Removing 100k+ threat indicators in Azure Sentinel - 50 at a time

When importing a threat feed with a considerable amount of data in it, someone on the team forgot to set the expiry date. No expiry date = no expiry… For reasons I don’t understand, there’s no way to do mass deletion in the Azure Portal. So I had to resort to modifying my incident-closure-script in order to fix this blooper.

July 6, 2022 · 2 min

Closing 28k incidents in Azure Sentinel - 50 at a time

For reasons I had about 28k incidents I needed to close in Azure Sentinel, and the interface will only allow me to bulk close 50 at a time. What to do?

April 8, 2022 · 4 min