cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to close sentinel bulk incidents

semub1122
Occasional Contributor

‎May 31 2022 01:06 PM

‎May 31 2022 01:06 PM

How to close sentinel bulk incidents

I would like to know how we can close multiple incidents in bulk using KQL query or any other tested option. Appreciate quick response. 

Labels:
898 Views
0 Likes
4 Replies
Reply
4 Replies
rodtrent

‎May 31 2022 02:29 PM - edited ‎Jan 24 2023 07:24 AM

‎May 31 2022 02:29 PM - edited ‎Jan 24 2023 07:24 AM

Re: How to close sentinel bulk incidents

See if the following helps: https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Update-BulkIncidents

0 Likes
Reply
Gary Bushey

‎Jun 01 2022 03:57 AM

‎Jun 01 2022 03:57 AM

Re: How to close sentinel bulk incidents

The "Actions" button in the Incidents page in the portal will allow you to do this.
0 Likes
Reply
sachu245

‎Jan 24 2023 07:19 AM

‎Jan 24 2023 07:19 AM

Re: How to close sentinel bulk incidents

not able to access the above link
0 Likes
Reply
rodtrent

‎Jan 24 2023 07:24 AM

‎Jan 24 2023 07:24 AM

Re: How to close sentinel bulk incidents

Updated the link.
0 Likes
Reply