Email: helpdesk@telkomuniversity.ac.id

This Portal for internal use only!

All Categories

All Categories

Search

0 Wishlist

Cart

Categories
More Categories Less Categories

iconTicket Service Desk

All Categories

All Categories

Search

0 Wishlist

Cart

Menu
Home/Microsoft/Backing up Sentinel and the Security subscription

Backing up Sentinel and the Security subscription

/ 2024-10-05
Backing up Sentinel and the Security subscription
Microsoft

 

A lot of people ask about how Security Operations can effectively back up all of the Sentinel related objects.  One option is to use GitHub or Azure DevOps pipelines to get a daily backup.  I’ve been doing this for a very long time and it seems like a good forum to share that code.

The trick behind it has been to use PowerShell to derive the current API versions for Azure objects.  Once you do that, you can recursively download the whole subscription to a repo and then scripts can renerate reports using markdown and yaml.  I’ve been backing up my subscription reliably since 2021. 

The default project creates reports for all the Sentinel related elements.

Markdown lets the object reports be drilled down into…

 

And KQL is presented as YAML for readability.

 

 

It’s actually easy to deploy all the backedup JSON files through REST if needed but for most of us, being able to have readable KQL and Git History of changes in files is probably all we need.

This project is completely written in PowerShell with no compiled modules & anyone is freely welcome to it. 

I’ve written more about it here:

Daily Azure / Sentinel Backup (and Reporting) with GitHub

… and the source code and install documentation can be found here:
https://github.com/LaurieRhodes/PUBLIC-Subscription-Backup

I hope this is of use to the community! 🙂

Best Regards

Laurie

​ A lot of people ask about how Security Operations can effectively back up all of the Sentinel related objects.  One option is to use GitHub or Azure DevOps pipelines to get a daily backup.  I’ve been doing this for a very long time and it seems like a good forum to share that code.The trick behind it has been to use PowerShell to derive the current API versions for Azure objects.  Once you do that, you can recursively download the whole subscription to a repo and then scripts can renerate reports using markdown and yaml.  I’ve been backing up my subscription reliably since 2021. The default project creates reports for all the Sentinel related elements.Markdown lets the object reports be drilled down into… And KQL is presented as YAML for readability.  It’s actually easy to deploy all the backedup JSON files through REST if needed but for most of us, being able to have readable KQL and Git History of changes in files is probably all we need.This project is completely written in PowerShell with no compiled modules & anyone is freely welcome to it. I’ve written more about it here:Daily Azure / Sentinel Backup (and Reporting) with GitHub… and the source code and install documentation can be found here:https://github.com/LaurieRhodes/PUBLIC-Subscription-BackupI hope this is of use to the community! 🙂Best RegardsLaurie  Read More

Tags:

Related posts

Announcing the General Availability of Windows Server IoT 2025!
2024-11-05

Announcing the General Availability of Windows Server IoT 2025!

Power Automate to update columns for content stored in a document library
2024-11-05

Power Automate to update columns for content stored in a document library

America’s Partner Blog | Partners Make More Possible: Education
2024-11-05

America’s Partner Blog | Partners Make More Possible: Education

Leave a Reply

Your email address will not be published. Required fields are marked *

Adobe
Google for Education
IBM
Matlab
Microsoft
Wordpress
Visual Paradigm
Opensource

Portal Application Package Repository Telkom University, for internal use only, empower civitas academica in study and research.

Information

Contact Us

Copyright © Telkom University. All Rights Reserved. ch