MicrosoftHi All,
Hereby the script is was talking about before to create detection rules of multiple rules templates in Microsoft Sentinel
I've added a readme file to the GitHub page explaining the parameters and options that can be used.
What the script does, is excepting an list of data connectors, and enable the alert rules for these data connectors.
You can also use a watchlist as an input to enable the rules based on the enabled connectors.
A log file will be created for rules that gave an error on enabling. This due to some mismatches in tactics and techniques configured in some of the build-in rules.
https://github.com/SecureHats/SecureHacks/tree/main/scripts/Azure/Sentinel/Enable-AlertRules
Looking formward to you feedback 😉
