Feature Request - Azure Sentinel - Configure entityMappings and Custom Details on Alert Rules

[jstaffin-presidio]

Azure Sentinel has added a new method for configuring Entity mappings and a method for defining custom details (key/value pairs).

This page describes the Azure Portal method for configuring the Entity Mappings on an alert rule
https://docs.microsoft.com/en-us/azure/sentinel/map-data-fields-to-entities

This page describes the Azure Portal method for configuring the custom details key/value Paris on an alert rule
https://docs.microsoft.com/en-us/azure/sentinel/surface-custom-details-in-alerts

Neither the current GA nor the preview REST or SDK for go support configuring these elements on an alert rule.

At the moment all other aspects of our sentinel deployment are automated except for this capability. We require the ability to map these values to surface required context on the generated alert for use in our SOAR workflows. We currently deploy rules using an automated method and require Azure Portal manual configuration to perform the remaining entity mapping and custom details configuration.

[kaovd]

Echoing this standpoint on SOAR Workflows in order to migrate to this new method we need this to come into the specs and downstream to relevant SDK providers for 2021-03-01-preview
https://github.com/Azure/azure-rest-api-specs/tree/master/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-03-01-preview
From the looks of it this still seems heavy in dev and there is no SecurityInsights.json laid out. Is this getting backported to 2019-01-01-preview at all?

[kaovd]

I see this got removed from needs triage but still has no assigne - is there any attention to this? I think that #14753 is going to resolve this.