-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: Optimise Rule checking in Import-AzSentinelAlertRule #74
Comments
hi @MathiasVandePol thanks for the great feedback and sorry for late response! Just updated the import function to first get all the rules instead of in the for each loop. Great performance boost. The second point is an interesting idea, I haven't thought about it before and haven't heard it before from the community. So basically you would like to have a flag for skipping the whole playbook configuration for the rules, is that correct? |
Thanks for the reply. Yes indeed! |
Summary of the new feature/enhancement
I want to use this commandlet to import a couple of hundred rules from one workspace to another.
A second optimisation is to not fetch the alertruleaction (playbookname) for that rule if we simply want to know if the rule exists or not.
I see that in a later phase, that fetched playbookname of that alertruleaction is used to verify if a rule has changed playbookname. It might be useful to provide a flag 'UpdatePlaybooks' to either enable or disable this feature as we use separate AlertAction files to enable a certain playbook for a certain customer, meaning that we do not care about playbooks while importing a set of new rules.
The text was updated successfully, but these errors were encountered: