Forum Discussion
Auto Disabled (Rule Name)
Hi Team, One of scheduled rule is auto disabled 2 days ago (31-aug) and showing like "The alert rule was disabled due to too many consecutive failures. Reason: The query was blocked as it was co...
akshay25june- Sometimes the GUI can cause issues like this when a rule cannot be overwritten, I recommend
Export the rule via the gui to save it, remove using powershell and re-import.
Searching for the rule, capture the rule ID and then utilise Remove-AzSentinelAlertRule.
Get-AzSentinelAlertRule -ResourceGroupName <RG-Name> -WorkspaceName <LogAnalytics-Name> `
| where Name -eq "<Rule-ID>"
And the equivalent removal PS: https://learn.microsoft.com/en-us/powershell/module/az.securityinsights/remove-azsentinelalertrule?view=azps-13.0.0