stayingahead
commented
2 years ago I'm also trying to sync back automation rules that were exported via Sentinel as code but getting the following error: Warning: Failed to deploy Automation rules\SeniorTeamEscalation.automationrules.rule.json with error: 1:11:34 PM - Error: Code=InvalidTemplate; Message=Deployment template validation failed: 'The template resource '[concat(parameters('workspace'),'/Microsoft.SecurityInsights/946ace38-8af3-44e2-a2e3-400c99b00a0e')]' is not valid. Both api-version property at line '15' and column '9' and api-profile property for the template cannot be null or empty. Either explicitly specify the api-version for the resource or specify the api-profile for the template. Please see https://aka.ms/arm-template/#resources for usage details.'.
Maybe this is because they need to go through a similar sanitizing process like the Generate ARM template script provides. Might need to look at doing that manually for now, I'm guessing.
KentuckyMike
When trying to export automation rules, it works. But when I try to import it, it fails stating:
{"code":"InvalidTemplate","message":"Deployment template validation failed: 'The template resource '[concat(parameters('workspace'),'/Microsoft.SecurityInsights/bb379db8-7c8c-48b3-83f5-81a50fa46753')]' is not valid. Both api-version property at line '24' and column '9' and api-profile property for the template cannot be null or empty. Either explicitly specify the api-version for the resource or specify the api-profile for the template. Please see https://aka.ms/arm-template/#resources for usage details.'."}I have create an ARM template myself manually which I linked below. This shows a difference between what is working for me and what the export provides.
AutomationRule Working.txt exportedRule.txt