May 23 2022 01:12 PM
The Repositories feature in Microsoft Sentinel is a popular way to deploy uniform content using a CI/CD pipeline to a single or to multiple Sentinel workspaces.
The default for Analytics Rules is to deploy into the workspace as disabled. But many organizations prefer to deliver the updated or new content as ready to go and enabled already.
You can accomplish this by modifying the deployment file (.json) so that each Analytics Rule section is enabled. Just alter the enabled value from ‘false’ to ‘true’.