Forum Discussion

Brass Contributor

Jan 18, 2021

Solved

How to mass apply a playbook to all analytic rules at once?

Hi, Can anyone help me if we have any feature to mass apply any playbook to all analytic rules. When I searched for the same, I found this https://feedback.azure.com/forums/920458-azure-sentinel/sugg...

Javier-Soriano
Jan 18, 2021
HIprintscreen , yes, that option is in preview under a new feature called automation rules. You can sign up for the Sentinel private preview program here: http://aka.ms/securityprp

Regards

Javier-Soriano

Microsoft

Jan 22, 2021

printscreen Yes, it should be possible using Powershell, but you would need to write a script for that (can't do it with a single command). The script could get read the rules in the file one by one and then use Update-AzSentinelAlertRule.

You can also use the "Automation Rules" feature that is currently in private preview.

Regards

mattburrough

MCT

Jun 21, 2021

I needed to bulk apply a playbook to all of my rules recently, so I wrote a PS script as Javier suggested. You can find it on my blog or on GitHub.

-Matt

Javier-Soriano
Microsoft
Jun 22, 2021
Nice!!