Public/generated/Get-KritTcmSCProtectionAlert.ps1
|
<# ·· × × × ··· SirJ's Deaddrop ··· × × × ··· — If you found this, you were meant to — ---------------- A Seriously Kritical™ Production ---------------- [] → (¯`·.¸¸.·´¯) .·´ `·. [] → `·.______________.·´ | +------------------+ | | | Kritical™ | | | | [] [] | | | | | | | | [] [] [] | | | +------------------+ | (._.·´¯`·.¸_) Your last call. And your first move. ★ ☆ ★ +61 1300 274 655 sales at kritical dot net ----------------------------------------------------------------- .COPYRIGHT (c) 2026 Kritical Pty Ltd. All rights reserved. .AUTHOR Joshua Finley <joshua.finley@kritical.net> .COMPANY Kritical Pty Ltd | ABN 39 687 048 086 Level 4 / 60 Moorabool St Geelong VIC 3220 1300 274 655 | sales@kritical.net | https://kritical.net/ .NOTES HARD RULE 13 canonical Kritical branding — do not overlay other agent banners. Auto-generated by Generate-KritTcmFromM365DscSchema.ps1 (.1507o30+). Upstream reference: Microsoft365DSC by Microsoft (MIT). This shim provides literal search-replace equivalence — see Krit.TCM/generated/index.md. #> function Get-KritTcmSCProtectionAlert { <# .SYNOPSIS Krit.TCM shim for M365DSC resource SCProtectionAlert. .DESCRIPTION Auto-generated from M365DSC .schema.mof by scripts/m365-setup/Generate-KritTcmFromM365DscSchema.ps1 (.1507o30). Search-replace safe: callers that today invoke Get-M365DSCSCProtectionAlert -Credential $cred -TenantId $tid can rename to Get-KritTcmSCProtectionAlert -Credential $cred -TenantId $tid with ZERO other edits. Parameter shape matches the M365DSC .schema.mof exactly. Per operator direction, -PreferM365DscBehavior defaults to true. Actual Graph dispatch is delegated to Invoke-KritTcmM365DscSchemaBridge. Bridge maps resource → Graph endpoint per per-resource wave; where mapping is not yet shipped, bridge returns an object with Verdict='UNMAPPED'. .NOTES Workload: Purview Original mof: C:\Users\joshl\OneDrive - Kritical Pty Ltd\Github\KRTPax8ToShopifyConnector\.kritm365-mine\Microsoft365DSC\Modules\Microsoft365DSC\DSCResources\MSFT_SCProtectionAlert\MSFT_SCProtectionAlert.schema.mof Param count: 26 Generator wave: .1507o30 #> [CmdletBinding()] param( # Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity [ValidateSet('None','SimpleAggregation','AnomalousAggregation','CustomAggregation')] [string]$AggregationType, # Specifies a category for the alert policy [string]$Category, # Specifies an optional comment [string]$Comment, # Enables or disables the alert policy [bool]$Disabled, # Specify if this alert should exist or not. [ValidateSet('Present','Absent')] [string]$Ensure, # The Filter parameter uses OPATH syntax to filter the results by the specified properties and values [string]$Filter, # Specifies the unique name for the alert policy [Parameter(Mandatory)] [string]$Name, # Specifies the language or locale that's used for notifications. For example, da-DK for Danish [string]$NotificationCulture, # NotificationEnabled true or false [bool]$NotificationEnabled, # Specifies whether to trigger an alert for a single event when the alert policy is configured for aggregated activity [bool]$NotifyUserOnFilterMatch, # Specifies whether to temporarily suspend notifications for the alert policy. Until the specified date-time, no notifications are sent for detected activities. [datetime]$NotifyUserSuppressionExpiryDate, # Specifies the maximum number of notifications for the alert policy within the time period specified by the NotifyUserThrottleWindow parameter. Once the maximum number of notifications has been reached in the time period, no more notifications are sent for the alert. [int]$NotifyUserThrottleThreshold, # Specifies the time interval in minutes that's used by the NotifyUserThrottleThreshold parameter [int]$NotifyUserThrottleWindow, # PrivacyManagementScopedSensitiveInformationTypesThreshold [long]$PrivacyManagementScopedSensitiveInformationTypesThreshold, # specifies the severity of the detection [ValidateSet('Low','Medium','High','Informational')] [string]$Severity, # Specifies the type of activities that are monitored by the alert policy [ValidateSet('Activity','Malware','Phish','Malicious','MaliciousUrlClick','MailFlow')] [string]$ThreatType, # Specifies the number of detections that trigger the alert policy within the time period specified by the TimeWindow parameter. A valid value is an integer that's greater than or equal to 3. [int]$Threshold, # Specifies the time interval in minutes for number of detections specified by the Threshold parameter. A valid value is an integer that's greater than 60 (one hour). [int]$TimeWindow, # Volume Threshold [int]$VolumeThreshold, # Credentials of the Global Admin [string]$Credential, # Id of the Azure Active Directory application to authenticate with. [string]$ApplicationId, # Id of the Azure Active Directory tenant used for authentication. [string]$TenantId, # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. [string]$CertificateThumbprint, # Username can be made up to anything but password will be used for CertificatePassword [string]$CertificatePassword, # Path to certificate used in service principal usually a PFX file. [string]$CertificatePath, # Managed ID being used for authentication. [bool]$ManagedIdentity ) Invoke-KritTcmM365DscSchemaBridge -ResourceName 'SCProtectionAlert' -Workload 'Purview' -Verb 'Get' -CallerParams $PSBoundParameters } |