Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

How do you update analytic rules with Az.Securityinsights Powershell module and ARM templates

Copper Contributor

I have read all commands from the PowerShell module Az.SecurityInsights but I can't find anyone taking ARM-template or Json file as argument.

I think there are non-official PowerShell modules that have this feature, but they are 3 years old, and I want to use the official stuff.

 

I have created ARM-templates that works in the import feature in the GUI but now we want to do this with code.

 

In the following page there is a statement that say that its possible to manage rules with Powershell:

 

"To automate rule enablement, push rules to Microsoft Sentinel via API  and PowerShell , although doing so requires additional effort. When using API or PowerShell, you must first export the rules to JSON before enabling the rules. API or PowerShell may be helpful when enabling rules in multiple instances of Microsoft Sentinel with identical settings in each instance."
https://learn.microsoft.com/en-us/azure/sentinel/create-analytics-rules?tabs=azure-portal

0 Replies