![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 20%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
979 questions
Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking to remove a certain automation rule/automated response from a particular analytics rule.
Please do correct me if this is not the ask by responding in the comments section.
The automation rule could be triggered or removed for one or more analytics rule with following way:
- if you want the automation rule to take effect only on certain analytics rules, specify which ones by modifying the If Analytics rule name contains condition. (This condition will not be displayed if Microsoft Defender XDR is selected as the incident provider.)
Navigate to the Automation Rule blade > Choose the rule > Update the condition by unchecking the "Analytic rule name" you don't want this automation response to run with and leave rest of the "Analytic rule name".
The rule would disappear from automated response of unchecked analytic rule:
Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik