Though I’ve used the Workspace Usage Report Workbook a hundred times or more, I’ve never quite identified this little treasure myself.
There’s a number of times that customers ask for a way to quickly get a list of their enabled Analytics Rules. There are ways of doing this using the API and PowerShell, but the Workspace Usage Report Workbook has the capability if you know where to look.
In the Workbook, jump over to the Regular Checks (D/W/M) tab and then the Weekly tab below.
Once there, traverse down the page of content to the Active Rules via Rest API module. Over to the right there’s a download arrow. Click it to download a .csv file containing the results.
Alternatively, you can also download a list of all the Analytics Rule templates using the Rule Templates via Rest API module.
The list looks like the following:
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]