Forum Discussion
Update content package Metadata
Hello Sentinel community and Microsoft. Ive been working on a script where i use this command: https://learn.microsoft.com/en-us/rest/api/securityinsights/content-package/install?view=rest-security...
As you have stated, that API doesn't work completely (not really sure why it is there). If you watch what MS Sentinel does when a solution is deployed, it uses "/subscriptions/$($SubscriptionId)/resourcegroups/$($ResourceGroup)/providers/Microsoft.Resources/deployments/" + the deployment name.
Take a look at the All-In-One V2's PowerShell script to see how we used this command to deploy the selected solutions: Azure-Sentinel/Tools/Sentinel-All-In-One/v2 at master · Azure/Azure-Sentinel
Thanks Gary. Im going to check that out indeed!
I worked around mine yesterday by installing manually through the portal (gui). then extracting (get/list) all the content packages and content templates. But that results in a massive static list (i want to just manage the package to be honest and then just install everything within as it can be only hunting rules, analytic rules or other stuff). dosent matter if its installed in content hub, as long as its not deployed). That would have ment that if i do a new deployment, it always get everything latest. rather then have a static massive list to curate. What actually get deployed however, that is managed through devops and is indeed a very curated list (connectors, analytic rules, workbooks). But for content hub... man :D
Once again, thanks Gary.
