Closed jonod8698 closed 2 years ago
"id" field is missing rule id.
For example:
Expected Output: "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/1aed72d9-70c8-43b5-94e6-eeedc2974478')]"
"[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/1aed72d9-70c8-43b5-94e6-eeedc2974478')]"
Actual output: "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/)]"
"[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/)]"
Small tweak. Imports into sentinel without issues now.
@jonod8698 - Thanks for fix
"id" field is missing rule id.
For example:
Expected Output:
"[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/1aed72d9-70c8-43b5-94e6-eeedc2974478')]"
Actual output:
"[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/)]"
Small tweak. Imports into sentinel without issues now.