SOLVED

Exporting Sentinel Analytics Rules on a Schedule

%3CLINGO-SUB%20id%3D%22lingo-sub-3294576%22%20slang%3D%22en-US%22%3EExporting%20Sentinel%20Analytics%20Rules%20on%20a%20Schedule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294576%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20come%20up%20with%20a%20method%20for%20automatically%20exporting%20analytics%20rules%20in%20an%20environment%20on%20a%20schedule%3F%20I%20understand%20that%20it's%20possible%20to%20do%20it%20through%20the%20GUI%20manually.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20powershell%20script%20that%20can%20be%20executed%20to%20grab%20them%20all%20in%20JSON%3F%20Curious%20what%20others%20have%20done%2Fare%20doing%20in%20this%20space.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3294576%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAlerts%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAPIs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAutomation%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3295130%22%20slang%3D%22es-ES%22%3ERe%3A%20Exporting%20Sentinel%20Analytics%20Rules%20on%20a%20Schedule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3295130%22%20slang%3D%22es-ES%22%3EHi%20%40Regan%2CI%3CBR%20%2F%3E%3CBR%20%2F%3E've%20posted%20an%20article%20about%20this%20with%20a%20script%20here%20I%20leave%20the%20link%2C%20if%20you%20can't%20see%20it%20contact%20me%20privately%20and%20I'll%20help%20you.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-sentinel-blog%2Fazure-sentinel-import-alerts-with-powershell%2Fba-p%2F3269113%22%20target%3D%22_blank%22%3E%20https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-sentinel-blog%2Fazure-sentinel-import-alerts-with-powershell%2Fba-p%2F3269113%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%20Best%20regards%20%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3300958%22%20slang%3D%22en-US%22%3ERe%3A%20Exporting%20Sentinel%20Analytics%20Rules%20on%20a%20Schedule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3300958%22%20slang%3D%22en-US%22%3ECheers%2C%20I'll%20have%20a%20look.%20Do%20you%20have%20a%20github%20repo%20for%20this%20anywhere%3F%20I'll%20try%20modifying%20it%20so%20it%20can%20be%20run%20off%20a%20CI%20pipeline%20to%20keep%20a%20Sentinel-As-Code%20Git%20repo%20up%20to%20date.%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi all,

 

Has anyone come up with a method for automatically exporting analytics rules in an environment on a schedule? I understand that it's possible to do it through the GUI manually.

 

Is there a powershell script that can be executed to grab them all in JSON? Curious what others have done/are doing in this space. 

3 Replies
best response confirmed by ReganDangerCarey (Occasional Contributor)
Solution
Hi @Regan,

I've posted an article about this with a script here I leave the link, if you can't see it contact me privately and I'll help you.

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-import-alerts-with-pow...

Best regards
Cheers, I'll have a look. Do you have a github repo for this anywhere? I'll try modifying it so it can be run off a CI pipeline to keep a Sentinel-As-Code Git repo up to date.
Hi Regan,

Recently i forked a Github Repository for uploaded Sentinel Use cases and other topics related.