Forum Discussion
BaselFawal
Apr 19, 2023Brass Contributor
Analytic Rules are not Deployed as part of a solution from Content Hub
I am trying to deploy "Azure Active Directory" solution from Content hub,
non of the 59 Analytic rules that are part of the solution is deployed.
The deployment is showing success and all the components are showing "created"
But in Sentinel Analytic rules non is created, only the connectors and two workbooks, but no Analytic rules.
Any idea why the analytic rules are not deployed as part of the solution?
When I look into the resource group , where the solution is deployed, I saw some template objects as in the screen shot
- Correct, the solution will only deploy the Analytic rule *templates*. You will still need to go in and create the rules from the templates, like you have done. There are some issues with creating the rules directly when the solution is deployed, including the fact that the tables the data connector stores it data into and that the rules use, does not yet exist.
- GBusheyMicrosoftIt is only the rule templates that are being created, you will still need to create the rules from the templates.
- BaselFawalBrass ContributorThanks Gary,
Sorry if I can ask how to create the rules from templates, when I try to deploy those template spec items that are in the resource group (shown in the above screen shot) I got a deployment failed.
However I can go to the sentinel interface and I can create the Analytic rules, but this is similar to the old way , for example I don't seem find a way to select all the Analytic rules in the Solution and deploy.
So far the solution only deploys the connector, doesn't deploy any analytic rule or playbooks.
it would be easier if I can select all the Analytic rules in the solution and deploy.
Thank you so much- GBusheyMicrosoftCorrect, the solution will only deploy the Analytic rule *templates*. You will still need to go in and create the rules from the templates, like you have done. There are some issues with creating the rules directly when the solution is deployed, including the fact that the tables the data connector stores it data into and that the rules use, does not yet exist.