src/Get-AzDcrListAll.ps1
|
Function Get-AzDcrListAll { <# .SYNOPSIS Builds list of all Data Collection Rules (DCRs), which can be retrieved by Azure using the RBAC context of the Log Ingestion App .DESCRIPTION Data is retrieved using Azure Resource Graph Result is saved in global-variable in Powershell Main reason for saving as global-variable is to optimize number of times to do lookup - due to throttling in Azure Resource Graph .PARAMETER AzAppId This is the Azure app id .PARAMETER AzAppSecret This is the secret of the Azure app .PARAMETER TenantId This is the Azure AD tenant id .INPUTS None. You cannot pipe objects .OUTPUTS Updated object with CollectionTime .EXAMPLE #------------------------------------------------------------------------------------------- # Build data array #------------------------------------------------------------------------------------------- # building global variable with all DCRs, which can be viewed by Log Ingestion app $global:AzDcrDetails = Get-AzDcrListAll -AzAppId $LogIngestAppId -AzAppSecret $LogIngestAppSecret -TenantId $TenantId $global:AzDcrDetails #------------------------------------------------------------------------------------------- # Output #------------------------------------------------------------------------------------------- id : /subscriptions/fce4f282-fcc6-43fb-94d8-bf1701b862c3/resourceGroups/rg-dcr-log-platform-management-client-demo1-p/provi ders/microsoft.insights/dataCollectionRules/dcr-clt1-InvClientWindowsUpdateLastInstallationsV2_CL name : dcr-clt1-InvClientWindowsUpdateLastInstallationsV2_CL type : microsoft.insights/datacollectionrules tenantId : f0fa27a0-8e7c-4f63-9a77-ec94786b7c9e kind : location : westeurope resourceGroup : rg-dcr-log-platform-management-client-demo1-p subscriptionId : fce4f282-fcc6-43fb-94d8-bf1701b862c3 managedBy : sku : plan : properties : @{provisioningState=Succeeded; destinations=; immutableId=dcr-536e17acf300416a87ec3e48408c5c51; dataFlows=System.Objec t[]; dataCollectionEndpointId=/subscriptions/fce4f282-fcc6-43fb-94d8-bf1701b862c3/resourceGroups/rg-dce-log-platform-m anagement-client-demo1-p/providers/Microsoft.Insights/dataCollectionEndpoints/dce-log-platform-management-client-demo1 -p; streamDeclarations=} tags : identity : zones : extendedLocation : id : /subscriptions/fce4f282-fcc6-43fb-94d8-bf1701b862c3/resourceGroups/rg-dcr-log-platform-management-client-demo1-p/provi ders/microsoft.insights/dataCollectionRules/dcr-clt1-InvClientWindowsUpdateLastResultsV2_CL name : dcr-clt1-InvClientWindowsUpdateLastResultsV2_CL type : microsoft.insights/datacollectionrules tenantId : f0fa27a0-8e7c-4f63-9a77-ec94786b7c9e kind : location : westeurope resourceGroup : rg-dcr-log-platform-management-client-demo1-p subscriptionId : fce4f282-fcc6-43fb-94d8-bf1701b862c3 managedBy : sku : plan : properties : @{provisioningState=Succeeded; destinations=; immutableId=dcr-70fc262b839c41b4a3b1bd83b9f6d323; dataFlows=System.Objec t[]; dataCollectionEndpointId=/subscriptions/fce4f282-fcc6-43fb-94d8-bf1701b862c3/resourceGroups/rg-dce-log-platform-m anagement-client-demo1-p/providers/Microsoft.Insights/dataCollectionEndpoints/dce-log-platform-management-client-demo1 -p; streamDeclarations=} tags : identity : zones : extendedLocation : id : /subscriptions/fce4f282-fcc6-43fb-94d8-bf1701b862c3/resourceGroups/rg-dcr-log-platform-management-client-demo1-p/provi ders/microsoft.insights/dataCollectionRules/dcr-clt1-InvClientWindowsUpdatePendingUpdatesV2_CL name : dcr-clt1-InvClientWindowsUpdatePendingUpdatesV2_CL type : microsoft.insights/datacollectionrules tenantId : f0fa27a0-8e7c-4f63-9a77-ec94786b7c9e kind : location : westeurope resourceGroup : rg-dcr-log-platform-management-client-demo1-p subscriptionId : fce4f282-fcc6-43fb-94d8-bf1701b862c3 managedBy : sku : plan : properties : @{provisioningState=Succeeded; destinations=; immutableId=dcr-a08cb890c5f14bb9af47fe76af051f82; dataFlows=System.Objec t[]; dataCollectionEndpointId=/subscriptions/fce4f282-fcc6-43fb-94d8-bf1701b862c3/resourceGroups/rg-dce-log-platform-m anagement-client-demo1-p/providers/Microsoft.Insights/dataCollectionEndpoints/dce-log-platform-management-client-demo1 -p; streamDeclarations=} tags : identity : zones : extendedLocation : #> [CmdletBinding()] param( [Parameter()] [string]$AzAppId, [Parameter()] [string]$AzAppSecret, [Parameter()] [string]$TenantId ) Write-Verbose "" Write-Verbose "Getting Data Collection Rules from Azure Resource Graph .... Please Wait !" #-------------------------------------------------------------------------- # Connection #-------------------------------------------------------------------------- $Headers = Get-AzAccessTokenManagement -AzAppId $AzAppId ` -AzAppSecret $AzAppSecret ` -TenantId $TenantId -Verbose:$Verbose #-------------------------------------------------------------------------- # Get DCRs from Azure Resource Graph #-------------------------------------------------------------------------- $AzGraphQuery = @{ 'query' = 'Resources | where type =~ "microsoft.insights/datacollectionrules" ' } | ConvertTo-Json -Depth 20 $ResponseData = @() $AzGraphUri = "https://management.azure.com/providers/Microsoft.ResourceGraph/resources?api-version=2021-03-01" $ResponseRaw = Invoke-WebRequest -Method POST -Uri $AzGraphUri -Headers $Headers -Body $AzGraphQuery $ResponseData += $ResponseRaw.content $ResponseNextLink = $ResponseRaw."@odata.nextLink" While ($ResponseNextLink -ne $null) { $ResponseRaw = Invoke-WebRequest -Method POST -Uri $AzGraphUri -Headers $Headers -Body $AzGraphQuery $ResponseData += $ResponseRaw.content $ResponseNextLink = $ResponseRaw."@odata.nextLink" } $DataJson = $ResponseData | ConvertFrom-Json $Data = $DataJson.data Return $Data } |