sentinel

When importing a threat feed with a considerable amount of data in it, someone on the team forgot to set the expiry date. No expiry date = no expiry… For reasons I don’t understand, there’s no way to do mass deletion in the Azure Portal. So I had to resort to modifying my incident-closure-script in order to fix this blooper.

For reasons I had about 28k incidents I needed to close in Azure Sentinel, and the interface will only allow me to bulk close 50 at a time. What to do?