SecurityInsights.Autorest/internal/ProxyCmdletDefinitions.ps1
# ---------------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Code generated by Microsoft (R) AutoRest Code Generator.Changes may cause incorrect behavior and will be lost if the code # is regenerated. # ---------------------------------------------------------------------------------- <# .Synopsis Append tags to a threat intelligence indicator. .Description Append tags to a threat intelligence indicator. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/add-azsentinelthreatintelligenceindicatortag #> function Add-AzSentinelThreatIntelligenceIndicatorTag { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='AppendExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='AppendExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Threat intelligence indicator name field. ${Name}, [Parameter(ParameterSetName='AppendExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='AppendExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='AppendExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='AppendViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # List of tags to be appended. ${ThreatIntelligenceTag}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ AppendExpanded = 'Az.SecurityInsights.private\Add-AzSentinelThreatIntelligenceIndicatorTag_AppendExpanded'; AppendViaIdentityExpanded = 'Az.SecurityInsights.private\Add-AzSentinelThreatIntelligenceIndicatorTag_AppendViaIdentityExpanded'; } if (('AppendExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Connects a data connector. .Description Connects a data connector. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/connect-azsentineldataconnector #> function Connect-AzSentinelDataConnector { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='ConnectExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='ConnectExpanded', Mandatory)] [Alias('DataConnectorId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Connector ID ${Id}, [Parameter(ParameterSetName='ConnectExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='ConnectExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='ConnectExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='ConnectViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The API key of the audit server. ${ApiKey}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The authorization code used in OAuth 2.0 code flow to issue a token. ${AuthorizationCode}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The client id of the OAuth 2.0 application. ${ClientId}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The client secret of the OAuth 2.0 application. ${ClientSecret}, [Parameter()] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.ConnectAuthKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.ConnectAuthKind] # The authentication kind used to poll the data ${Kind}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The user password in the audit log server. ${Password}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAny[]] # . ${RequestConfigUserInputValue}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The user name in the audit log server. ${UserName}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ ConnectExpanded = 'Az.SecurityInsights.private\Connect-AzSentinelDataConnector_ConnectExpanded'; ConnectViaIdentityExpanded = 'Az.SecurityInsights.private\Connect-AzSentinelDataConnector_ConnectViaIdentityExpanded'; } if (('ConnectExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Disconnect a data connector. .Description Disconnect a data connector. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/disconnect-azsentineldataconnector #> function Disconnect-AzSentinelDataConnector { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Disconnect', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Disconnect', Mandatory)] [Alias('DataConnectorId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Connector ID ${Id}, [Parameter(ParameterSetName='Disconnect', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Disconnect')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Disconnect', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='DisconnectViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Disconnect = 'Az.SecurityInsights.private\Disconnect-AzSentinelDataConnector_Disconnect'; DisconnectViaIdentity = 'Az.SecurityInsights.private\Disconnect-AzSentinelDataConnector_DisconnectViaIdentity'; } if (('Disconnect') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Expand an bookmark .Description Expand an bookmark .Example {{ Add code here }} .Example {{ Add code here }} .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmarkExpandResponse .Link https://learn.microsoft.com/powershell/module/az.securityinsights/expand-azsentinelbookmark #> function Expand-AzSentinelBookmark { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmarkExpandResponse])] [CmdletBinding(DefaultParameterSetName='ExpandExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Alias('BookmarkId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Bookmark ID ${Id}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.DateTime] # The end date filter, so the only expansion results returned are before this date. ${EndTime}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The Id of the expansion to perform. ${ExpansionId}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.DateTime] # The start date filter, so the only expansion results returned are after this date. ${StartTime}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ ExpandExpanded = 'Az.SecurityInsights.private\Expand-AzSentinelBookmark_ExpandExpanded'; } if (('ExpandExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Expands an entity. .Description Expands an entity. .Example {{ Add code here }} .Example {{ Add code here }} .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityExpandResponse .Link https://learn.microsoft.com/powershell/module/az.securityinsights/expand-azsentinelentity #> function Expand-AzSentinelEntity { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityExpandResponse])] [CmdletBinding(DefaultParameterSetName='ExpandExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Alias('EntityId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # entity ID ${Id}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.DateTime] # The end date filter, so the only expansion results returned are before this date. ${EndTime}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The Id of the expansion to perform. ${ExpansionId}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.DateTime] # The start date filter, so the only expansion results returned are after this date. ${StartTime}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ ExpandExpanded = 'Az.SecurityInsights.private\Expand-AzSentinelEntity_ExpandExpanded'; } if (('ExpandExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Gets an office365 consent. .Description Gets an office365 consent. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IOfficeConsent .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/get-azsentinelofficeconsent #> function Get-AzSentinelOfficeConsent { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IOfficeConsent])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # consent ID ${ConsentId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Get')] [Parameter(ParameterSetName='List')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String[]] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Az.SecurityInsights.private\Get-AzSentinelOfficeConsent_Get'; GetViaIdentity = 'Az.SecurityInsights.private\Get-AzSentinelOfficeConsent_GetViaIdentity'; List = 'Az.SecurityInsights.private\Get-AzSentinelOfficeConsent_List'; } if (('Get', 'List') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Lists all operations available Azure Security Insights Resource Provider. .Description Lists all operations available Azure Security Insights Resource Provider. .Example {{ Add code here }} .Example {{ Add code here }} .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IOperation .Link https://learn.microsoft.com/powershell/module/az.securityinsights/get-azsentineloperation #> function Get-AzSentinelOperation { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IOperation])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ List = 'Az.SecurityInsights.private\Get-AzSentinelOperation_List'; } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Gets a list of repositories metadata. .Description Gets a list of repositories metadata. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.RepoType .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRepo .Link https://learn.microsoft.com/powershell/module/az.securityinsights/get-azsentinelsourcecontrolrepository #> function Get-AzSentinelSourceControlRepository { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRepo])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String[]] # The ID of the target subscription. ${SubscriptionId}, [Parameter(Mandatory, ValueFromPipeline)] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.RepoType])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.RepoType] # The type of repository. ${RepoType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ List = 'Az.SecurityInsights.private\Get-AzSentinelSourceControlRepository_List'; } if (('List') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the action of alert rule. .Description Creates or updates the action of alert rule. .Example $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myLogicAppResourceGroupName" -Name "myLogicAppPlaybookName" $LogicAppTriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "myLogicAppResourceGroupName" -Name $LogicAppResourceId.Name -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered" New-AzSentinelAlertRuleAction -ResourceGroupName "mySentinelResourceGroupName" -workspaceName "myWorkspaceName" -RuleId "48bbf86d-540b-4a7b-9fee-2bd7d810dbed" -LogicAppResourceId ($LogicAppResourceId.Id) -TriggerUri ($LogicAppTriggerUri.Value) -Id ((New-Guid).Guid) .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionRequest .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ACTION <IActionRequest>: Action for alert rule. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [LogicAppResourceId <String>]: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. [TriggerUri <String>]: Logic App Callback URL for this specific workflow. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentinelalertruleaction #> function New-AzSentinelAlertRuleAction { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse])] [CmdletBinding(DefaultParameterSetName='Create', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Alert rule ID ${RuleId}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Alias('ActionId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(New-Guid).Guid')] [System.String] # Action ID ${Id}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionRequest] # Action for alert rule. # To construct, see NOTES section for ACTION properties and create a hash table. ${Action}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Az.SecurityInsights.private\New-AzSentinelAlertRuleAction_Create'; } if (('Create') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('Id')) { $PSBoundParameters['Id'] = (New-Guid).Guid } if (('Create') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the alert rule. .Description Creates or updates the alert rule. .Example $AlertRuleTemplateName = "f71aba3d-28fb-450b-b192-4e76a83015c8" New-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind Fusion -Enabled -AlertRuleTemplateName $AlertRuleTemplateName .Example $AlertRuleTemplateName = "fa118b98-de46-4e94-87f9-8e6d5060b60b" New-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind MLBehaviorAnalytics -Enabled -AlertRuleTemplateName $AlertRuleTemplateName .Example $AlertRuleTemplateName = "0dd422ee-e6af-4204-b219-f59ac172e4c6" New-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind ThreatIntelligence -Enabled -AlertRuleTemplateName $AlertRuleTemplateName .Example $AlertRuleTemplateName = "a2e0eb51-1f11-461a-999b-cd0ebe5c7a72" New-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind MicrosoftSecurityIncidentCreation -Enabled -AlertRuleTemplateName $AlertRuleTemplateName -ProductFilter "Azure Security Center for IoT" .Example New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Exection Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventId == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10 .Example New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind NRT -Enabled -DisplayName "Break glass account accessed" -Severity High -Query "let Break_Glass_Account = _GetWatchlist('break_glass_account')\n|project UPN;\nSigninLogs\n| where UserPrincipalName in (Break_Glass_Account)" .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ALERTRULE <IAlertRule>: Alert rule. Kind <AlertRuleKind>: The kind of the alert rule [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentinelalertrule #> function New-AzSentinelAlertRule { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Alert rule ID ${RuleId}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule] # Alert rule. # To construct, see NOTES section for ALERTRULE properties and create a hash table. ${AlertRule}, [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind] # The kind of the alert rule ${Kind}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Az.SecurityInsights.private\New-AzSentinelAlertRule_Create'; CreateExpanded = 'Az.SecurityInsights.private\New-AzSentinelAlertRule_CreateExpanded'; } if (('Create', 'CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the data connector. .Description Creates or updates the data connector. .Example New-AzSentinelDataConnector -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind 'MicrosoftThreatIntelligence' -BingSafetyPhishingURL Enabled -BingSafetyPhishingUrlLookbackPeriod All -MicrosoftEmergingThreatFeed Enabled -MicrosoftEmergingThreatFeedLookbackPeriod All .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. DATACONNECTOR <IDataConnector>: Data connector Kind <DataConnectorKind>: The data connector kind [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentineldataconnector #> function New-AzSentinelDataConnector { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Alias('DataConnectorId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(New-Guid).Guid')] [System.String] # Connector ID ${Id}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector] # Data connector # To construct, see NOTES section for DATACONNECTOR properties and create a hash table. ${DataConnector}, [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind] # The data connector kind ${Kind}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Az.SecurityInsights.private\New-AzSentinelDataConnector_Create'; CreateExpanded = 'Az.SecurityInsights.private\New-AzSentinelDataConnector_CreateExpanded'; } if (('Create', 'CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('Id')) { $PSBoundParameters['Id'] = (New-Guid).Guid } if (('Create', 'CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the entity query. .Description Creates or updates the entity query. .Example $template = Get-AzSentinelEntityQueryTemplate -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id "myEntityQueryTemplateId" New-AzSentinelEntityQuery -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Kind Activity -Title ($template.title) -InputEntityType ($template.inputEntityType) -TemplateName ($template.Name) .Example New-AzSentinelEntityQuery -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -Kind Activity -Title 'An account was deleted on this host' -InputEntityType 'Host' -Content "On 'SomeCompute' the account 'SomeAccount' was deleted by 'SomeUser'" -Description "Account deleted on host" -QueryDefinitionQuery 'let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has ''@'', tostring(split(Computer, ''@'')[0]),\nComputer has ''\\'', tostring(split(Computer, ''\\'')[1]),\nComputer has ''.'', tostring(split(Computer, ''.'')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has ''\\'', tostring(split(Computer, ''\\'')[0]), \nComputer has ''.'', tostring(split(Computer, ''.'')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has ''\\'', tostring(split(Computer, ''\\'')[0]), \nComputer has ''.'', strcat_array(array_slice(split(Computer,''.''),-2,-1),''.''), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions(''someHost'', ''SomeNTDomain'', ''SomeDNSDomain'', ''SomeID'', ''SomeOMSAgentID'')\n \n| where EventID == 4726' -RequiredInputFieldsSet @(@("Host_HostName","Host_NTDomain"),@("Host_HostName","Host_DnsDomain"),@("Host_AzureID"),@("Host_OMSAgentID")) -EntitiesFilter @{"Host_OsFamily" = @("Windows")} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ICustomEntityQuery .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQuery .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ENTITYQUERY <ICustomEntityQuery>: Specific entity query that supports put requests. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentinelentityquery #> function New-AzSentinelEntityQuery { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQuery])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Alias('EntityQueryId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(New-Guid).Guid')] [System.String] # entity query ID ${Id}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ICustomEntityQuery] # Specific entity query that supports put requests. # To construct, see NOTES section for ENTITYQUERY properties and create a hash table. ${EntityQuery}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Az.SecurityInsights.private\New-AzSentinelEntityQuery_Create'; CreateExpanded = 'Az.SecurityInsights.private\New-AzSentinelEntityQuery_CreateExpanded'; } if (('Create', 'CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('Id')) { $PSBoundParameters['Id'] = (New-Guid).Guid } if (('Create', 'CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a Metadata. .Description Create a Metadata. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. DEPENDENCYCRITERION <IMetadataDependencies[]>: This is the list of dependencies we must fulfill, according to the AND/OR operator [ContentId <String>]: Id of the content item we depend on [Criterion <IMetadataDependencies[]>]: This is the list of dependencies we must fulfill, according to the AND/OR operator [Kind <Kind?>]: Type of the content item we depend on [Name <String>]: Name of the content item [Operator <Operator?>]: Operator used for list of dependencies in criteria array. [Version <String>]: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. METADATA <IMetadataModel>: Metadata resource definition. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [AuthorEmail <String>]: Email of author contact [AuthorLink <String>]: Link for author/vendor page [AuthorName <String>]: Name of the author. Company or person. [CategoryDomain <String[]>]: domain for the solution content item [CategoryVertical <String[]>]: Industry verticals for the solution content item [ContentId <String>]: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name [DependencyContentId <String>]: Id of the content item we depend on [DependencyCriterion <IMetadataDependencies[]>]: This is the list of dependencies we must fulfill, according to the AND/OR operator [ContentId <String>]: Id of the content item we depend on [Criterion <IMetadataDependencies[]>]: This is the list of dependencies we must fulfill, according to the AND/OR operator [Kind <Kind?>]: Type of the content item we depend on [Name <String>]: Name of the content item [Operator <Operator?>]: Operator used for list of dependencies in criteria array. [Version <String>]: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. [DependencyKind <Kind?>]: Type of the content item we depend on [DependencyName <String>]: Name of the content item [DependencyOperator <Operator?>]: Operator used for list of dependencies in criteria array. [DependencyVersion <String>]: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. [FirstPublishDate <DateTime?>]: first publish date solution content item [Kind <Kind?>]: The kind of content the metadata is for. [LastPublishDate <DateTime?>]: last publish date for the solution content item [ParentId <String>]: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) [Provider <String[]>]: Providers for the solution content item [SourceId <String>]: ID of the content source. The solution ID, workspace ID, etc [SourceKind <SourceKind?>]: Source type of the content [SourceName <String>]: Name of the content source. The repo name, solution name, LA workspace name etc. [SupportEmail <String>]: Email of support contact [SupportLink <String>]: Link for support help, like to support page to open a ticket etc. [SupportName <String>]: Name of the support contact. Company or person. [SupportTier <SupportTier?>]: Type of support for content item [Version <String>]: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks .Link https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentinelmetadata #> function New-AzSentinelMetadata { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Alias('MetadataName')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The Metadata name. ${Name}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel] # Metadata resource definition. # To construct, see NOTES section for METADATA properties and create a hash table. ${Metadata}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Email of author contact ${AuthorEmail}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Link for author/vendor page ${AuthorLink}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Name of the author. # Company or person. ${AuthorName}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # domain for the solution content item ${CategoryDomain}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Industry verticals for the solution content item ${CategoryVertical}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Static ID for the content. # Used to identify dependencies and content from solutions or community. # Hard-coded/static for out of the box content and solutions. # Dynamic for user-created. # This is the resource name ${ContentId}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Id of the content item we depend on ${DependencyContentId}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataDependencies[]] # This is the list of dependencies we must fulfill, according to the AND/OR operator # To construct, see NOTES section for DEPENDENCYCRITERION properties and create a hash table. ${DependencyCriterion}, [Parameter(ParameterSetName='CreateExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind] # Type of the content item we depend on ${DependencyKind}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Name of the content item ${DependencyName}, [Parameter(ParameterSetName='CreateExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Operator])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Operator] # Operator used for list of dependencies in criteria array. ${DependencyOperator}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Version of the the content item we depend on. # Can be blank, * or missing to indicate any version fulfills the dependency. # If version does not match our defined numeric format then an exact match is required. ${DependencyVersion}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.DateTime] # first publish date solution content item ${FirstPublishDate}, [Parameter(ParameterSetName='CreateExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind] # The kind of content the metadata is for. ${Kind}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.DateTime] # last publish date for the solution content item ${LastPublishDate}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Full parent resource ID of the content item the metadata is for. # This is the full resource ID including the scope (subscription and resource group) ${ParentId}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Providers for the solution content item ${Provider}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # ID of the content source. # The solution ID, workspace ID, etc ${SourceId}, [Parameter(ParameterSetName='CreateExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SourceKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SourceKind] # Source type of the content ${SourceKind}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Name of the content source. # The repo name, solution name, LA workspace name etc. ${SourceName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Email of support contact ${SupportEmail}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Link for support help, like to support page to open a ticket etc. ${SupportLink}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Name of the support contact. # Company or person. ${SupportName}, [Parameter(ParameterSetName='CreateExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SupportTier])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SupportTier] # Type of support for content item ${SupportTier}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Version of the content. # Default and recommended format is numeric (e.g. # 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. # Can also be any string, but then we cannot guarantee any version checks ${Version}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Az.SecurityInsights.private\New-AzSentinelMetadata_Create'; CreateExpanded = 'Az.SecurityInsights.private\New-AzSentinelMetadata_CreateExpanded'; } if (('Create', 'CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new threat intelligence indicator. .Description Create a new threat intelligence indicator. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceIndicatorModelForRequestBody .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. EXTERNALREFERENCE <IThreatIntelligenceExternalReference[]>: External References [Description <String>]: External reference description [ExternalId <String>]: External reference ID [Hash <IThreatIntelligenceExternalReferenceHashes>]: External reference hashes [(Any) <String>]: This indicates any property can be added to this object. [SourceName <String>]: External reference source name [Url <String>]: External reference URL GRANULARMARKING <IThreatIntelligenceGranularMarkingModel[]>: Granular Markings [Language <String>]: Language granular marking model [MarkingRef <Int32?>]: marking reference granular marking model [Selector <String[]>]: granular marking model selectors KILLCHAINPHASE <IThreatIntelligenceKillChainPhase[]>: Kill chain phases [KillChainName <String>]: Kill chainName name [PhaseName <String>]: Phase name PARSEDPATTERN <IThreatIntelligenceParsedPattern[]>: Parsed patterns [PatternTypeKey <String>]: Pattern type key [PatternTypeValue <IThreatIntelligenceParsedPatternTypeValue[]>]: Pattern type keys [Value <String>]: Value of parsed pattern [ValueType <String>]: Type of the value THREATINTELLIGENCEPROPERTY <IThreatIntelligenceIndicatorModelForRequestBody>: Threat intelligence indicator entity used in request body. [Confidence <Int32?>]: Confidence of threat intelligence entity [Created <String>]: Created by [CreatedByRef <String>]: Created by reference of threat intelligence entity [Defanged <Boolean?>]: Is threat intelligence entity defanged [Description <String>]: Description of a threat intelligence entity [DisplayName <String>]: Display name of a threat intelligence entity [Etag <String>]: Etag of the azure resource [Extension <IThreatIntelligenceIndicatorPropertiesExtensions>]: Extensions map [(Any) <Object>]: This indicates any property can be added to this object. [ExternalId <String>]: External ID of threat intelligence entity [ExternalLastUpdatedTimeUtc <String>]: External last updated time in UTC [ExternalReference <IThreatIntelligenceExternalReference[]>]: External References [Description <String>]: External reference description [ExternalId <String>]: External reference ID [Hash <IThreatIntelligenceExternalReferenceHashes>]: External reference hashes [(Any) <String>]: This indicates any property can be added to this object. [SourceName <String>]: External reference source name [Url <String>]: External reference URL [GranularMarking <IThreatIntelligenceGranularMarkingModel[]>]: Granular Markings [Language <String>]: Language granular marking model [MarkingRef <Int32?>]: marking reference granular marking model [Selector <String[]>]: granular marking model selectors [IndicatorType <String[]>]: Indicator types of threat intelligence entities [KillChainPhase <IThreatIntelligenceKillChainPhase[]>]: Kill chain phases [KillChainName <String>]: Kill chainName name [PhaseName <String>]: Phase name [Label <String[]>]: Labels of threat intelligence entity [Language <String>]: Language of threat intelligence entity [LastUpdatedTimeUtc <String>]: Last updated time in UTC [Modified <String>]: Modified by [ObjectMarkingRef <String[]>]: Threat intelligence entity object marking references [ParsedPattern <IThreatIntelligenceParsedPattern[]>]: Parsed patterns [PatternTypeKey <String>]: Pattern type key [PatternTypeValue <IThreatIntelligenceParsedPatternTypeValue[]>]: Pattern type keys [Value <String>]: Value of parsed pattern [ValueType <String>]: Type of the value [Pattern <String>]: Pattern of a threat intelligence entity [PatternType <String>]: Pattern type of a threat intelligence entity [PatternVersion <String>]: Pattern version of a threat intelligence entity [Revoked <Boolean?>]: Is threat intelligence entity revoked [Source <String>]: Source of a threat intelligence entity [ThreatIntelligenceTag <String[]>]: List of tags [ThreatType <String[]>]: Threat types [ValidFrom <String>]: Valid from [ValidUntil <String>]: Valid until .Link https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentinelthreatintelligenceindicator #> function New-AzSentinelThreatIntelligenceIndicator { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Create1', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Threat intelligence indicator name field. ${Name}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='Create1', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceIndicatorModelForRequestBody] # Threat intelligence indicator entity used in request body. # To construct, see NOTES section for THREATINTELLIGENCEPROPERTY properties and create a hash table. ${ThreatIntelligenceProperty}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Int32] # Confidence of threat intelligence entity ${Confidence}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Created by ${Created}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Created by reference of threat intelligence entity ${CreatedByRef}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Management.Automation.SwitchParameter] # Is threat intelligence entity defanged ${Defanged}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Description of a threat intelligence entity ${Description}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Display name of a threat intelligence entity ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceIndicatorPropertiesExtensions]))] [System.Collections.Hashtable] # Extensions map ${Extension}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # External ID of threat intelligence entity ${ExternalId}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # External last updated time in UTC ${ExternalLastUpdatedTimeUtc}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceExternalReference[]] # External References # To construct, see NOTES section for EXTERNALREFERENCE properties and create a hash table. ${ExternalReference}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceGranularMarkingModel[]] # Granular Markings # To construct, see NOTES section for GRANULARMARKING properties and create a hash table. ${GranularMarking}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Indicator types of threat intelligence entities ${IndicatorType}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceKillChainPhase[]] # Kill chain phases # To construct, see NOTES section for KILLCHAINPHASE properties and create a hash table. ${KillChainPhase}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Labels of threat intelligence entity ${Label}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Language of threat intelligence entity ${Language}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Last updated time in UTC ${LastUpdatedTimeUtc}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Modified by ${Modified}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Threat intelligence entity object marking references ${ObjectMarkingRef}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceParsedPattern[]] # Parsed patterns # To construct, see NOTES section for PARSEDPATTERN properties and create a hash table. ${ParsedPattern}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern of a threat intelligence entity ${Pattern}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern type of a threat intelligence entity ${PatternType}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern version of a threat intelligence entity ${PatternVersion}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Management.Automation.SwitchParameter] # Is threat intelligence entity revoked ${Revoked}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Source of a threat intelligence entity ${Source}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # List of tags ${ThreatIntelligenceTag}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Threat types ${ThreatType}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Valid from ${ValidFrom}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Valid until ${ValidUntil}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Az.SecurityInsights.private\New-AzSentinelThreatIntelligenceIndicator_Create'; Create1 = 'Az.SecurityInsights.private\New-AzSentinelThreatIntelligenceIndicator_Create1'; CreateExpanded = 'Az.SecurityInsights.private\New-AzSentinelThreatIntelligenceIndicator_CreateExpanded'; } if (('Create', 'Create1', 'CreateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete a Metadata. .Description Delete a Metadata. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/remove-azsentinelmetadata #> function Remove-AzSentinelMetadata { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Alias('MetadataName')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The Metadata name. ${Name}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Delete')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.SecurityInsights.private\Remove-AzSentinelMetadata_Delete'; DeleteViaIdentity = 'Az.SecurityInsights.private\Remove-AzSentinelMetadata_DeleteViaIdentity'; } if (('Delete') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete the office365 consent. .Description Delete the office365 consent. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/remove-azsentinelofficeconsent #> function Remove-AzSentinelOfficeConsent { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # consent ID ${ConsentId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Delete')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.SecurityInsights.private\Remove-AzSentinelOfficeConsent_Delete'; DeleteViaIdentity = 'Az.SecurityInsights.private\Remove-AzSentinelOfficeConsent_DeleteViaIdentity'; } if (('Delete') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete setting of the product. .Description Delete setting of the product. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/remove-azsentinelsetting #> function Remove-AzSentinelSetting { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The setting name. # Supports - Anomalies, EyesOn, EntityAnalytics, Ueba ${SettingsName}, [Parameter(ParameterSetName='Delete')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.SecurityInsights.private\Remove-AzSentinelSetting_Delete'; DeleteViaIdentity = 'Az.SecurityInsights.private\Remove-AzSentinelSetting_DeleteViaIdentity'; } if (('Delete') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete a threat intelligence indicator. .Description Delete a threat intelligence indicator. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/remove-azsentinelthreatintelligenceindicator #> function Remove-AzSentinelThreatIntelligenceIndicator { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Threat intelligence indicator name field. ${Name}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Delete')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Az.SecurityInsights.private\Remove-AzSentinelThreatIntelligenceIndicator_Delete'; DeleteViaIdentity = 'Az.SecurityInsights.private\Remove-AzSentinelThreatIntelligenceIndicator_DeleteViaIdentity'; } if (('Delete') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get requirements state for a data connector type. .Description Get requirements state for a data connector type. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnectorsCheckRequirements .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnectorRequirementsState .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. DATACONNECTORSCHECKREQUIREMENT <IDataConnectorsCheckRequirements>: Data connector requirements properties. Kind <DataConnectorKind>: Describes the kind of connector to be checked. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/test-azsentineldataconnectorscheckrequirement #> function Test-AzSentinelDataConnectorsCheckRequirement { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnectorRequirementsState])] [CmdletBinding(DefaultParameterSetName='PostExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Post', Mandatory)] [Parameter(ParameterSetName='PostExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Post')] [Parameter(ParameterSetName='PostExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Post', Mandatory)] [Parameter(ParameterSetName='PostExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='PostViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Post', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnectorsCheckRequirements] # Data connector requirements properties. # To construct, see NOTES section for DATACONNECTORSCHECKREQUIREMENT properties and create a hash table. ${DataConnectorsCheckRequirement}, [Parameter(ParameterSetName='PostExpanded', Mandatory)] [Parameter(ParameterSetName='PostViaIdentityExpanded', Mandatory)] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind] # Describes the kind of connector to be checked. ${Kind}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Post = 'Az.SecurityInsights.private\Test-AzSentinelDataConnectorsCheckRequirement_Post'; PostExpanded = 'Az.SecurityInsights.private\Test-AzSentinelDataConnectorsCheckRequirement_PostExpanded'; PostViaIdentityExpanded = 'Az.SecurityInsights.private\Test-AzSentinelDataConnectorsCheckRequirement_PostViaIdentityExpanded'; } if (('Post', 'PostExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the action of alert rule. .Description Creates or updates the action of alert rule. .Example $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myLogicAppResourceGroupName" -Name "myLogicAppPlaybookName" $LogicAppTriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "myLogicAppResourceGroupName" -Name $LogicAppResourceId.Name -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered" Update-AzSentinelAlertRuleAction -ResourceGroupName "mySentinelResourceGroupName" -workspaceName "myWorkspaceName" -RuleId "48bbf86d-540b-4a7b-9fee-2bd7d810dbed" -LogicAppResourceId ($LogicAppResourceId.Id) -TriggerUri ($LogicAppTriggerUri.Value) -Id ((New-Guid).Guid) .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionRequest .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ACTION <IActionRequest>: Action for alert rule. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [LogicAppResourceId <String>]: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. [TriggerUri <String>]: Logic App Callback URL for this specific workflow. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelalertruleaction #> function Update-AzSentinelAlertRuleAction { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse])] [CmdletBinding(DefaultParameterSetName='UpdateViaIdentity', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Alias('ActionId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Action ID ${Id}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Alert rule ID ${RuleId}, [Parameter(ParameterSetName='Update')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionRequest] # Action for alert rule. # To construct, see NOTES section for ACTION properties and create a hash table. ${Action}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelAlertRuleAction_Update'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelAlertRuleAction_UpdateViaIdentity'; } if (('Update') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the alert rule. .Description Creates or updates the alert rule. .Example Update-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -ruleId "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" -Query "SecurityAlert | take 2" .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ALERTRULE <IAlertRule>: Alert rule. Kind <AlertRuleKind>: The kind of the alert rule [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelalertrule #> function Update-AzSentinelAlertRule { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Alert rule ID ${RuleId}, [Parameter(ParameterSetName='Update')] [Parameter(ParameterSetName='UpdateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule] # Alert rule. # To construct, see NOTES section for ALERTRULE properties and create a hash table. ${AlertRule}, [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory)] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind] # The kind of the alert rule ${Kind}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelAlertRule_Update'; UpdateExpanded = 'Az.SecurityInsights.private\Update-AzSentinelAlertRule_UpdateExpanded'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelAlertRule_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Az.SecurityInsights.private\Update-AzSentinelAlertRule_UpdateViaIdentityExpanded'; } if (('Update', 'UpdateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the automation rule. .Description Creates or updates the automation rule. .Example $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myResourceGroup" -Name "Reset-AADPassword" $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = ($LogicAppResourceId.Id) $automationRuleAction.ActionConfigurationTenantId = (Get-AzContext).Tenant.Id Update-AzSentinelAutomationRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -Action $automationRuleAction -DisplayName "Run Playbook to reset AAD password" -Order 2 -TriggeringLogicIsEnabled .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. AUTOMATIONRULE <IAutomationRule>: Represents an automation rule. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [Action <IAutomationRuleAction[]>]: The actions to execute when the automation rule is triggered ActionType <AutomationRuleActionType>: The type of the automation rule action Order <Int32>: The order of execution of the automation rule action [CreatedByEmail <String>]: The email of the client. [CreatedByName <String>]: The name of the client. [CreatedByObjectId <String>]: The object id of the client. [CreatedByUserPrincipalName <String>]: The user principal name of the client. [DisplayName <String>]: The display name of the automation rule [LastModifiedByEmail <String>]: The email of the client. [LastModifiedByName <String>]: The name of the client. [LastModifiedByObjectId <String>]: The object id of the client. [LastModifiedByUserPrincipalName <String>]: The user principal name of the client. [Order <Int32?>]: The order of execution of the automation rule [TriggeringLogicCondition <IAutomationRuleCondition[]>]: The conditions to evaluate to determine if the automation rule should be triggered on a given object [TriggeringLogicExpirationTimeUtc <DateTime?>]: Determines when the automation rule should automatically expire and be disabled. [TriggeringLogicIsEnabled <Boolean?>]: Determines whether the automation rule is enabled or disabled. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelautomationrule #> function Update-AzSentinelAutomationRule { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule])] [CmdletBinding(DefaultParameterSetName='UpdateViaIdentity', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Alias('AutomationRuleId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Automation rule ID ${Id}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule] # Represents an automation rule. # To construct, see NOTES section for AUTOMATIONRULE properties and create a hash table. ${AutomationRule}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelAutomationRule_Update'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelAutomationRule_UpdateViaIdentity'; } if (('Update') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates the bookmark relation. .Description Creates the bookmark relation. .Example Update-AzSentinelBookmarkRelation -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -BookmarkId 6a8d6ea6-04d5-49d7-8169-ffca8b0ced59 -RelationName f185b6f8-1a0d-43eb-97de-67720839ac67 -RelatedResourceId f185b6f8-1a0d-43eb-97de-67720839ac67 .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. RELATION <IRelation>: Represents a relation between two resources [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [RelatedResourceId <String>]: The resource ID of the related resource .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelbookmarkrelation #> function Update-AzSentinelBookmarkRelation { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation])] [CmdletBinding(DefaultParameterSetName='UpdateViaIdentity', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Bookmark ID ${BookmarkId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Relation Name ${RelationName}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation] # Represents a relation between two resources # To construct, see NOTES section for RELATION properties and create a hash table. ${Relation}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelBookmarkRelation_Update'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelBookmarkRelation_UpdateViaIdentity'; } if (('Update') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the bookmark. .Description Creates or updates the bookmark. .Example $queryStartTime = (Get-Date).AddDays(-1).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z" $queryEndTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z" Update-AzSentinelBookmark -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -DisplayName "Incident Evidence" -Query "SecurityEvent | take 1" -QueryStartTime $queryStartTime -QueryEndTime $queryEndTime -EventTime $queryEndTime .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BOOKMARK <IBookmark>: Represents a bookmark in Azure Security Insights. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [Created <DateTime?>]: The time the bookmark was created [CreatedByObjectId <String>]: The object id of the user. [DisplayName <String>]: The display name of the bookmark [EventTime <DateTime?>]: The bookmark event time [IncidentInfoIncidentId <String>]: Incident Id [IncidentInfoRelationName <String>]: Relation Name [IncidentInfoSeverity <IncidentSeverity?>]: The severity of the incident [IncidentInfoTitle <String>]: The title of the incident [Label <String[]>]: List of labels relevant to this bookmark [Note <String>]: The notes of the bookmark [Query <String>]: The query of the bookmark. [QueryEndTime <DateTime?>]: The end time for the query [QueryResult <String>]: The query result of the bookmark. [QueryStartTime <DateTime?>]: The start time for the query [Updated <DateTime?>]: The last time the bookmark was updated [UpdatedByObjectId <String>]: The object id of the user. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelbookmark #> function Update-AzSentinelBookmark { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark])] [CmdletBinding(DefaultParameterSetName='UpdateViaIdentity', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Alias('BookmarkId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Bookmark ID ${Id}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark] # Represents a bookmark in Azure Security Insights. # To construct, see NOTES section for BOOKMARK properties and create a hash table. ${Bookmark}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelBookmark_Update'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelBookmark_UpdateViaIdentity'; } if (('Update') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the data connector. .Description Creates or updates the data connector. .Example Update-AzSentinelDataConnector -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id 3bd6c555-1412-4103-9b9d-2b0b40cda6b6 -SharePoint "Enabled" .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. DATACONNECTOR <IDataConnector>: Data connector Kind <DataConnectorKind>: The data connector kind [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentineldataconnector #> function Update-AzSentinelDataConnector { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Alias('DataConnectorId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Connector ID ${Id}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Parameter(ParameterSetName='UpdateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector] # Data connector # To construct, see NOTES section for DATACONNECTOR properties and create a hash table. ${DataConnector}, [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory)] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind] # The data connector kind ${Kind}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelDataConnector_Update'; UpdateExpanded = 'Az.SecurityInsights.private\Update-AzSentinelDataConnector_UpdateExpanded'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelDataConnector_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Az.SecurityInsights.private\Update-AzSentinelDataConnector_UpdateViaIdentityExpanded'; } if (('Update', 'UpdateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the entity query. .Description Creates or updates the entity query. .Example Update-AzSentinelEntityQuery -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -EntityQueryId "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" -Title "myEntityQuery Title" .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ICustomEntityQuery .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQuery .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ENTITYQUERY <ICustomEntityQuery>: Specific entity query that supports put requests. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelentityquery #> function Update-AzSentinelEntityQuery { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQuery])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Alias('EntityQueryId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # entity query ID ${Id}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Parameter(ParameterSetName='UpdateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ICustomEntityQuery] # Specific entity query that supports put requests. # To construct, see NOTES section for ENTITYQUERY properties and create a hash table. ${EntityQuery}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelEntityQuery_Update'; UpdateExpanded = 'Az.SecurityInsights.private\Update-AzSentinelEntityQuery_UpdateExpanded'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelEntityQuery_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Az.SecurityInsights.private\Update-AzSentinelEntityQuery_UpdateViaIdentityExpanded'; } if (('Update', 'UpdateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the incident comment. .Description Creates or updates the incident comment. .Example Update-AzSentinelIncidentComment -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -IncidentId 7cc984fe-61a2-43c2-a1a4-3583c8a89da2 -Id 8bb5c1eb-a3a9-4575-9451-cd2834be0e0a -Message "my comment" .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INCIDENTCOMMENT <IIncidentComment>: Represents an incident comment [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [AuthorEmail <String>]: The email of the client. [AuthorName <String>]: The name of the client. [AuthorObjectId <String>]: The object id of the client. [AuthorUserPrincipalName <String>]: The user principal name of the client. [Message <String>]: The comment message INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelincidentcomment #> function Update-AzSentinelIncidentComment { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment])] [CmdletBinding(DefaultParameterSetName='UpdateViaIdentity', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Alias('IncidentCommentId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Incident comment ID ${Id}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Incident ID ${IncidentId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment] # Represents an incident comment # To construct, see NOTES section for INCIDENTCOMMENT properties and create a hash table. ${IncidentComment}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelIncidentComment_Update'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelIncidentComment_UpdateViaIdentity'; } if (('Update') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the incident relation. .Description Creates or updates the incident relation. .Example $bookmark = Get-AzSentinelBookmark -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id "myBookmarkId" Update-AzSentinelIncidentRelation -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -IncidentId "myIncidentId" -RelationName ((New-Guid).Guid) -RelatedResourceId ($bookmark.Id) .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. RELATION <IRelation>: Represents a relation between two resources [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [RelatedResourceId <String>]: The resource ID of the related resource .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelincidentrelation #> function Update-AzSentinelIncidentRelation { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation])] [CmdletBinding(DefaultParameterSetName='UpdateViaIdentity', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Incident ID ${IncidentId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Relation Name ${RelationName}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation] # Represents a relation between two resources # To construct, see NOTES section for RELATION properties and create a hash table. ${Relation}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelIncidentRelation_Update'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelIncidentRelation_UpdateViaIdentity'; } if (('Update') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Creates or updates the incident. .Description Creates or updates the incident. .Example Update-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Id "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" -OwnerAssignedTo "user@mydomain.local" .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INCIDENT <IIncident>: Represents an incident in Azure Security Insights. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [Classification <IncidentClassification?>]: The reason the incident was closed [ClassificationComment <String>]: Describes the reason the incident was closed [ClassificationReason <IncidentClassificationReason?>]: The classification reason the incident was closed with [Description <String>]: The description of the incident [FirstActivityTimeUtc <DateTime?>]: The time of the first activity in the incident [Label <IIncidentLabel[]>]: List of labels relevant to this incident LabelName <String>: The name of the label [LastActivityTimeUtc <DateTime?>]: The time of the last activity in the incident [OwnerAssignedTo <String>]: The name of the user the incident is assigned to. [OwnerEmail <String>]: The email of the user the incident is assigned to. [OwnerObjectId <String>]: The object id of the user the incident is assigned to. [OwnerUserPrincipalName <String>]: The user principal name of the user the incident is assigned to. [ProviderIncidentId <String>]: The incident ID assigned by the incident provider [ProviderName <String>]: The name of the source provider that generated the incident [Severity <IncidentSeverity?>]: The severity of the incident [Status <IncidentStatus?>]: The status of the incident [Title <String>]: The title of the incident INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelincident #> function Update-AzSentinelIncident { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident])] [CmdletBinding(DefaultParameterSetName='UpdateViaIdentity', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Alias('IncidentId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Incident ID ${Id}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident] # Represents an incident in Azure Security Insights. # To construct, see NOTES section for INCIDENT properties and create a hash table. ${Incident}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelIncident_Update'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelIncident_UpdateViaIdentity'; } if (('Update') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update an existing Metadata. .Description Update an existing Metadata. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataPatch .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. DEPENDENCYCRITERION <IMetadataDependencies[]>: This is the list of dependencies we must fulfill, according to the AND/OR operator [ContentId <String>]: Id of the content item we depend on [Criterion <IMetadataDependencies[]>]: This is the list of dependencies we must fulfill, according to the AND/OR operator [Kind <Kind?>]: Type of the content item we depend on [Name <String>]: Name of the content item [Operator <Operator?>]: Operator used for list of dependencies in criteria array. [Version <String>]: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. METADATAPATCH <IMetadataPatch>: Metadata patch request body. [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. [AuthorEmail <String>]: Email of author contact [AuthorLink <String>]: Link for author/vendor page [AuthorName <String>]: Name of the author. Company or person. [CategoryDomain <String[]>]: domain for the solution content item [CategoryVertical <String[]>]: Industry verticals for the solution content item [ContentId <String>]: Static ID for the content. Used to identify dependencies and content from solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic for user-created. This is the resource name [DependencyContentId <String>]: Id of the content item we depend on [DependencyCriterion <IMetadataDependencies[]>]: This is the list of dependencies we must fulfill, according to the AND/OR operator [ContentId <String>]: Id of the content item we depend on [Criterion <IMetadataDependencies[]>]: This is the list of dependencies we must fulfill, according to the AND/OR operator [Kind <Kind?>]: Type of the content item we depend on [Name <String>]: Name of the content item [Operator <Operator?>]: Operator used for list of dependencies in criteria array. [Version <String>]: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. [DependencyKind <Kind?>]: Type of the content item we depend on [DependencyName <String>]: Name of the content item [DependencyOperator <Operator?>]: Operator used for list of dependencies in criteria array. [DependencyVersion <String>]: Version of the the content item we depend on. Can be blank, * or missing to indicate any version fulfills the dependency. If version does not match our defined numeric format then an exact match is required. [FirstPublishDate <DateTime?>]: first publish date solution content item [Kind <Kind?>]: The kind of content the metadata is for. [LastPublishDate <DateTime?>]: last publish date for the solution content item [ParentId <String>]: Full parent resource ID of the content item the metadata is for. This is the full resource ID including the scope (subscription and resource group) [Provider <String[]>]: Providers for the solution content item [SourceId <String>]: ID of the content source. The solution ID, workspace ID, etc [SourceKind <SourceKind?>]: Source type of the content [SourceName <String>]: Name of the content source. The repo name, solution name, LA workspace name etc. [SupportEmail <String>]: Email of support contact [SupportLink <String>]: Link for support help, like to support page to open a ticket etc. [SupportName <String>]: Name of the support contact. Company or person. [SupportTier <SupportTier?>]: Type of support for content item [Version <String>]: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we cannot guarantee any version checks .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelmetadata #> function Update-AzSentinelMetadata { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Alias('MetadataName')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The Metadata name. ${Name}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update')] [Parameter(ParameterSetName='UpdateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataPatch] # Metadata patch request body. # To construct, see NOTES section for METADATAPATCH properties and create a hash table. ${MetadataPatch}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Email of author contact ${AuthorEmail}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Link for author/vendor page ${AuthorLink}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Name of the author. # Company or person. ${AuthorName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # domain for the solution content item ${CategoryDomain}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Industry verticals for the solution content item ${CategoryVertical}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Static ID for the content. # Used to identify dependencies and content from solutions or community. # Hard-coded/static for out of the box content and solutions. # Dynamic for user-created. # This is the resource name ${ContentId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Id of the content item we depend on ${DependencyContentId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataDependencies[]] # This is the list of dependencies we must fulfill, according to the AND/OR operator # To construct, see NOTES section for DEPENDENCYCRITERION properties and create a hash table. ${DependencyCriterion}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind] # Type of the content item we depend on ${DependencyKind}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Name of the content item ${DependencyName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Operator])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Operator] # Operator used for list of dependencies in criteria array. ${DependencyOperator}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Version of the the content item we depend on. # Can be blank, * or missing to indicate any version fulfills the dependency. # If version does not match our defined numeric format then an exact match is required. ${DependencyVersion}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.DateTime] # first publish date solution content item ${FirstPublishDate}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind] # The kind of content the metadata is for. ${Kind}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.DateTime] # last publish date for the solution content item ${LastPublishDate}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Full parent resource ID of the content item the metadata is for. # This is the full resource ID including the scope (subscription and resource group) ${ParentId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Providers for the solution content item ${Provider}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # ID of the content source. # The solution ID, workspace ID, etc ${SourceId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SourceKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SourceKind] # Source type of the content ${SourceKind}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Name of the content source. # The repo name, solution name, LA workspace name etc. ${SourceName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Email of support contact ${SupportEmail}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Link for support help, like to support page to open a ticket etc. ${SupportLink}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Name of the support contact. # Company or person. ${SupportName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SupportTier])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SupportTier] # Type of support for content item ${SupportTier}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Version of the content. # Default and recommended format is numeric (e.g. # 1, 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. # Can also be any string, but then we cannot guarantee any version checks ${Version}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelMetadata_Update'; UpdateExpanded = 'Az.SecurityInsights.private\Update-AzSentinelMetadata_UpdateExpanded'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelMetadata_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Az.SecurityInsights.private\Update-AzSentinelMetadata_UpdateViaIdentityExpanded'; } if (('Update', 'UpdateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Updates setting. .Description Updates setting. .Example Update-AzSentinelSetting -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -SettingsName "Anomalies" -Enabled $true .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISettings .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISettings .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. SETTING <ISettings>: The Setting. Kind <SettingKind>: The kind of the setting [Etag <String>]: Etag of the azure resource [SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC). [SystemDataCreatedBy <String>]: The identity that created the resource. [SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource. [SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC) [SystemDataLastModifiedBy <String>]: The identity that last modified the resource. [SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource. .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelsetting #> function Update-AzSentinelSetting { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISettings])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The setting name. # Supports - Anomalies, EyesOn, EntityAnalytics, Ueba ${SettingsName}, [Parameter(ParameterSetName='Update')] [Parameter(ParameterSetName='UpdateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISettings] # The Setting. # To construct, see NOTES section for SETTING properties and create a hash table. ${Setting}, [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory)] [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SettingKind])] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SettingKind] # The kind of the setting ${Kind}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Az.SecurityInsights.private\Update-AzSentinelSetting_Update'; UpdateExpanded = 'Az.SecurityInsights.private\Update-AzSentinelSetting_UpdateExpanded'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelSetting_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Az.SecurityInsights.private\Update-AzSentinelSetting_UpdateViaIdentityExpanded'; } if (('Update', 'UpdateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Replace tags added to a threat intelligence indicator. .Description Replace tags added to a threat intelligence indicator. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. EXTERNALREFERENCE <IThreatIntelligenceExternalReference[]>: External References [Description <String>]: External reference description [ExternalId <String>]: External reference ID [Hash <IThreatIntelligenceExternalReferenceHashes>]: External reference hashes [(Any) <String>]: This indicates any property can be added to this object. [SourceName <String>]: External reference source name [Url <String>]: External reference URL GRANULARMARKING <IThreatIntelligenceGranularMarkingModel[]>: Granular Markings [Language <String>]: Language granular marking model [MarkingRef <Int32?>]: marking reference granular marking model [Selector <String[]>]: granular marking model selectors INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. KILLCHAINPHASE <IThreatIntelligenceKillChainPhase[]>: Kill chain phases [KillChainName <String>]: Kill chainName name [PhaseName <String>]: Phase name PARSEDPATTERN <IThreatIntelligenceParsedPattern[]>: Parsed patterns [PatternTypeKey <String>]: Pattern type key [PatternTypeValue <IThreatIntelligenceParsedPatternTypeValue[]>]: Pattern type keys [Value <String>]: Value of parsed pattern [ValueType <String>]: Type of the value .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelthreatintelligenceindicatortag #> function Update-AzSentinelThreatIntelligenceIndicatorTag { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation])] [CmdletBinding(DefaultParameterSetName='ReplaceExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='ReplaceExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Threat intelligence indicator name field. ${Name}, [Parameter(ParameterSetName='ReplaceExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='ReplaceExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='ReplaceExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='ReplaceViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Int32] # Confidence of threat intelligence entity ${Confidence}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Created by ${Created}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Created by reference of threat intelligence entity ${CreatedByRef}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Management.Automation.SwitchParameter] # Is threat intelligence entity defanged ${Defanged}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Description of a threat intelligence entity ${Description}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Display name of a threat intelligence entity ${DisplayName}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceIndicatorPropertiesExtensions]))] [System.Collections.Hashtable] # Extensions map ${Extension}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # External ID of threat intelligence entity ${ExternalId}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # External last updated time in UTC ${ExternalLastUpdatedTimeUtc}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceExternalReference[]] # External References # To construct, see NOTES section for EXTERNALREFERENCE properties and create a hash table. ${ExternalReference}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceGranularMarkingModel[]] # Granular Markings # To construct, see NOTES section for GRANULARMARKING properties and create a hash table. ${GranularMarking}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Indicator types of threat intelligence entities ${IndicatorType}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceKillChainPhase[]] # Kill chain phases # To construct, see NOTES section for KILLCHAINPHASE properties and create a hash table. ${KillChainPhase}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Labels of threat intelligence entity ${Label}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Language of threat intelligence entity ${Language}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Last updated time in UTC ${LastUpdatedTimeUtc}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Modified by ${Modified}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Threat intelligence entity object marking references ${ObjectMarkingRef}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceParsedPattern[]] # Parsed patterns # To construct, see NOTES section for PARSEDPATTERN properties and create a hash table. ${ParsedPattern}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern of a threat intelligence entity ${Pattern}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern type of a threat intelligence entity ${PatternType}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern version of a threat intelligence entity ${PatternVersion}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Management.Automation.SwitchParameter] # Is threat intelligence entity revoked ${Revoked}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Source of a threat intelligence entity ${Source}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # List of tags ${ThreatIntelligenceTag}, [Parameter()] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Threat types ${ThreatType}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Valid from ${ValidFrom}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Valid until ${ValidUntil}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ ReplaceExpanded = 'Az.SecurityInsights.private\Update-AzSentinelThreatIntelligenceIndicatorTag_ReplaceExpanded'; ReplaceViaIdentityExpanded = 'Az.SecurityInsights.private\Update-AzSentinelThreatIntelligenceIndicatorTag_ReplaceViaIdentityExpanded'; } if (('ReplaceExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update a threat Intelligence indicator. .Description Update a threat Intelligence indicator. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceIndicatorModelForRequestBody .Inputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity .Outputs Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. EXTERNALREFERENCE <IThreatIntelligenceExternalReference[]>: External References [Description <String>]: External reference description [ExternalId <String>]: External reference ID [Hash <IThreatIntelligenceExternalReferenceHashes>]: External reference hashes [(Any) <String>]: This indicates any property can be added to this object. [SourceName <String>]: External reference source name [Url <String>]: External reference URL GRANULARMARKING <IThreatIntelligenceGranularMarkingModel[]>: Granular Markings [Language <String>]: Language granular marking model [MarkingRef <Int32?>]: marking reference granular marking model [Selector <String[]>]: granular marking model selectors INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter [ActionId <String>]: Action ID [AlertRuleTemplateId <String>]: Alert rule template ID [AutomationRuleId <String>]: Automation rule ID [BookmarkId <String>]: Bookmark ID [ConsentId <String>]: consent ID [DataConnectorId <String>]: Connector ID [EntityId <String>]: entity ID [EntityQueryId <String>]: entity query ID [EntityQueryTemplateId <String>]: entity query template ID [Id <String>]: Resource identity path [IncidentCommentId <String>]: Incident comment ID [IncidentId <String>]: Incident ID [MetadataName <String>]: The Metadata name. [Name <String>]: Threat intelligence indicator name field. [RelationName <String>]: Relation Name [ResourceGroupName <String>]: The name of the resource group. The name is case insensitive. [RuleId <String>]: Alert rule ID [SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default [SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba [SourceControlId <String>]: Source control Id [SubscriptionId <String>]: The ID of the target subscription. [WorkspaceName <String>]: The name of the workspace. KILLCHAINPHASE <IThreatIntelligenceKillChainPhase[]>: Kill chain phases [KillChainName <String>]: Kill chainName name [PhaseName <String>]: Phase name PARSEDPATTERN <IThreatIntelligenceParsedPattern[]>: Parsed patterns [PatternTypeKey <String>]: Pattern type key [PatternTypeValue <IThreatIntelligenceParsedPatternTypeValue[]>]: Pattern type keys [Value <String>]: Value of parsed pattern [ValueType <String>]: Type of the value THREATINTELLIGENCEPROPERTY <IThreatIntelligenceIndicatorModelForRequestBody>: Threat intelligence indicator entity used in request body. [Confidence <Int32?>]: Confidence of threat intelligence entity [Created <String>]: Created by [CreatedByRef <String>]: Created by reference of threat intelligence entity [Defanged <Boolean?>]: Is threat intelligence entity defanged [Description <String>]: Description of a threat intelligence entity [DisplayName <String>]: Display name of a threat intelligence entity [Etag <String>]: Etag of the azure resource [Extension <IThreatIntelligenceIndicatorPropertiesExtensions>]: Extensions map [(Any) <Object>]: This indicates any property can be added to this object. [ExternalId <String>]: External ID of threat intelligence entity [ExternalLastUpdatedTimeUtc <String>]: External last updated time in UTC [ExternalReference <IThreatIntelligenceExternalReference[]>]: External References [Description <String>]: External reference description [ExternalId <String>]: External reference ID [Hash <IThreatIntelligenceExternalReferenceHashes>]: External reference hashes [(Any) <String>]: This indicates any property can be added to this object. [SourceName <String>]: External reference source name [Url <String>]: External reference URL [GranularMarking <IThreatIntelligenceGranularMarkingModel[]>]: Granular Markings [Language <String>]: Language granular marking model [MarkingRef <Int32?>]: marking reference granular marking model [Selector <String[]>]: granular marking model selectors [IndicatorType <String[]>]: Indicator types of threat intelligence entities [KillChainPhase <IThreatIntelligenceKillChainPhase[]>]: Kill chain phases [KillChainName <String>]: Kill chainName name [PhaseName <String>]: Phase name [Label <String[]>]: Labels of threat intelligence entity [Language <String>]: Language of threat intelligence entity [LastUpdatedTimeUtc <String>]: Last updated time in UTC [Modified <String>]: Modified by [ObjectMarkingRef <String[]>]: Threat intelligence entity object marking references [ParsedPattern <IThreatIntelligenceParsedPattern[]>]: Parsed patterns [PatternTypeKey <String>]: Pattern type key [PatternTypeValue <IThreatIntelligenceParsedPatternTypeValue[]>]: Pattern type keys [Value <String>]: Value of parsed pattern [ValueType <String>]: Type of the value [Pattern <String>]: Pattern of a threat intelligence entity [PatternType <String>]: Pattern type of a threat intelligence entity [PatternVersion <String>]: Pattern version of a threat intelligence entity [Revoked <Boolean?>]: Is threat intelligence entity revoked [Source <String>]: Source of a threat intelligence entity [ThreatIntelligenceTag <String[]>]: List of tags [ThreatType <String[]>]: Threat types [ValidFrom <String>]: Valid from [ValidUntil <String>]: Valid until .Link https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelthreatintelligenceindicator #> function Update-AzSentinelThreatIntelligenceIndicator { [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # Threat intelligence indicator name field. ${Name}, [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the resource group. # The name is case insensitive. ${ResourceGroupName}, [Parameter(ParameterSetName='UpdateExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script='(Get-AzContext).Subscription.Id')] [System.String] # The ID of the target subscription. ${SubscriptionId}, [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The name of the workspace. ${WorkspaceName}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Int32] # Confidence of threat intelligence entity ${Confidence}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Created by ${Created}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Created by reference of threat intelligence entity ${CreatedByRef}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Management.Automation.SwitchParameter] # Is threat intelligence entity defanged ${Defanged}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Description of a threat intelligence entity ${Description}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Display name of a threat intelligence entity ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.Info(PossibleTypes=([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceIndicatorPropertiesExtensions]))] [System.Collections.Hashtable] # Extensions map ${Extension}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # External ID of threat intelligence entity ${ExternalId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # External last updated time in UTC ${ExternalLastUpdatedTimeUtc}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceExternalReference[]] # External References # To construct, see NOTES section for EXTERNALREFERENCE properties and create a hash table. ${ExternalReference}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceGranularMarkingModel[]] # Granular Markings # To construct, see NOTES section for GRANULARMARKING properties and create a hash table. ${GranularMarking}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Indicator types of threat intelligence entities ${IndicatorType}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceKillChainPhase[]] # Kill chain phases # To construct, see NOTES section for KILLCHAINPHASE properties and create a hash table. ${KillChainPhase}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Labels of threat intelligence entity ${Label}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Language of threat intelligence entity ${Language}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Last updated time in UTC ${LastUpdatedTimeUtc}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Modified by ${Modified}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Threat intelligence entity object marking references ${ObjectMarkingRef}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceParsedPattern[]] # Parsed patterns # To construct, see NOTES section for PARSEDPATTERN properties and create a hash table. ${ParsedPattern}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern of a threat intelligence entity ${Pattern}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern type of a threat intelligence entity ${PatternType}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Pattern version of a threat intelligence entity ${PatternVersion}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.Management.Automation.SwitchParameter] # Is threat intelligence entity revoked ${Revoked}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Source of a threat intelligence entity ${Source}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # List of tags ${ThreatIntelligenceTag}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String[]] # Threat types ${ThreatType}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Valid from ${ValidFrom}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # Valid until ${ValidUntil}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceIndicatorModelForRequestBody] # Threat intelligence indicator entity used in request body. # To construct, see NOTES section for THREATINTELLIGENCEPROPERTY properties and create a hash table. ${ThreatIntelligenceProperty}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Azure')] [System.Management.Automation.PSObject] # The DefaultProfile parameter is not functional. # Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. ${DefaultProfile}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ UpdateExpanded = 'Az.SecurityInsights.private\Update-AzSentinelThreatIntelligenceIndicator_UpdateExpanded'; UpdateViaIdentity = 'Az.SecurityInsights.private\Update-AzSentinelThreatIntelligenceIndicator_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Az.SecurityInsights.private\Update-AzSentinelThreatIntelligenceIndicator_UpdateViaIdentityExpanded'; } if (('UpdateExpanded') -contains $parameterSet -and -not $PSBoundParameters.ContainsKey('SubscriptionId')) { $testPlayback = $false $PSBoundParameters['HttpPipelinePrepend'] | Foreach-Object { if ($_) { $testPlayback = $testPlayback -or ('Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.PipelineMock' -eq $_.Target.GetType().FullName -and 'Playback' -eq $_.Target.Mode) } } if ($testPlayback) { $PSBoundParameters['SubscriptionId'] = . (Join-Path $PSScriptRoot '..' 'utils' 'Get-SubscriptionIdTestSafe.ps1') } else { $PSBoundParameters['SubscriptionId'] = (Get-AzContext).Subscription.Id } } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } # SIG # Begin signature block # MIIoUgYJKoZIhvcNAQcCoIIoQzCCKD8CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD+qNh3zI6XJemt # zGx0zSjo7GoZVYX/J8mjOHcYT0EHM6CCDYUwggYDMIID66ADAgECAhMzAAAEA73V # lV0POxitAAAAAAQDMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTEzWhcNMjUwOTExMjAxMTEzWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCfdGddwIOnbRYUyg03O3iz19XXZPmuhEmW/5uyEN+8mgxl+HJGeLGBR8YButGV # LVK38RxcVcPYyFGQXcKcxgih4w4y4zJi3GvawLYHlsNExQwz+v0jgY/aejBS2EJY # oUhLVE+UzRihV8ooxoftsmKLb2xb7BoFS6UAo3Zz4afnOdqI7FGoi7g4vx/0MIdi # kwTn5N56TdIv3mwfkZCFmrsKpN0zR8HD8WYsvH3xKkG7u/xdqmhPPqMmnI2jOFw/ # /n2aL8W7i1Pasja8PnRXH/QaVH0M1nanL+LI9TsMb/enWfXOW65Gne5cqMN9Uofv # ENtdwwEmJ3bZrcI9u4LZAkujAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU6m4qAkpz4641iK2irF8eWsSBcBkw # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMjkyNjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AFFo/6E4LX51IqFuoKvUsi80QytGI5ASQ9zsPpBa0z78hutiJd6w154JkcIx/f7r # EBK4NhD4DIFNfRiVdI7EacEs7OAS6QHF7Nt+eFRNOTtgHb9PExRy4EI/jnMwzQJV # NokTxu2WgHr/fBsWs6G9AcIgvHjWNN3qRSrhsgEdqHc0bRDUf8UILAdEZOMBvKLC # rmf+kJPEvPldgK7hFO/L9kmcVe67BnKejDKO73Sa56AJOhM7CkeATrJFxO9GLXos # oKvrwBvynxAg18W+pagTAkJefzneuWSmniTurPCUE2JnvW7DalvONDOtG01sIVAB # +ahO2wcUPa2Zm9AiDVBWTMz9XUoKMcvngi2oqbsDLhbK+pYrRUgRpNt0y1sxZsXO # raGRF8lM2cWvtEkV5UL+TQM1ppv5unDHkW8JS+QnfPbB8dZVRyRmMQ4aY/tx5x5+ # sX6semJ//FbiclSMxSI+zINu1jYerdUwuCi+P6p7SmQmClhDM+6Q+btE2FtpsU0W # +r6RdYFf/P+nK6j2otl9Nvr3tWLu+WXmz8MGM+18ynJ+lYbSmFWcAj7SYziAfT0s # IwlQRFkyC71tsIZUhBHtxPliGUu362lIO0Lpe0DOrg8lspnEWOkHnCT5JEnWCbzu # iVt8RX1IV07uIveNZuOBWLVCzWJjEGa+HhaEtavjy6i7MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGiMwghofAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAQDvdWVXQ87GK0AAAAA # BAMwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEINPZ # mW64aaVZlV/sv/cLa2jfwpBkoAgfeO/CB+5YrL/zMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAFCX4sDkbUaVA1NqzjzkH44sZXsgJhOg99kuP # HRa+QNGQk7bRmU9dvdl6tlVWumWWTr1fdrYOjpNwlMnjl2X9BinG52lV6+9L6dXw # fHL9NWyQdAC64aj/Syg2bjDwpRfzDJnVPtTMvEIAGDRcpa5svq77A25csV2xh1Gn # 0TWy7EWEbo8x6qKfGev2LURx/hZASudPg3dpKgxSSsFrerWIltVVk/XiH6PuA4rj # oR3gdJb4guZ6kZ1O0L2qXDzSrKGsm7yzHLup5x4YSxj/0HV+X0011wlPrDk1/uU6 # 4EMZqxkjiLIZfd1TUPxi/VpVFa37TvdodZyDI/6acjm1ortWjaGCF60wghepBgor # BgEEAYI3AwMBMYIXmTCCF5UGCSqGSIb3DQEHAqCCF4YwgheCAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFaBgsqhkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCAw2zDFIbEO/hpMynUe69mjipPjaWZ3iRRY # CSakGrKHtgIGZ2L/x8taGBMyMDI1MDEwOTA2Mzc0Ny45NDNaMASAAgH0oIHZpIHW # MIHTMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsT # Hm5TaGllbGQgVFNTIEVTTjo2NTFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9z # b2Z0IFRpbWUtU3RhbXAgU2VydmljZaCCEfswggcoMIIFEKADAgECAhMzAAAB9ZkJ # lLzxxlCMAAEAAAH1MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMB4XDTI0MDcyNTE4MzEwMVoXDTI1MTAyMjE4MzEwMVowgdMxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jv # c29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVs # ZCBUU1MgRVNOOjY1MUEtMDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGlt # ZS1TdGFtcCBTZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA # zO90cFQTWd/WP84IT7JMIW1fQL61sdfgmhlfT0nvYEb2kvkNF073ZwjveuSWot38 # 7LjE0TCiG93e6I0HzIFQBnbxGP/WPBUirFq7WE5RAsuhNfYUL+PIb9jJq3CwWxIC # fw5t/pTyIOHjKvo1lQOTWZypir/psZwEE7y2uWAPbZJTFrKen5R73x2Hbxy4eW1D # cmXjym2wFWv10sBH40ajJfe+OkwcTdoYrY3KkpN/RQSjeycK0bhjo0CGYIYa+ZMA # ao0SNR/R1J1Y6sLkiCJO3aQrbS1Sz7l+/qJgy8fyEZMND5Ms7C0sEaOvoBHiWSpT # M4vc0xDLCmc6PGv03CtWu2KiyqrL8BAB1EYyOShI3IT79arDIDrL+de91FfjmSbB # Y5j+HvS0l3dXkjP3Hon8b74lWwikF0rzErF0n3khVAusx7Sm1oGG+06hz9XAy3Wo # u+T6Se6oa5LDiQgPTfWR/j9FNk8Ju06oSfTh6c03V0ulla0Iwy+HzUl+WmYxFLU0 # PiaXsmgudNwVqn51zr+Bi3XPJ85wWuy6GGT7nBDmXNzTNkzK98DBQjTOabQXUZ88 # 4Yb9DFNcigmeVTYkyUXZ6hscd8Nyq45A3D3bk+nXnsogK1Z7zZj6XbGft7xgOYvv # eU6p0+frthbF7MXv+i5qcD9HfFmOq4VYHevVesYb6P0CAwEAAaOCAUkwggFFMB0G # A1UdDgQWBBRV4Hxb9Uo0oHDwJZJe22ixe2B1ATAfBgNVHSMEGDAWgBSfpxVdAF5i # XYP05dJlpxtTNRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jv # c29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENB # JTIwMjAxMCgxKS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRp # bWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1Ud # JQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF # AAOCAgEAcwxmVPaA9xHffuom0TOSp2hspuf1G0cHW/KXHAuhnpW8/Svlq5j9aKI/ # 8/G6fGIQMr0zlpau8jy83I4zclGdJjl5S02SxDlUKawtWvgf7ida06PgjeQM1eX4 # Lut4bbPfT0FEp77G76hhysXxTJNHv5y+fwThUeiiclihZwqcZMpa46m+oV6igTU6 # I0EnneotMqFs0Q3zHgVVr4WXjnG2Bcnkip42edyg/9iXczqTBrEkvTz0UlltpFGa # QnLzq+No8VEgq0UG7W1ELZGhmmxFmHABwTT6sPJFV68DfLoC0iB9Qbb9VZ8mvbTV # 5JtISBklTuVAlEkzXi9LIjNmx+kndBfKP8dxG/xbRXptQDQDaCsS6ogLkwLgH6zS # s+ul9WmzI0F8zImbhnZhUziIHheFo4H+ZoojPYcgTK6/3bkSbOabmQFf95B8B6e5 # WqXbS5s9OdMdUlW1gTI1r5u+WAwH2KG7dxneoTbf/jYl3TUtP7AHpyck2c0nun/Q # 0Cycpa9QUH/Dy01k6tQomNXGjivg2/BGcgZJ0Hw8C6KVelEJ31xLoE21m9+NEgSK # CRoFE1Lkma31SyIaynbdYEb8sOlZynMdm8yPldDwuF54vJiEArjrcDNXe6BobZUi # TWSKvv1DJadR1SUCO/Od21GgU+hZqu+dKgjKAYdeTIvi9R2rtLYwggdxMIIFWaAD # AgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD # VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe # MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3Nv # ZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIy # MjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5 # vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64 # NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhu # je3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl # 3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPg # yY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I # 5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2 # ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/ # TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy # 16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y # 1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6H # XtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMB # AAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQW # BBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30B # ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYB # BAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB # Af8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBL # oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv # TWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr # BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNS # b29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1Vffwq # reEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27 # DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pv # vinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9Ak # vUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWK # NsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2 # kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+ # c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep # 8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+Dvk # txW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1Zyvg # DbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/ # 2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYIDVjCCAj4CAQEwggEBoYHZpIHW # MIHTMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsT # Hm5TaGllbGQgVFNTIEVTTjo2NTFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9z # b2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUAJsAKu48NbR5Y # Rg3WSBQCyjzdkvaggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDANBgkqhkiG9w0BAQsFAAIFAOsp1Y4wIhgPMjAyNTAxMDkwNDU2NDZaGA8yMDI1 # MDExMDA0NTY0NlowdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA6ynVjgIBADAHAgEA # AgIv2DAHAgEAAgITKTAKAgUA6ysnDgIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgor # BgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBCwUA # A4IBAQBQZ+epogh9yozGUXovfC3VuYhp+q9eHXsbU/tJwdx7+bFn5T6uQT/6MJPW # R7o6lYwustfEM0NLspeUimvngBIWtQbNrJpreDR9FiiwUn/Vyr0xLe9wulNHOPr+ # bqXRWk6PpLXo0fjZ2pUScusPFs7wcRFLIaEdn7nuFhV62XsNsNm3V4OyAKEu6mkk # IHx4X5Lrg80iKlN2BXYRGjRYP7Hb4TglhDJSPdDWxvhj+ndNbhc13Nm3zZd/DJqJ # gi5TYRK6BmUDOfZRiO2UCHB5CKvilGCspEfnlyBFjlPuUQhra/zOX2uuSzrHTcfw # J6b5vb7DmQVFde3aEtEMVk3Z8ACgMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAH1mQmUvPHGUIwAAQAAAfUwDQYJYIZIAWUD # BAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0B # CQQxIgQgraCwMB2vyFAwvOJrfmYLufyVglLt2IROtPV7Qq8/L8YwgfoGCyqGSIb3 # DQEJEAIvMYHqMIHnMIHkMIG9BCDB1vLSFwh09ISu4kdEv4/tg9eR1Yk8w5x7j5GT # hqaPNTCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB # 9ZkJlLzxxlCMAAEAAAH1MCIEIILkTWtto6jyoOiQmqv3k12cmyPChV3pUGKZ5kYF # /vZ0MA0GCSqGSIb3DQEBCwUABIICAELJT6DNywh64yUEfiGt2FzQh841/CcJAWp3 # 4SraRo9mCHaR4kuARgAUnpR6lsFq+j0ME673jdeef3Qc+j85CRIk44SyppGZCZvS # bisphEt8wKxNToOVHLSkWGX+RgvyOB9vfFpnUUAqo598u7uaRvzsrlCIEreiyE/M # TTy1kGz3+R+iyxr/Djy+s1B1hDqxRX1v8+RQZ2T2y6T6qrAxDaTsaG4KhVlHcTyG # 1LlncUJWEeKHiMQ9f5mbZz3diI8nnpz9K9hqOEnImRG1TW5JTgg/pNIUB5yAasqr # 5r6e9Wh6cL3rPvtjTMhIb/NQq3SrQ8Ydkhlg9AOIq/InVhghio7YBWmGzF8Ddbt6 # IrrLeewEpex+Ul9XVk5aweyh+HetmbfjzSUYkcSV8RyW/3qJ3CiwMDfNIxS08m/E # cjAv4BXpd8ZT67d1ZJlowu8UhJbegPPA0vSiF1bWbOZyVOwzG7VDdi8rlRU/D0iY # H1gIGb5XOhRH2vKAFOu+qhUtVlnc84gNe4PyccohwXhNpAd6dbUQ74skQ6zEdLrS # +i6IwX1SUu+mF6yzwpTudfM0DB88HVJ1bdSNKp9kDTdPqe7p+5AwHy2chc01Xg+s # ZSfrv6NHSIQYpqtG4z+WbdyT2XqBwE8Chei/RiQ5rWQTb2OVzbDp6Bptk3bz/CsW # KFN7dcL7 # SIG # End signature block |