Sentinel Analytic Rule Update differs from Template pulled from HTTP

Copper Contributor

I have been working on a way to update specific Analytic rules using a Logic app that makes a HTTP GET request to:{subscriptionId}/resourceGroups/{resourceGroupName}/provi...


When I run the GET request, it pulls the template I need, however the version of the rule shows an older version than the one shown in Sentinel when trying to update manually. 


For example, when I look at the rule "Authentication Methods Changed for Privileged Account" on Sentinel, it shows that the latest version is 1.0.9: 



When I run the API request for the same rule, the version shows 1.0.8:




So, is there a different API call that I can make to get the same version of the rule that Sentinel is referencing or is there something I can add to the GET request to pull the most recent version?

0 Replies