Oct 30 2020 08:52 AM
Hi All
I am sure this is a simple issue - I am just wanting to export all the rules from the analytics workspace in Sentinel (disabled / Enabled) into a platform to enable me to monitor the rules, update and amend accordingly. is there a way to export the rules in analytics. I have seen a few examples of exporting a rule from logs but essentially this isnt going to work for me. tks in advance
Oct 30 2020 09:05 AM
@wootts You can do so using the Azure Sentinel REST API. I wrote some blog posts about how to do that at https://www.garybushey.com
Oct 30 2020 09:25 AM
@wootts There's also a PowerShell module:
https://github.com/wortell/AZSentinel/tree/master/AzSentinel