Hi All, 

We are deploying MDE custom detections to a new site via pipeline and some scripts using the API. 

But since we are deploying and enabling the rules in groups, their last/next run are all the same in the group (especially for the ones with 12hrs/24hrs periods)

For now, only way I could find for changing the running start time is running the rule manually. 

Is there a better way/API endpoint to run/change the periodic run time of the rules? If yes, with a script I can better disperse the rule periodic run times throughout the day. 

Thanks in advance

Emin

​Hi All, We are deploying MDE custom detections to a new site via pipeline and some scripts using the API. But since we are deploying and enabling the rules in groups, their last/next run are all the same in the group (especially for the ones with 12hrs/24hrs periods)For now, only way I could find for changing the running start time is running the rule manually.  Is there a better way/API endpoint to run/change the periodic run time of the rules? If yes, with a script I can better disperse the rule periodic run times throughout the day. Thanks in advanceEmin  Read More

​