Forum Discussion
How to close sentinel incidents using PS
Hi Team, Few days back, i have enabled default Analytics rules related to Azure Key Vault(AKV). After that i was hit with many incidents(approx 10K) got triggered related AKV. Now i want bulk clo...
Better late than never on this question...
There is now a really nice suite of powershell commands for Azure Sentinel.
Check this out:
https://www.pkm-technology.com/page/2/
https://www.powershellgallery.com/packages/AzSentinel/0.6.2
And to answer your question you could do a simple loop like this:
888..934| % {Update-AzSentinelIncident -WorkspaceName "<workspace name>" -CaseNumber $_ -Status Closed}
In the above example I'm closing incidents with case numbers 888 to 934.