Bulk Closure of old Incidents via PowerShell

Hey guys. Thanks pecific147 for your initial starting point and vezgeta for PS frame which I stole with pride.

I took it and polished it and now it takes away, with time, some tens of thousands of alerts.

First, longer has some error maneuvering that is needed if you go beyond 10k.

Latter is to kill just some thousands. Note that you need to change the -Severity Informational to High/Medium/Low/Informational depending which category you are closing.

# Set your parameters once up-front
$rg  = "Your_rg_here"
$ws  = "Your-workspace-here"
$sub = "yoursubscriptionidgoeshere"

Get-AzSentinelIncident -ResourceGroupName "$rg" -WorkspaceName "$ws" |
Where-Object { $_.Status -eq "New" } |
ForEach-Object {
    try {
        Update-AzSentinelIncident -Id $_.Name -ResourceGroupName "$rg" -WorkspaceName "$ws" -SubscriptionId "$sub" -Status Closed -Confirm:$false -Severity Informational -Classification Undetermined -Title $_.Title
    } catch {
        Write-Host "Failed to update incident $($_.Name). Skipping." -ForegroundColor Red
    }
    Start-Sleep -Milliseconds 200
}

------------------------------------------------------------

#Get-AzSentinelIncident -ResourceGroupName "$rg" -WorkspaceName "$ws" | Where-Object {$_.Status -eq "New"} | ForEach-Object {Update-AzSentinelIncident -Id $_.Name -ResourceGroupName "$rg" -WorkspaceName "$ws" -SubscriptionId "$sub" -Status Closed -Confirm:$false -Severity Low -Classification Undetermined -Title $_.title}

----------------------------------------------------------------

Even this is late reply I hope this helps someone else.

Gary