How to close sentinel bulk incidents

vezgeta 

Query to bulk delete incidents and close incident from Azure Cloud Shell console by Title name:

Make sure to have a role https://learn.microsoft.com/en-us/azure/sentinel/roles to run this query in your subscription

First open PowerShell as administrator and install Az PowerShell module:
Install-Module -Name Az -Repository PSGallery
Then Install Az.SecurityInsights module:
Install-Module -Name Az.SecurityInsights
Login to AZ with PowerShell:
Connect-AzAccount
Run this command to close incidents (replace XXXX with needed information):

Query to DELETE incidents by Title:

Get-AzSentinelIncident -ResourceGroupName "XXXX" -workspaceName "XXXX" | Where-Object {$_.Title -eq "YOUR_TITLE_HERE"} | ForEach-Object { Remove-AzSentinelIncident -PassThru -ResourceGroupName "XXXX" -WorkspaceName "XXXX" -id $_.Name}

Query to bulk CLOSE incidents by Title:

Get-AzSentinelIncident -ResourceGroupName "XXXX" -workspaceName "XXXX" | Where-Object {$_.Title -eq "YOUR_TITLE_HERE"} | ForEach-Object {Update-AzSentinelIncident -Id $_.Name -ResourceGroupName "XXXX" -WorkspaceName "XXXX" -SubscriptionId "XXXX" -Status Closed -Confirm:$false -Severity Medium -Classification Undetermined -Title $_.title}

These operations can take a long time, so it recommended running them in the background by using "&" at the end of the query and run the query 3-5 times, so the speed to close/delete incidents will be 3-5 times faster.

You can check the progress of each task by Get-Jobs