This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 70%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJY%3C/text%3E%3C/svg%3E)
We are using Azure DevOps (terraform + ARM) to manage our sentinel instances. I realized that one aspect of doing an automated deploy of a scheduled analytics entityMapping isn't supported. There doesn't seem to be a way to set the entityMapping fields. I am aware that entityMapping is still on preview, but would this feature be supported via API? Is there an estimated timeline?
There doesn’t seem to be support from the docs.
https://learn.microsoft.com/en-us/rest/api/securityinsights/alert-rules/create-or-update#scheduledalertrule
https://learn.microsoft.com/en-us/powershell/module/az.securityinsights/new-azsentinelalertrule?view=azps-6.6.0
You can see using the compare with template feature, that is the major difference between the template and what we have deployed.
@Jun Yamog
I just wanted to check in and see if you had any other questions or if @Alistair Ross 's answer helped resolve your issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
As this feature is still in preview, documentation may not be available or fully available until GA. However the preview APIs examples can be found on GitHub
Also you can export the ARM templates from the portal, with the entity mappings, (See below)
Thanks this is good to know the API will eventually have support. I will try to investigate further on a private preview subscription. Any idea when will the entityMapping be in GA? note: the GitHub link has an extra char on the end.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 2%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
This article provides a script to create new analytics rule with details (entity mapping, custom detail and incident grouping configuration) https://azsec.azurewebsites.net/2021/11/28/create-an-alert-with-custom-entity-mapping-using-microsoft-sentinel-rest-api/