jonod8698
commented
2 years ago @acd84 I created a PR to correct this.
Without delving too much into the script, I think the $alertName variable on line 216 is mistakenly not defined.
Closed acd84 closed 2 years ago
jonod8698
commented
2 years ago @acd84 I created a PR to correct this.
Without delving too much into the script, I think the $alertName variable on line 216 is mistakenly not defined.
sreedharande
commented
2 years ago @acd84 - Issue has been resolved with @jonod8698 PR
When importing the exported analytics rules file, it does not import correctly because the "id" field is not complete: it lacks the proper analytics ID number after "/alertRules/":
Example of exported analytics rule:
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/')]", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/823742b8-ea31-411e-816b-c0d9cd849cca')]", "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",I think there's an error when asking for the $alertName at the code:
$WorkspaceArtifact.id = "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/$($alertName)')]" $WorkspaceArtifact | Add-Member -NotePropertyName "apiVersion" -NotePropertyValue "2021-09-01-preview" -ForceAdding manually the ID number to the exported json file it works when importing:
"id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/d6932371-374b-43ff-b40e-781950eb871c')]", "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/d6932371-374b-43ff-b40e-781950eb871c')]", "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules",¿Could you check? Also, this is an awesome tool. Thank you for the effort and hope not to ask a silly thing.