Forum Discussion

pecific147's avatar
pecific147
Copper Contributor
Dec 08, 2022

Bulk Closure of old Incidents via PowerShell

Hi All,    I am trying to close all MS Sentinel incidents via PowerShell using below script.   Get-AzSentinelIncident -WorkspaceName "XXXXXX_XXXXXX" -All | Where-Object {$_.status -eq "New"} | Fo...
apis
Rod_Trent's avatar
Rod_Trent
Icon for Microsoft rankMicrosoft
Dec 08, 2022

Hi pecific147 

 

It might be the actual number of Incidents that are the problem versus the time range. Let me do some digging around here to find out.

 

I understand those Incidents existing in the workspace can be annoying, but they will expire from the workspace based on your retention setting.

 

 

pecific147's avatar
pecific147
Copper Contributor
Dec 13, 2022
Hi Rod_Trent,

Did you find anything,?
Workspace retention is 365 days, so waiting for retention to expire won't work.

Resources