Forum Discussion
Solved
How to sync automation rules from Github to Sentinel
Hi, As for the analytics rule synced from Github to Sentinel, we could just simply export the rules and import it to github. However, I am not able to export the automation rules to json file and...
- Have you looked at using a MS Sentinel repository to push all the rules (I am guessing you when you say repo you mean a Github repo and not MS Sentinel repository).
BTW, I wrote some PowerShell scripts to extract automation rules and a blog post about it. https://www.garybushey.com/2022/05/08/get-or-export-microsoft-sentinel-automation-rules/
Hi Gary,Thanks for your prompt reply.
Actually what we want to do is to use repo in github to deploy and maintain the analytic rules and automation rules attached. It is easy for analytic rules but difficult for automation rules.
We only have few playbooks like creating ticket but we will applied it to each analytics rule. So we wanna see if there is any approach to do so.
Actually what we want to do is to use repo in github to deploy and maintain the analytic rules and automation rules attached. It is easy for analytic rules but difficult for automation rules.
We only have few playbooks like creating ticket but we will applied it to each analytics rule. So we wanna see if there is any approach to do so.
Have you looked at using a MS Sentinel repository to push all the rules (I am guessing you when you say repo you mean a Github repo and not MS Sentinel repository).
BTW, I wrote some PowerShell scripts to extract automation rules and a blog post about it. https://www.garybushey.com/2022/05/08/get-or-export-microsoft-sentinel-automation-rules/
BTW, I wrote some PowerShell scripts to extract automation rules and a blog post about it. https://www.garybushey.com/2022/05/08/get-or-export-microsoft-sentinel-automation-rules/
- Hi Gary,
This is a helpful documents to export the config. As tested, i still need to modify the format of the output to meet the requirement of the syntax so that I could create the new automation rule with this approach.
Really thanks for your reply.- I'd be interested in hearing what changes you needed to make so I can make them to the PowerShell script.
HiGaryBushey , the exported automation rule started directly from the 'resources' section and also didn't had some other important attributes like 'apiVersion', 'kind' etc. The type was Microsoft.SecurityInsights/AutomationRules which was not getting recognized and had to be replaced with Microsoft.OperationalInsights/workspaces/providers/automationRules.
Not sure if I'm missing any latest way to export automation rules here!
