Nov 30 2022 06:55 AM
Hello! Trying import analytic rules to sentinel using repository and azure devops as source. If I manually export trough gui it is working. Pipeline and everything. Issue is if I export it using powershell with Get-AzSentinelAlertRule or with api and converting it to json the fun stops.
Creating repository "connections" from sentinel creates a default ps1 script (azure-sentinel-deploy-XXXX) where I suspect the mismatch is happening.
it failes with the error: "The file contains resources for content that was not selected for deployment". (yes I have selcted analytic rules in the options when connecting to repository)
Clearly I am doing something wrong in the converting to json and missing something that identify the json as an analytic rule. If I manually try to import it with gui, nothing happens
So, is there someone out there that has managed to create an export to json using powershell/api that works with import/repository in azuredevops
Dec 01 2022 05:42 AM
Dec 01 2022 12:30 PM