Microsoft XDR (Defender) - How to export - Advanced Hunting - Custom Detection Rules

viri4to 10 Reputation points
2024-11-07T15:08:58.0766667+00:00

Hello everyone,

Our team is trying to export the Custom Detection Rules. We have more than 50 rules, so we need an automated process that allows us to export and import the rules.

Currently, we see that the API function that allows this is still in beta: https://learn.microsoft.com/es-es/graph/api/security-detectionrule-get?view=graph-rest-beta&tabs=http.

We would also like to have version control for these rules. The idea would be to export them, upload them to a version control repository, and be able to sync the rules from there for different Microsoft XDR tenants. This would be similar to what exists with Analytics rules in Sentinel, which can be deployed through GitHub or Azure DevOps.

Any idea how we could achieve this without using the beta version of Graph or if there are plans for the API to launch stable versions?

thx

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,634 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,961 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,874 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.