🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

n8n-nodes-microsoft-sentinel

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

n8n-nodes-microsoft-sentinel

n8n node for interacting with Microsoft Sentinel

0.1.6
latest
Source
npm
Version published
Maintainers
1
Created
Source

n8n-nodes-microsoft-sentinel

This is an n8n community node. It lets you interact with Microsoft Sentinel workspaces and resources.

n8n is a fair-code licensed workflow automation platform.

Installation Example Workflow Operations Compatibility Resources

Installation

Follow the installation guide in the n8n community nodes documentation.

Example Workflow

This workflow will get all available Sentinel instances and retrieve all Active and New High severity incidents. alt text

Node settings

alt text

Workflow JSON

Copy and paste the following workflow JSON into your n8n editor to recreate the workflow:

{
  "nodes": [
    {
      "parameters": {},
      "type": "n8n-nodes-base.manualTrigger",
      "typeVersion": 1,
      "position": [
        -500,
        -40
      ],
      "id": "3e2bb6a5-abd3-4b5e-bb8a-9d1d10595d1c",
      "name": "When clicking ‘Test workflow’"
    },
    {
      "parameters": {
        "resource": "instance",
        "requestOptions": {}
      },
      "type": "n8n-nodes-microsoft-sentinel.microsoftSentinel",
      "typeVersion": 1,
      "position": [
        -280,
        -40
      ],
      "id": "449fe0b6-5e4f-43be-bfec-777bb8693cab",
      "name": "Get Sentinel Instances",
      "credentials": {
        "microsoftSentinelOAuth2Api": {
          "id": "1",
          "name": "Your Sentinel Creds"
        }
      }
    },
    {
      "parameters": {
        "sentinelInstance": "={{ $json.sentinelInstance }}",
        "options": {
          "orderBy": "properties/lastModifiedTimeUtc",
          "sort": "desc"
        },
        "filters": {
          "severity": [
            "High"
          ],
          "status": [
            "Active",
            "New"
          ]
        },
        "requestOptions": {}
      },
      "type": "n8n-nodes-microsoft-sentinel.microsoftSentinel",
      "typeVersion": 1,
      "position": [
        -60,
        -40
      ],
      "id": "63353297-1aa9-468f-8357-717aa0ac009b",
      "name": "Get All High Open Incidents",
      "credentials": {
        "microsoftSentinelOAuth2Api": {
          "id": "1",
          "name": "Your Sentinel Creds"
        }
      }
    }
  ],
  "connections": {
    "When clicking ‘Test workflow’": {
      "main": [
        [
          {
            "node": "Get Sentinel Instances",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Get Sentinel Instances": {
      "main": [
        [
          {
            "node": "Get All High Open Incidents",
            "type": "main",
            "index": 0
          }
        ]
      ]
    }
  }
}

Operations

Instance:

  • Get instances: Retrieves a list of Sentinel workspaces available to your account

Alert Rule:

  • Create or Update: Creates a new alert rule if it does not exist, or updates an existing alert rule
  • Delete: Deletes an alert rule
  • Get: Retrieves an alert rule
  • Get Many: Retrieves multiple alert rules
  • Get Template: Retrieves a template for creating an alert rule
  • Get Many Templates: Retrieves multiple templates for creating alert rules

Automation Rule:

  • Create or Update: Creates a new automation rule if it does not exist, or updates an existing automation rule
  • Delete: Deletes an automation rule
  • Get: Retrieves an automation rule
  • Get Many: Retrieves multiple automation rules

Incident:

  • Create or Update: Creates a new incident if it does not exist, or updates an existing incident
  • Delete: Deletes an incident
  • Get: Retrieves an incident
  • Get Many: Retrieves multiple incidents
  • Get Alerts: Retrieves alerts associated with an incident
  • Get Entities: Retrieves entities associated with an incident
  • Create or Update Comment: Creates a new comment if it does not exist, or updates an existing comment
  • Delete Comment: Deletes a comment associated with an incident
  • Get Comment: Retrieves a comment associated with an incident
  • Get Many Comments: Retrieves comments associated with an incident

Query:

  • Run Query: Runs a Kusto (KQL) query against a Sentinel workspace

Compatibility

Tested with n8n v1.50.2

Resources

Keywords

n8n-community-node-package

FAQs

Package last updated on 03 Apr 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts

Research

Security News

Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts

Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.

By Olivia Brown  -  May 15, 2025