SOLVED

Exporting Sentinel Analytics Rules on a Schedule

Occasional Contributor

Hi all,

 

Has anyone come up with a method for automatically exporting analytics rules in an environment on a schedule? I understand that it's possible to do it through the GUI manually.

 

Is there a powershell script that can be executed to grab them all in JSON? Curious what others have done/are doing in this space. 

3 Replies
best response confirmed by ReganDangerCarey (Occasional Contributor)
Solution
Hi @Regan,

I've posted an article about this with a script here I leave the link, if you can't see it contact me privately and I'll help you.

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-import-alerts-with-pow...

Best regards
Cheers, I'll have a look. Do you have a github repo for this anywhere? I'll try modifying it so it can be run off a CI pipeline to keep a Sentinel-As-Code Git repo up to date.
Hi Regan,

Recently i forked a Github Repository for uploaded Sentinel Use cases and other topics related.