Forum Discussion

securityxpert1122

Copper Contributor

May 31, 2022

How to close sentinel bulk incidents

I would like to know how we can close multiple incidents in bulk using KQL query or any other tested option. Appreciate quick response.

Icon for Microsoft rank

Microsoft

May 31, 2022

See if the following helps: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Update-BulkIncidents

Copper Contributor

Jan 24, 2023

not able to access the above link

Rod_Trent
Microsoft
Jan 24, 2023
Updated the link.
- abdul1998
  Copper Contributor
  Feb 09, 2023
  not able to access the link..if you paste the query here..it will be useful

Resources