There’s a few PowerShell options out there (including the official module) to help automate content and collateral deployment to your Azure Sentinel workspace. But, this latest one from Jan Geisbauer is highly recommended.
Jan notified me about this late last week, and after some testing, I can say it’s a very worthwhile PowerShell module to have.
Jan’s original blog post announcement about this new module is here: Alertrule from github to Azure sentinel | (emptydc.com)
The PowerShell module offers a couple of options for automating Analytics Rule deployment.
- Deploy a single Analytics Rule
- Deploy multiple Analytics Rules
The examples Jan uses in his steps to use his module, pull the Analytics Rules from the official Azure Sentinel GitHub repository. But, when using the multiple rule option, consider using your own GitHub repo with your hand-selected .yaml rules for deploying a custom environment.
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]