviewInformationProtection. Microsoft Purview Information Protection data connector
- Added filteredProviders property to Microsoft Threat Protection data connector.
- Alert Rules (also known as analytics rules)
- New endpoints added
- triggeredAnalyticsRuleRuns – Get/GetAll
- alertRules/{ruleId}/triggerRuleRun
- New endpoints added
2022-12-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Incidents
- Add incident tasks as a nested resource for incidents
2022-11-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Recommendations
- Recommendations API version added
2022-10-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Automation Rules
- Alert Rules (also known as analytics rules)
- Support alert per event grouping setting for Near Real Time(NRT) alert rules
2022-09-01-preview
This release includes all the previously released Preview features, plus the following additions:
- Automation Rules
- Alert Rules (also known as analytics rules)
- Support alert per event grouping setting for Near Real Time(NRT) alert rules
2022-08-01
Generally available features in this release include:
- Alert Rules (also known as analytics rules)
- MITRE support
2022-08-01-preview
This version includes all the previously released Preview features, plus the following additions:
- File imports
- New operation group. Allows bulk addition of indicators to Threat Intelligence. Learn more
2021-10-01
This version includes all the previously released generally available (GA) features, plus the following additions:
- Alert Rules (also known as analytics rules)
- Alert grouping alignment
- Entity mapping
- Custom details
- Alert details
- Automation Rules
- Onboarding States
2021-10-01-preview
This version includes all the previously released Preview features, plus the following additions:
- Alert Rules (also known as analytics rules)
- MITRE tactics and techniques supported in analytics rules models.
- Automation Rules
- New endpoint added for running playbooks on-demand on incidents.
- Bookmarks
- Support MITRE techniques.
- Support extended entity mapping.
- Data connectors
- Support Office connectors.
- Incidents
- Techniques supported in the incident schema.
- Provider incident URL added to incident schema.
2021-09-01-preview
This version includes all the previously released Preview features, plus the following additions:
- Alert Rules (also known as analytics rules)
- Data connectors
2021-04-01
Generally available features in this release include:
- Incidents
- Threat Intelligence
- Watchlists
- Incidents
2020-01-01
Generally available features in this release include:
- Alert rules
- Alert rules templates
- Bookmarks
- Data connectors
- Incidents