New Blog Post | Deploying Microsoft Sentinel Analytics Rules that are Already Enabled

 

Deploying Microsoft Sentinel Analytics Rules that are Already Enabled - Azure Cloud & AI Domain Blog (azurecloudai.blog)

The Repositories feature in Microsoft Sentinel is a popular way to deploy uniform content using a CI/CD pipeline to a single or to multiple Sentinel workspaces.

 

The default for Analytics Rules is to deploy into the workspace as disabled. But many organizations prefer to deliver the updated or new content as ready to go and enabled already.

 

You can accomplish this by modifying the deployment file (.json) so that each Analytics Rule section is enabled. Just alter the enabled value from ‘false’ to ‘true’.

 

Original Post: New Blog Post | Deploying Microsoft Sentinel Analytics Rules that are Already Enabled - Microsoft Tech Community