Update-AZSentinelIncident doesn't allow updating of older incidents #172
Assignees
Labels
Comments
|
Hi @BubbaNL thanks for the feedback, I will update the function to also include -All switch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm cleaning up old incidents in my Sentinel environment; as it has alot of invalid incidents now i want to do this more efficient than through the GUI.
using Get-AZSentinelIncident I already ran into the issue that it didn't show all incidents in the environment; it seems capped at last 200. circumventing this using the -All switch combined with -CaseNumber this solved my problem.
however when i wanted then to update these ticket to actually close them i ran into the issue that the Update-AzSentinelIncident doesn't accept piping your incident number through, but that can be overcome, however then i noticed that UpdateAzSentinelIncident function actually performs a Get-AzSentinelIncident within its function; without the -All switch therefore limiting its affect again to the max 200 latest incidents.
this seems very unwanted behavior to me when working with incidents programmatically. i would like to perform my own filters instead of being limited by the function.
The text was updated successfully, but these errors were encountered: