Update-AZSentinelIncident doesn't allow updating of older incidents

[bram-boer]

I'm cleaning up old incidents in my Sentinel environment; as it has alot of invalid incidents now i want to do this more efficient than through the GUI. using Get-AZSentinelIncident I already ran into the issue that it didn't show all incidents in the environment; it seems capped at last 200. circumventing this using the -All switch combined with -CaseNumber this solved my problem. however when i wanted then to update these ticket to actually close them i ran into the issue that the Update-AzSentinelIncident doesn't accept piping your incident number through, but that can be overcome, however then i noticed that UpdateAzSentinelIncident function actually performs a Get-AzSentinelIncident within its function; without the -All switch therefore limiting its affect again to the max 200 latest incidents.

this seems very unwanted behavior to me when working with incidents programmatically. i would like to perform my own filters instead of being limited by the function.

[pkhabazi]

Hi @BubbaNL thanks for the feedback, I will update the function to also include -All switch