OK…to start, I admit that I stole this thought directly from my buddy Clive Watson. He expertly responded (as always) to a recent thread with this solution.
Though I’ve used the Workspace Usage Report Workbook a hundred times or more, I’ve never quite identified this little treasure myself. So, its awesome that Clive exposed this. I love learning new things. Of course, it helps that Clive is the inventor/creator of this Workbook.
So, there’s a number of times that customers ask for a way to quickly get a list of their enabled Analytics Rules. There’s ways of doing this using the API and PowerShell, but the Workspace Usage Report Workbook has the capability if you know where to look.
In the Workbook, jump over to the Regular Checks (D/W/M) tab and then the Weekly tab below.
Once there, traverse down the page of content to the Active Rules via Rest API module. Over to the right there’s a download arrow. Click it to download a .csv file containing the results.
Alternatively, you can also download a list of all the Analytics Rule templates using the Rule Templates via Rest API module.
The list looks like the following:
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]