Forum Discussion
Issue while deploying Sentienl Rules
I know that when deleting a Sentinel rule, you need to wait a specific amount of time before it can be redeployed. However, in this tenant, we've been waiting for almost a month and are still getting the same deployment error ('was recently deleted. You need to allow some time before re-using the same ID. Please try again later. Click here for details'). I still want to use the same ID ect. Does anyone have any idea or similar issue why it's still not possible after waiting for about a month?
Hi StefanHartmann1
I've seen this in instances where there are still traces relating to that original ID, not allowing overwriting.
Note that the ID is the Name, you can use this PS query below to see the state of the rule:
Get-AzSentinelAlertRule -ResourceGroupName <RG-Name> -WorkspaceName <LogAnalytics-Name> `
| where Name -eq "<Rule-ID>"And the equivalent removal PS: Remove-AzSentinelAlertRule (Az.SecurityInsights) | Microsoft Learn
Outside of that you will have three options:- If the same GUID is not explicitly required, deploy the rule under a new ID.
- Raise a Microsoft support case
- Continue waiting.
Feel free to reply if you have any issues!
