Azure Defender helps organizations be more secure by providing dedicated security analytics for a variety of workloads. Once you’ve enabled Azure Defender for the workload you need, you will receive alerts based on the analytics that were created to detects threats for the type of workload you selected. To ensure security alerts meet your organization’s specific requirements, you can create suppression rule(s) to fine tune alerts. Each suppression rule has an expiration date, which can be altered either through the Azure portal or REST API.
The purpose of this article is to highlight an automation, which has been developed and that can be leveraged by organizations to automatically extend the expiration date of all enabled suppression rules that are about to expire. This automation has been published toAzure Security Center GitHub repository– from where it can be deployed directly to your environment, through the provided ARM template.