Forum Discussion

Pavan_Gelli1910's avatar
Pavan_Gelli1910
Brass Contributor
Jan 03, 2020

How to close sentinel incidents using PS

Hi Team,   Few days back, i have enabled default Analytics rules related to Azure Key Vault(AKV). After that i was hit with many incidents(approx 10K) got triggered related AKV. Now i want bulk clo...
DTracey's avatar
DTracey
Copper Contributor
Sep 23, 2021

Pavan_Gelli1910 

 

get-AzSentinelIncident -WorkspaceName <"Workspace Name"> | ForEach-Object {update-AzSentinelIncident -WorkspaceName <"Workspace Name"> l -CaseNumber $_.CaseNumber -Status Closed -CloseReason FalsePositive -Confirm:$false}

Resources