Sentinel Analytic Rule Update differs from Template pulled from HTTP

Copper Contributor

I have been working on a way to update specific Analytic rules using a Logic app that makes a HTTP GET request to: 

https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/provi...

 

When I run the GET request, it pulls the template I need, however the version of the rule shows an older version than the one shown in Sentinel when trying to update manually. 

 

For example, when I look at the rule "Authentication Methods Changed for Privileged Account" on Sentinel, it shows that the latest version is 1.0.9: 

Stephen_Havrilla_0-1716233124204.png

 

When I run the API request for the same rule, the version shows 1.0.8:

 

Stephen_Havrilla_1-1716233124208.png

 

So, is there a different API call that I can make to get the same version of the rule that Sentinel is referencing or is there something I can add to the GET request to pull the most recent version?

0 Replies