Wouldn’t it be super nice if – in the Microsoft Sentinel UI – that you could multi-select Analytics Rules templates to enable and just hit a “Enable All” button? I swear this has been a common customer ask for a couple years now.
The idea is that when you stand-up Microsoft Sentinel for the first time (or subsequent times on a new workspace) and enable the Data Connectors you want, you can’t just enable all the rules applicable to that Data Connector. You have to choose each one individually and enable them one at a time. Well, that is severely time consuming.
Well, let’s get serious about this one. If this is something you’d like to see, there’s a User Voice suggestion where you can vote and then help drive awareness by letting others know about it. Drop out to the following link and vote and share…
Enable multiple analytics rules in the GUI: https://cda.ms/4mP
Together we can drive this one across the finish line.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]
