f-bader
commented
1 year ago - Add support for NRT rules
- BUG: 🐛 Because fulltext search and replace was used some property and parts of KQL queries were wrongfully converted
Closed f-bader closed 1 year ago
f-bader
commented
1 year ago 
Manbearpiet
commented
1 year ago Test and works on my machine.
Doing last checks
Manbearpiet
commented
1 year ago I tested with content exported from the content hub. Works great btw! It's the content hub representation of https://github.com/Azure/Azure-Sentinel/blob/571fab544f3f84387be4f7cc80b433ce42936660/Solutions/Azure%20Active%20Directory/Analytic%20Rules/NRT_ADFSDomainTrustMods.yaml
The id property does seem to differ, is this intentional? After download and conversion:
id: 4a4364e4-bd26-46f6-a040-ab14860275f8in Azure-Sentinel repo:
id: 8540c842-5bbc-4a24-9fb2-a836c0e55a51