public override void ExecuteCmdlet()
{
var autoProvision = EnableAutoProvision.IsPresent ? "On" : "Off";
var name = Name;
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionLevelResource:
break;
case ParameterSetNames.ResourceId:
name = AzureIdUtilities.GetResourceName(ResourceId);
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
autoProvision = InputObject.AutoProvision;
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(name, VerbsCommon.Set))
{
var aps = SecurityCenterClient.AutoProvisioningSettings.CreateWithHttpMessagesAsync(name, autoProvision).GetAwaiter().GetResult().Body;
WriteObject(aps.ConvertToPSType(), enumerateCollection: false);
}
}
public override void ExecuteCmdlet()
{
var name = Name;
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionLevelResource:
break;
case ParameterSetNames.ResourceId:
name = AzureIdUtilities.GetResourceName(ResourceId);
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(name, VerbsCommon.Remove))
{
SecurityCenterClient.WorkspaceSettings.DeleteWithHttpMessagesAsync(name).GetAwaiter().GetResult();
}
if (PassThru.IsPresent)
{
WriteObject(true);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionLevelResource:
if (!string.IsNullOrEmpty(Name))
{
var regulatoryComplianceAssessment = SecurityCenterClient.RegulatoryComplianceAssessments.GetWithHttpMessagesAsync(
StandardName, ControlName, Name).GetAwaiter().GetResult().Body;
WriteObject(regulatoryComplianceAssessment.ConvertToPSType(), enumerateCollection: false);
break;
}
else
{
var regulatoryComplianceAssessments = SecurityCenterClient.RegulatoryComplianceAssessments.ListWithHttpMessagesAsync(
StandardName, ControlName).GetAwaiter().GetResult().Body;
WriteObject(regulatoryComplianceAssessments.ConvertToPSType(), enumerateCollection: true);
break;
}
case ParameterSetNames.ResourceId:
var regulatoryComplianceAssessmentByResource = SecurityCenterClient.RegulatoryComplianceAssessments.GetWithHttpMessagesAsync(
AzureIdUtilities.GetRegulatoryStandardName(ResourceId),
AzureIdUtilities.GetRegulatoryStandardControlName(ResourceId, false),
AzureIdUtilities.GetRegulatoryStandardAssessmentName(ResourceId, true))
.GetAwaiter().GetResult().Body;
WriteObject(regulatoryComplianceAssessmentByResource.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
var name = Name;
var assessedResourceId = AssessedResourceId;
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionLevelResource:
case ParameterSetNames.ResourceIdLevelResource:
break;
case ParameterSetNames.ResourceId:
name = AzureIdUtilities.GetResourceName(ResourceId);
assessedResourceId = AzureIdUtilities.GetExtendedResourceId(ResourceId);
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
assessedResourceId = AzureIdUtilities.GetExtendedResourceId(InputObject.Id);
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(name, VerbsCommon.Remove))
{
SecurityCenterClient.Assessments.DeleteWithHttpMessagesAsync(assessedResourceId ?? $"/subscriptions/{DefaultContext.Subscription.Id}", name).GetAwaiter().GetResult();
}
if (PassThru.IsPresent)
{
WriteObject(true);
}
}
public override void ExecuteCmdlet()
{
var name = Name;
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionLevelResource:
// name was already set before the switch
break;
case ParameterSetNames.ResourceId:
name = AzureIdUtilities.GetResourceName(ResourceId);
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(name, VerbsCommon.Remove))
{
SecurityCenterClient.AlertsSuppressionRules.DeleteWithHttpMessagesAsync(name);
}
if (PassThru.IsPresent)
{
WriteObject(true);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionScope:
var tors = SecurityCenterClient.AllowedConnections.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body;
WriteObject(tors.ConvertToPSType(), enumerateCollection: true);
break;
case ParameterSetNames.ResourceGroupLevelResource:
SecurityCenterClient.AscLocation = Location;
var tor = SecurityCenterClient.AllowedConnections.GetWithHttpMessagesAsync(ResourceGroupName, Name).GetAwaiter().GetResult().Body;
WriteObject(tor.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceId:
SecurityCenterClient.AscLocation = AzureIdUtilities.GetResourceLocation(ResourceId);
tor = SecurityCenterClient.AllowedConnections.GetWithHttpMessagesAsync(AzureIdUtilities.GetResourceGroup(ResourceId), AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
WriteObject(tor.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionScope:
var apsl = SecurityCenterClient.Compliances.ListWithHttpMessagesAsync(GetScope()).GetAwaiter().GetResult().Body;
WriteObject(apsl.ConvertToPSType(), enumerateCollection: true);
break;
case ParameterSetNames.SubscriptionLevelResource:
SecurityCenterClient.AscLocation = SecurityCenterClient.Locations.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body.First().Name;
var aps = SecurityCenterClient.Compliances.GetWithHttpMessagesAsync(GetScope(), Name).GetAwaiter().GetResult().Body;
WriteObject(aps.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceId:
SecurityCenterClient.AscLocation = AzureIdUtilities.GetResourceLocation(ResourceId);
aps = SecurityCenterClient.Compliances.GetWithHttpMessagesAsync(GetScope(AzureIdUtilities.GetResourceSubscription(ResourceId)), AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
WriteObject(aps.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.ResourceGroupLevelResource:
break;
case ParameterSetNames.ResourceId:
Name = AzureIdUtilities.GetResourceName(ResourceId);
ResourceGroupName = AzureIdUtilities.GetResourceGroup(ResourceId);
break;
case ParameterSetNames.InputObject:
Name = InputObject.Name;
ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id);
Location = Location ?? InputObject.Location;
DisabledDataSource = DisabledDataSource ?? ((List <string>)InputObject.DisabledDataSources).ToArray();
DisplayName = DisplayName ?? InputObject.DisplayName;
Export = Export ?? ((List <string>)InputObject.Export).ToArray();
IotHub = IotHub ?? ((List <string>)InputObject.IotHubs).ToArray();
RecommendationsConfiguration = RecommendationsConfiguration ?? ((List <PSRecommendationConfiguration>)InputObject.RecommendationsConfiguration).ToArray();
Enabled = InputObject.Status.ToLower().Equals("enabled");
Tag = Tag ?? new Hashtable((IDictionary)(InputObject.Tags));
UnmaskedIpLoggingStatus = UnmaskedIpLoggingStatus ?? InputObject.UnmaskedIpLoggingStatus;
UserDefinedResource = UserDefinedResource ?? InputObject.UserDefinedResources;
Workspace = Workspace ?? InputObject.Workspace;
break;
default:
throw new PSInvalidOperationException();
}
IoTSecuritySolutionModel solutionModel = new IoTSecuritySolutionModel
{
Location = Location,
DisabledDataSources = DisabledDataSource,
DisplayName = DisplayName,
Export = Export,
IotHubs = IotHub,
RecommendationsConfiguration = RecommendationsConfiguration?.CreatePSType(),
Status = Enabled? "Enabled" : "Disabled",
Tags = Tag?.Cast <DictionaryEntry>().ToDictionary(t => (string)t.Key, t => (string)t.Value),
UnmaskedIpLoggingStatus = UnmaskedIpLoggingStatus,
UserDefinedResources = UserDefinedResource?.CreatePSType(),
Workspace = Workspace
};
if (ShouldProcess(Name, VerbsCommon.Set))
{
var outputSolution = SecurityCenterClient.IotSecuritySolution.CreateOrUpdateWithHttpMessagesAsync(ResourceGroupName, Name, solutionModel).GetAwaiter().GetResult().Body;
WriteObject(outputSolution?.ConvertToPSType(), enumerateCollection: false);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionScope:
var tasks = SecurityCenterClient.Tasks.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body;
WriteObject(tasks.ConvertToPSType(), enumerateCollection: true);
break;
case ParameterSetNames.ResourceGroupScope:
SecurityCenterClient.AscLocation = SecurityCenterClient.Locations.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body.First().Name;
tasks = SecurityCenterClient.Tasks.ListByResourceGroupWithHttpMessagesAsync(ResourceGroupName).GetAwaiter().GetResult().Body;
WriteObject(tasks.ConvertToPSType(), enumerateCollection: true);
break;
case ParameterSetNames.SubscriptionLevelResource:
SecurityCenterClient.AscLocation = SecurityCenterClient.Locations.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body.First().Name;
var task = SecurityCenterClient.Tasks.GetSubscriptionLevelTaskWithHttpMessagesAsync(Name).GetAwaiter().GetResult().Body;
WriteObject(task.ConvertToPSType());
break;
case ParameterSetNames.ResourceGroupLevelResource:
SecurityCenterClient.AscLocation = SecurityCenterClient.Locations.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body.First().Name;
task = SecurityCenterClient.Tasks.GetResourceGroupLevelTaskWithHttpMessagesAsync(ResourceGroupName, Name).GetAwaiter().GetResult().Body;
WriteObject(task.ConvertToPSType());
break;
case ParameterSetNames.ResourceId:
SecurityCenterClient.AscLocation = AzureIdUtilities.GetResourceLocation(ResourceId);
var rg = AzureIdUtilities.GetResourceGroup(ResourceId);
if (string.IsNullOrEmpty(rg))
{
task = SecurityCenterClient.Tasks.GetSubscriptionLevelTaskWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
}
else
{
task = SecurityCenterClient.Tasks.GetResourceGroupLevelTaskWithHttpMessagesAsync(rg, AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
}
WriteObject(task.ConvertToPSType());
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id);
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(InputObject.Id);
this.BookmarkId = this.InputObject.Name;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId);
this.BookmarkId = resourceIdentifier.ResourceName;
}
PSSentinelBookmark bookmark = null;
try
{
bookmark = this.SecurityInsightsClient.Bookmarks.Get(this.ResourceGroupName, this.WorkspaceName, this.BookmarkId).ConvertToPSType();
}
catch
{
bookmark = null;
}
if (bookmark == null)
{
throw new Exception(string.Format("A Bookmark with BookmarkId '{0}' in resource group '{1}' under parent workspace '{2}' does not exist. Please use New-AzSentinelBookmark to create a Bookmark with these properties.", this.BookmarkId, this.ResourceGroupName, this.WorkspaceName));
}
var updatedbookmark = new PSSentinelBookmark();
updatedbookmark.Etag = bookmark.Etag;
updatedbookmark.DisplayName = this.IsParameterBound(c => c.DisplayName) ? this.DisplayName : bookmark.DisplayName;
//bookmark.IncidentInfo = this.IsParameterBound(c => c.IncidentInfo) ? this.IncidentInfo : bookmark.IncidentInfo;
updatedbookmark.Labels = this.IsParameterBound(c => c.Label) ? this.Label : bookmark.Labels;
updatedbookmark.Notes = this.IsParameterBound(c => c.Note) ? this.Note : bookmark.Notes;
updatedbookmark.Query = this.IsParameterBound(c => c.Query) ? this.Query : bookmark.Query;
updatedbookmark.QueryResult = this.IsParameterBound(c => c.QueryResult) ? this.QueryResult : bookmark.QueryResult;
if (this.ShouldProcess(this.BookmarkId, string.Format("Updating BookmarkID '{0}' in resource group '{1}' under workspace '{2}'.", this.BookmarkId, this.ResourceGroupName, this.WorkspaceName)))
{
var result = this.SecurityInsightsClient.Bookmarks.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.BookmarkId, updatedbookmark.CreatePSType()).ConvertToPSType();
WriteObject(result);
}
}
public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id);
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(InputObject.Id);
this.IncidentID = this.InputObject.Name;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId);
this.IncidentID = resourceIdentifier.ResourceName;
}
PSSentinelIncident incident = null;
try
{
incident = this.SecurityInsightsClient.Incidents.Get(this.ResourceGroupName, this.WorkspaceName, this.IncidentID).ConvertToPSType();
}
catch
{
incident = null;
}
if (incident == null)
{
throw new Exception(string.Format("An Incident with IncidentID '{0}' in resource group '{1}' under parent workspace '{2}' does not exist. Please use New-AzSentinelBookmark to create a Bookmark with these properties.", this.IncidentID, this.ResourceGroupName, this.WorkspaceName));
}
incident.Etag = incident.Etag;
incident.Classification = this.IsParameterBound(c => c.Classification) ? this.Classification : incident.Classification;
incident.ClassificationComment = this.IsParameterBound(c => c.ClassificationComment) ? this.ClassificationComment : incident.ClassificationComment;
incident.ClassificationReason = this.IsParameterBound(c => c.ClassificationReason) ? this.ClassificationReason : incident.ClassificationReason;
incident.Description = this.IsParameterBound(c => c.Description) ? this.Description : incident.Description;
incident.Labels = this.IsParameterBound(c => c.Label) ? this.Label : incident.Labels;
incident.Owner = this.IsParameterBound(c => c.Owner) ? this.Owner : incident.Owner;
incident.Severity = this.IsParameterBound(c => c.Severity) ? this.Severity : incident.Severity;
incident.Status = this.IsParameterBound(c => c.Status) ? this.Status : incident.Status;
incident.Title = this.IsParameterBound(c => c.Title) ? this.Title : incident.Title;
if (this.ShouldProcess(this.IncidentID, string.Format("Updating IncidentID '{0}' in resource group '{1}' under workspace '{2}'.", this.IncidentID, this.ResourceGroupName, this.WorkspaceName)))
{
var result = this.SecurityInsightsClient.Incidents.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.IncidentID, incident.CreatePSType()).ConvertToPSType();
WriteObject(result);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.ResourceIdLevelResource:
break;
case ParameterSetNames.InputObject:
Name = InputObject.Name;
var subscription = AzureIdUtilities.GetResourceSubscription(InputObject.Id);
var rg = AzureIdUtilities.GetResourceGroup(InputObject.Id);
var hubName = AzureIdUtilities.GetIotHubResourceName(InputObject.Id);
HubResourceId = $"/subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Devices/iotHubs/{hubName}";
AllowlistRule = AllowlistRule ?? ((List <PSAllowlistCustomAlertRule>)InputObject.AllowlistRules).ToArray();
DenylistRule = DenylistRule ?? ((List <PSDenylistCustomAlertRule>)InputObject.DenylistRules).ToArray();
ThresholdRule = ThresholdRule ?? ((List <PSThresholdCustomAlertRule>)InputObject.ThresholdRules).ToArray();
TimeWindowRule = TimeWindowRule ?? ((List <PSTimeWindowCustomAlertRule>)InputObject.TimeWindowRules).ToArray();
break;
case ParameterSetNames.ResourceId:
Name = AzureIdUtilities.GetResourceName(ResourceId);
subscription = AzureIdUtilities.GetResourceSubscription(ResourceId);
rg = AzureIdUtilities.GetResourceGroup(ResourceId);
hubName = AzureIdUtilities.GetIotHubResourceName(ResourceId);
HubResourceId = $"/subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Devices/iotHubs/{hubName}";
break;
default:
throw new PSInvalidOperationException();
}
DeviceSecurityGroup group = new DeviceSecurityGroup
{
AllowlistRules = AllowlistRule?.CreatePSType(),
DenylistRules = DenylistRule?.CreatePSType(),
ThresholdRules = ThresholdRule?.CreatePSType(),
TimeWindowRules = TimeWindowRule?.CreatePSType()
};
if (ShouldProcess(Name, VerbsCommon.Set))
{
var outputGroup = SecurityCenterClient.DeviceSecurityGroups.CreateOrUpdateWithHttpMessagesAsync(HubResourceId, Name, group).GetAwaiter().GetResult();
var result = outputGroup.Body;
WriteObject(result?.ConvertToPSType(), enumerateCollection: false);
}
}
public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(this.InputObject.Id);
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.InputObject.Id);
this.AlertRuleId = AzureIdUtilities.GetAlertRuleName(this.InputObject.Id);
this.ActionId = this.InputObject.Name;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId);
this.AlertRuleId = AzureIdUtilities.GetAlertRuleName(this.ResourceId);
this.ActionId = resourceIdentifier.ResourceName;
}
PSSentinelActionResponse alertRuleAction = null;
try
{
alertRuleAction = this.SecurityInsightsClient.Actions.Get(ResourceGroupName, WorkspaceName, AlertRuleId, ActionId).ConvertToPSType();
}
catch
{
alertRuleAction = null;
}
if (alertRuleAction == null)
{
throw new Exception(string.Format("An Alert Rule Action with ActionId '{0}' for Alert Rule '{1}' in resource group '{2}' under workspace '{3}' does not exist. Please use New-AzSentinelAlertRuleAction to create an Alert Rule Action with these properties.", this.ActionId, this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName));
}
PSSentinelActionRequest updateAlertRuleAction = new PSSentinelActionRequest
{
LogicAppResourceId = this.LogicAppResourceId,
TriggerUri = this.TriggerUri
};
if (this.ShouldProcess(this.ActionId, string.Format("Updating Action '{0}' for Alert Rule '{1}' in resource group '{2}' under workspace '{3}'.", this.ActionId, this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName)))
{
var result = this.SecurityInsightsClient.Actions.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.AlertRuleId, this.ActionId, updateAlertRuleAction.CreatePSType()).ConvertToPSType();
WriteObject(result);
}
}
public override void ExecuteCmdlet()
{
var resourceGroupName = "";
var name = "";
switch (ParameterSetName)
{
case ParameterSetNames.ResourceGroupLevelResource:
resourceGroupName = ResourceGroupName;
name = Name;
break;
case ParameterSetNames.ResourceId:
name = AzureIdUtilities.GetResourceName(ResourceId);
resourceGroupName = AzureIdUtilities.GetResourceGroup(ResourceId);
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
resourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id);
break;
default:
throw new PSInvalidOperationException();
}
var automation = new Automation()
{
Location = Location ?? InputObject?.Location,
Etag = Etag ?? InputObject?.ETag,
Tags = Utilities.ConvertHashTableToDictionary <string, string>(Tag) ?? Utilities.ConvertHashTableToDictionary <string, string>(InputObject?.Tags),
Description = Description ?? InputObject?.Description,
IsEnabled = IsEnabled ?? InputObject?.IsEnabled,
Scopes = Scope?.ConvertToAutomationType() ?? InputObject?.Scopes?.ConvertToAutomationType(),
Sources = Source?.ConvertToAutomationType() ?? InputObject?.Sources?.ConvertToAutomationType(),
Actions = Action?.ConvertToAutomationType()
};
if (ShouldProcess(Name, VerbsCommon.Set))
{
var result = SecurityCenterClient.Automations.ValidateWithHttpMessagesAsync(resourceGroupName, name, automation).GetAwaiter().GetResult().Body;
WriteObject(result?.IsValid ?? false);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionScope:
var pricings = SecurityCenterClient.Pricings.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body;
WriteObject(pricings.ConvertToPSType(), enumerateCollection: true);
break;
case ParameterSetNames.ResourceGroupScope:
pricings = SecurityCenterClient.Pricings.ListByResourceGroupWithHttpMessagesAsync(ResourceGroupName).GetAwaiter().GetResult().Body;
WriteObject(pricings.ConvertToPSType(), enumerateCollection: true);
break;
case ParameterSetNames.SubscriptionLevelResource:
var pricing = SecurityCenterClient.Pricings.GetSubscriptionPricingWithHttpMessagesAsync(Name).GetAwaiter().GetResult().Body;
WriteObject(pricing.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceGroupLevelResource:
pricing = SecurityCenterClient.Pricings.GetResourceGroupPricingWithHttpMessagesAsync(ResourceGroupName, Name).GetAwaiter().GetResult().Body;
WriteObject(pricing.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceId:
var rg = AzureIdUtilities.GetResourceGroup(ResourceId);
if (string.IsNullOrEmpty(rg))
{
pricing = SecurityCenterClient.Pricings.GetSubscriptionPricingWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
}
else
{
pricing = SecurityCenterClient.Pricings.GetResourceGroupPricingWithHttpMessagesAsync(rg, AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
}
WriteObject(pricing.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.SolutionLevelResource:
break;
case ParameterSetNames.ResourceId:
ResourceGroupName = AzureIdUtilities.GetResourceGroup(ResourceId);
SolutionName = AzureIdUtilities.GetIotSolutionResourceName(ResourceId);
var idParts = ResourceId.Split('/');
if (idParts.Length > 2)
{
Name = $"{idParts[idParts.Length - 2]}/{idParts[idParts.Length - 1]}";
}
else
{
throw new ArgumentException("Invalid format of the resource identifier.", "ResourceId");
}
break;
case ParameterSetNames.InputObject:
ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id);
SolutionName = AzureIdUtilities.GetIotSolutionResourceName(InputObject.Id);
Name = AzureIdUtilities.GetResourceName(InputObject.Name);
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(Name, VerbsCommon.Set))
{
SecurityCenterClient.IotSecuritySolutionsAnalyticsAggregatedAlert.DismissWithHttpMessagesAsync(ResourceGroupName, SolutionName, Name).GetAwaiter().GetResult();
}
if (PassThru.IsPresent)
{
WriteObject(true);
}
}
public override void ExecuteCmdlet()
{
var name = ActionId;
var alertrule = AlertRuleId;
var resourcegroup = ResourceGroupName;
var workspacename = WorkspaceName;
switch (ParameterSetName)
{
case ParameterSetNames.ActionId:
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
alertrule = AzureIdUtilities.GetAlertRuleName(InputObject.Id);
workspacename = AzureIdUtilities.GetWorkspaceName(InputObject.Id);
resourcegroup = AzureIdUtilities.GetResourceGroup(InputObject.Id);
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(name, VerbsCommon.Remove))
{
var result = SecurityInsightsClient.AlertRules.DeleteActionWithHttpMessagesAsync(resourcegroup, workspacename, alertrule, name).Result;
if (result.Response.StatusCode == (System.Net.HttpStatusCode) 200)
{
System.Console.WriteLine("success");
}
else if (result.Response.StatusCode == (System.Net.HttpStatusCode) 204)
{
System.Console.WriteLine("success");
}
}
if (PassThru.IsPresent)
{
WriteObject(true);
}
}
public override void ExecuteCmdlet()
{
var name = Name;
var hubResourceId = HubResourceId;
switch (ParameterSetName)
{
case ParameterSetNames.ResourceIdLevelResource:
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
var subscription = AzureIdUtilities.GetResourceSubscription(InputObject.Id);
var rg = AzureIdUtilities.GetResourceGroup(InputObject.Id);
var hubName = AzureIdUtilities.GetIotHubResourceName(InputObject.Id);
hubResourceId = $"/subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Devices/iotHubs/{hubName}";
break;
case ParameterSetNames.ResourceId:
name = AzureIdUtilities.GetResourceName(ResourceId);
subscription = AzureIdUtilities.GetResourceSubscription(ResourceId);
rg = AzureIdUtilities.GetResourceGroup(ResourceId);
hubName = AzureIdUtilities.GetIotHubResourceName(ResourceId);
hubResourceId = $"/subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Devices/iotHubs/{hubName}";
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(Name, VerbsCommon.Remove))
{
SecurityCenterClient.DeviceSecurityGroups.DeleteWithHttpMessagesAsync(hubResourceId, name).GetAwaiter().GetResult();
}
if (PassThru.IsPresent)
{
WriteObject(true);
}
}
public override void ExecuteCmdlet()
{
var name = Name;
var rg = ResourceGroupName;
var location = Location;
switch (ParameterSetName)
{
case ParameterSetNames.ResourceGroupLevelResource:
break;
case ParameterSetNames.ResourceId:
location = AzureIdUtilities.GetResourceLocation(ResourceId);;
name = AzureIdUtilities.GetResourceName(ResourceId);
rg = AzureIdUtilities.GetResourceGroup(ResourceId);
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
rg = AzureIdUtilities.GetResourceGroup(InputObject.Id);
location = AzureIdUtilities.GetResourceLocation(InputObject.Id);
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(name, VerbsCommon.Set))
{
SecurityCenterClient.AscLocation = location;
SecurityCenterClient.JitNetworkAccessPolicies.DeleteWithHttpMessagesAsync(rg, name).GetAwaiter().GetResult();
}
if (PassThru.IsPresent)
{
WriteObject(true);
}
}
public override void ExecuteCmdlet()
{
var rg = ResourceGroupName;
var name = Name;
var tier = PricingTier;
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionLevelResource:
case ParameterSetNames.ResourceGroupLevelResource:
break;
case ParameterSetNames.InputObject:
name = InputObject.Name;
tier = InputObject.PricingTier;
rg = AzureIdUtilities.GetResourceGroup(InputObject.Id);
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(name, VerbsCommon.Set))
{
Pricing pricing;
if (string.IsNullOrEmpty(rg))
{
pricing = SecurityCenterClient.Pricings.UpdateSubscriptionPricingWithHttpMessagesAsync(name, tier).GetAwaiter().GetResult().Body;
}
else
{
pricing = SecurityCenterClient.Pricings.CreateOrUpdateResourceGroupPricingWithHttpMessagesAsync(rg, name, tier).GetAwaiter().GetResult().Body;
}
WriteObject(pricing.ConvertToPSType(), enumerateCollection: false);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionScope:
var wssl = SecurityCenterClient.SecurityContacts.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body;
WriteObject(wssl.ConvertToPSType(), enumerateCollection: true);
break;
case ParameterSetNames.SubscriptionLevelResource:
var wss = SecurityCenterClient.SecurityContacts.GetWithHttpMessagesAsync(Name).GetAwaiter().GetResult().Body;
WriteObject(wss.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceId:
wss = SecurityCenterClient.SecurityContacts.GetWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
WriteObject(wss.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
var name = Name;
var resourceGroupName = ResourceGroupName;
switch (ParameterSetName)
{
case ParameterSetNames.ResourceGroupLevelResource:
break;
case ParameterSetNames.ResourceId:
Name = AzureIdUtilities.GetResourceName(ResourceId);
ResourceGroupName = AzureIdUtilities.GetResourceGroup(ResourceId);
break;
case ParameterSetNames.InputObject:
Name = AzureIdUtilities.GetResourceName(InputObject.Id);
ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id);
RecommendationsConfiguration = RecommendationsConfiguration ?? ((List <PSRecommendationConfiguration>)InputObject.RecommendationsConfiguration).ToArray();
Tag = Tag ?? new Hashtable((IDictionary)(InputObject.Tags));
UserDefinedResource = UserDefinedResource ?? GetValidUserDefinedResources(InputObject.UserDefinedResources);
break;
default:
throw new PSInvalidOperationException();
}
UpdateIotSecuritySolutionData solutionData = new UpdateIotSecuritySolutionData(Tag?.Cast <DictionaryEntry>().ToDictionary(t => (string)t.Key, t => (string)t.Value),
UserDefinedResource?.CreatePSType(),
RecommendationsConfiguration?.CreatePSType());
if (ShouldProcess(Name, "Update"))
{
var outputSolution = SecurityCenterClient.IotSecuritySolution.UpdateWithHttpMessagesAsync(ResourceGroupName, Name, solutionData).GetAwaiter().GetResult().Body;
WriteObject(outputSolution?.ConvertToPSType(), enumerateCollection: false);
}
}
public override void ExecuteCmdlet()
{
var name = Name;
var location = Location;
var rgName = ResourceGroupName;
var vms = VirtualMachine;
switch (ParameterSetName)
{
case "ResourceGroupLevelResource":
break;
case "ResourceId":
name = AzureIdUtilities.GetResourceName(ResourceId);
location = AzureIdUtilities.GetResourceLocation(ResourceId);
rgName = AzureIdUtilities.GetResourceGroup(ResourceId);
break;
case "InputObject":
name = InputObject.Name;
location = InputObject.Location;
rgName = InputObject.ResourceGroupName;
vms = InputObject.VirtualMachine;
break;
default:
throw new PSInvalidOperationException();
}
if (ShouldProcess(name, "Start"))
{
SecurityCenterClient.AscLocation = location;
var aps = SecurityCenterClient.JitNetworkAccessPolicies.InitiateWithHttpMessagesAsync(rgName, name, vms.ConvertToCSType()).GetAwaiter().GetResult().Body;
WriteObject(aps.ConvertToPSType(), enumerateCollection: false);
}
}
public override void ExecuteCmdlet()
{
int numberOfFetchedAlerts = 0;
string nextLink = null;
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionScope:
var alerts = SecurityCenterClient.Alerts.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body;
var PSTypeAlerts = alerts.ConvertToPSType();
WriteObject(PSTypeAlerts, enumerateCollection: true);
numberOfFetchedAlerts += PSTypeAlerts.Count;
nextLink = alerts?.NextPageLink;
while (!string.IsNullOrWhiteSpace(nextLink) && numberOfFetchedAlerts < MaxAlertsToFetch)
{
alerts = SecurityCenterClient.Alerts.ListNextWithHttpMessagesAsync(alerts.NextPageLink).GetAwaiter().GetResult().Body;
PSTypeAlerts = alerts.ConvertToPSType();
WriteObject(PSTypeAlerts, enumerateCollection: true);
numberOfFetchedAlerts += PSTypeAlerts.Count;
nextLink = alerts?.NextPageLink;
}
break;
case ParameterSetNames.ResourceGroupScope:
alerts = SecurityCenterClient.Alerts.ListByResourceGroupWithHttpMessagesAsync(ResourceGroupName).GetAwaiter().GetResult().Body;
PSTypeAlerts = alerts.ConvertToPSType();
WriteObject(PSTypeAlerts, enumerateCollection: true);
numberOfFetchedAlerts += PSTypeAlerts.Count;
nextLink = alerts?.NextPageLink;
while (!string.IsNullOrWhiteSpace(nextLink) && numberOfFetchedAlerts < MaxAlertsToFetch)
{
alerts = SecurityCenterClient.Alerts.ListNextWithHttpMessagesAsync(alerts.NextPageLink).GetAwaiter().GetResult().Body;
PSTypeAlerts = alerts.ConvertToPSType();
WriteObject(PSTypeAlerts, enumerateCollection: true);
numberOfFetchedAlerts += PSTypeAlerts.Count;
nextLink = alerts?.NextPageLink;
}
break;
case ParameterSetNames.SubscriptionLevelResource:
SecurityCenterClient.AscLocation = Location;
var alert = SecurityCenterClient.Alerts.GetSubscriptionLevelWithHttpMessagesAsync(Name).GetAwaiter().GetResult().Body;
WriteObject(alert.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceGroupLevelResource:
SecurityCenterClient.AscLocation = Location;
alert = SecurityCenterClient.Alerts.GetResourceGroupLevelWithHttpMessagesAsync(Name, ResourceGroupName).GetAwaiter().GetResult().Body;
WriteObject(alert.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceId:
SecurityCenterClient.AscLocation = AzureIdUtilities.GetResourceLocation(ResourceId);
var rg = AzureIdUtilities.GetResourceGroup(ResourceId);
if (string.IsNullOrEmpty(rg))
{
alert = SecurityCenterClient.Alerts.GetSubscriptionLevelWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
}
else
{
alert = SecurityCenterClient.Alerts.GetResourceGroupLevelWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId), rg).GetAwaiter().GetResult().Body;
}
WriteObject(alert.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
var rg = ResourceGroupName;
var name = Name;
var actionType = ActionType;
var location = Location;
var status = "";
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionLevelResource:
case ParameterSetNames.ResourceGroupLevelResource:
break;
case ParameterSetNames.ResourceId:
location = AzureIdUtilities.GetResourceLocation(ResourceId);
name = AzureIdUtilities.GetResourceName(ResourceId);
break;
case ParameterSetNames.InputObject:
status = InputObject.State;
name = InputObject.Name;
rg = AzureIdUtilities.GetResourceGroup(InputObject.Id);
location = AzureIdUtilities.GetResourceLocation(InputObject.Id);
break;
case ParameterSetNames.InputObjectV3:
status = InputObjectV3.Status;
name = InputObjectV3.Name;
rg = AzureIdUtilities.GetResourceGroup(InputObjectV3.Id);
location = AzureIdUtilities.GetResourceLocation(InputObjectV3.Id);
break;
default:
throw new PSInvalidOperationException();
}
if (!string.IsNullOrEmpty(status))
{
switch (status.ToLower())
{
case "dismissed":
actionType = "Dismiss";
break;
case "active":
actionType = "Activate";
break;
case "resolved":
actionType = "Resolve";
break;
default:
break;
}
}
SecurityCenterClient.AscLocation = location;
if (string.IsNullOrEmpty(rg))
{
if (ShouldProcess(name, VerbsCommon.Set))
{
if (actionType == "Dismiss")
{
SecurityCenterClient.Alerts.UpdateSubscriptionLevelStateToDismissWithHttpMessagesAsync(name).GetAwaiter().GetResult();
}
else if (actionType == "Activate")
{
SecurityCenterClient.Alerts.UpdateSubscriptionLevelStateToActivateWithHttpMessagesAsync(name).GetAwaiter().GetResult();
}
else if (actionType == "Resolve")
{
SecurityCenterClient.Alerts.UpdateSubscriptionLevelStateToResolveWithHttpMessagesAsync(name).GetAwaiter().GetResult();
}
}
}
else
{
if (ShouldProcess(name, VerbsCommon.Set))
{
if (actionType == "Dismiss")
{
SecurityCenterClient.Alerts.UpdateResourceGroupLevelStateToDismissWithHttpMessagesAsync(name, rg).GetAwaiter().GetResult();
}
else if (actionType == "Activate")
{
SecurityCenterClient.Alerts.UpdateResourceGroupLevelStateToActivateWithHttpMessagesAsync(name, rg).GetAwaiter().GetResult();
}
else if (actionType == "Resolve")
{
SecurityCenterClient.Alerts.UpdateResourceGroupLevelStateToResolveWithHttpMessagesAsync(name, rg).GetAwaiter().GetResult();
}
}
}
if (PassThru.IsPresent)
{
WriteObject(true);
}
}
public override void ExecuteCmdlet()
{
switch (ParameterSetName)
{
case ParameterSetNames.SubscriptionScope:
int fetchedItems = 0;
string nextLink = null;
var assessments = SecurityCenterClient.SubAssessments.ListAllWithHttpMessagesAsync(AssessedResourceId ?? $"subscriptions/{DefaultContext.Subscription.Id}").GetAwaiter().GetResult().Body;
var psAssessments = assessments.ConvertToPSType();
WriteObject(psAssessments, enumerateCollection: true);
fetchedItems += psAssessments.Count;
nextLink = assessments?.NextPageLink;
while (!string.IsNullOrWhiteSpace(nextLink) && fetchedItems < MaxItemsToFetch)
{
assessments = SecurityCenterClient.SubAssessments.ListAllNextWithHttpMessagesAsync(nextLink).GetAwaiter().GetResult().Body;
psAssessments = assessments.ConvertToPSType();
WriteObject(psAssessments, enumerateCollection: true);
fetchedItems += psAssessments.Count;
nextLink = assessments?.NextPageLink;
}
break;
case ParameterSetNames.ResourceIdScope:
fetchedItems = 0;
nextLink = null;
assessments = SecurityCenterClient.SubAssessments.ListWithHttpMessagesAsync(AssessedResourceId ?? $"subscriptions/{DefaultContext.Subscription.Id}", AssessmentName).GetAwaiter().GetResult().Body;
psAssessments = assessments.ConvertToPSType();
WriteObject(psAssessments, enumerateCollection: true);
fetchedItems += psAssessments.Count;
nextLink = assessments?.NextPageLink;
while (!string.IsNullOrWhiteSpace(nextLink) && fetchedItems < MaxItemsToFetch)
{
assessments = SecurityCenterClient.SubAssessments.ListNextWithHttpMessagesAsync(nextLink).GetAwaiter().GetResult().Body;
psAssessments = assessments.ConvertToPSType();
WriteObject(psAssessments, enumerateCollection: true);
fetchedItems += psAssessments.Count;
nextLink = assessments?.NextPageLink;
}
break;
case ParameterSetNames.SubscriptionLevelResource:
case ParameterSetNames.ResourceIdLevelResource:
var assessment = SecurityCenterClient.SubAssessments.GetWithHttpMessagesAsync(AssessedResourceId ?? $"subscriptions/{DefaultContext.Subscription.Id}", AssessmentName, Name).GetAwaiter().GetResult().Body;
WriteObject(assessment.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceId:
assessment = SecurityCenterClient.SubAssessments.GetWithHttpMessagesAsync(AzureIdUtilities.GetExtendedResourceId(ResourceId), AzureIdUtilities.GetAssessmentResourceName(ResourceId), AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body;
WriteObject(assessment.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
int numberOfFetchedIncidentComments = 0;
string nextLink = null;
switch (ParameterSetName)
{
case ParameterSetNames.IncidentId:
var incidentComments = SecurityInsightsClient.IncidentComments.ListByIncident(ResourceGroupName, WorkspaceName, IncidentId);
int incidentCommentsCount = incidentComments.Count();
WriteObject(incidentComments.ConvertToPSType(), enumerateCollection: true);
numberOfFetchedIncidentComments += incidentCommentsCount;
nextLink = incidentComments?.NextPageLink;
while (!string.IsNullOrWhiteSpace(nextLink) && numberOfFetchedIncidentComments < MaxIncidentCommentsToFetch)
{
incidentComments = SecurityInsightsClient.IncidentComments.ListByIncidentNext(incidentComments.NextPageLink);
incidentCommentsCount = incidentComments.Count();
WriteObject(incidentComments.ConvertToPSType(), enumerateCollection: true);
numberOfFetchedIncidentComments += incidentCommentsCount;
nextLink = incidentComments?.NextPageLink;
}
break;
case ParameterSetNames.IncidentCommentId:
var incidentComment = SecurityInsightsClient.IncidentComments.Get(ResourceGroupName, WorkspaceName, IncidentId, IncidentCommentId);
WriteObject(incidentComment.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceId:
incidentComment = SecurityInsightsClient.IncidentComments.Get(ResourceGroupName, WorkspaceName, AzureIdUtilities.GetIncidentName(ResourceId), AzureIdUtilities.GetIncidentCommentName(ResourceId));
WriteObject(incidentComment.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(this.InputObject.Id);
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.InputObject.Id);
this.DataConnectorId = this.InputObject.Name;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId);
this.DataConnectorId = resourceIdentifier.ResourceName;
}
PSSentinelDataConnector dataConnector = null;
try
{
dataConnector = this.SecurityInsightsClient.DataConnectors.Get(ResourceGroupName, WorkspaceName, DataConnectorId).ConvertToPSType();
}
catch
{
dataConnector = null;
}
if (dataConnector == null)
{
throw new Exception(string.Format("A Data Connector with DataConnectorId '{0}' in resource group '{1}' under workspace '{2}' does not exist. Please use New-AzSentinelDataConnector to create a Data Connector with these properties.", this.DataConnectorId, this.ResourceGroupName, this.WorkspaceName));
}
if (dataConnector.Kind == "AzureActiveDirectory")
{
var convertedAADDataConnector = dataConnector as PSSentinelDataConnectorAAD;
convertedAADDataConnector.Etag = convertedAADDataConnector.Etag;
convertedAADDataConnector.TenantId = convertedAADDataConnector.TenantId;
convertedAADDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedAADDataConnector.DataTypes.Alerts.State;
dataConnector = convertedAADDataConnector;
}
;
if (dataConnector.Kind == "AzureAdvancedThreatProtection")
{
var convertedAATPDataConnector = dataConnector as PSSentinelDataConnectorAATP;
convertedAATPDataConnector.Etag = convertedAATPDataConnector.Etag;
convertedAATPDataConnector.TenantId = convertedAATPDataConnector.TenantId;
convertedAATPDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedAATPDataConnector.DataTypes.Alerts.State;
dataConnector = convertedAATPDataConnector;
}
;
if (dataConnector.Kind == "AzureSecurityCenter")
{
var convertedASCDataConnector = dataConnector as PSSentinelDataConnectorASC;
convertedASCDataConnector.Etag = convertedASCDataConnector.Etag;
convertedASCDataConnector.SubscriptionId = this.IsParameterBound(c => c.SubscriptionId) ? this.SubscriptionId : convertedASCDataConnector.SubscriptionId;
convertedASCDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedASCDataConnector.DataTypes.Alerts.State;
dataConnector = convertedASCDataConnector;
}
;
if (dataConnector.Kind == "AmazonWebServicesCloudTrail")
{
var convertedAWSDataConnector = dataConnector as PSSentinelDataConnectorAWS;
convertedAWSDataConnector.Etag = convertedAWSDataConnector.Etag;
convertedAWSDataConnector.AwsRoleArn = this.IsParameterBound(c => c.AwsRoleArn) ? this.AwsRoleArn : convertedAWSDataConnector.AwsRoleArn;
convertedAWSDataConnector.DataTypes.Logs.State = this.IsParameterBound(c => c.Logs) ? this.Logs : convertedAWSDataConnector.DataTypes.Logs.State;
dataConnector = convertedAWSDataConnector;
}
;
if (dataConnector.Kind == "MicrosoftCloudAppSecurity")
{
var convertedMCASDataConnector = dataConnector as PSSentinelDataConnectorMCAS;
convertedMCASDataConnector.Etag = convertedMCASDataConnector.Etag;
convertedMCASDataConnector.TenantId = convertedMCASDataConnector.TenantId;
convertedMCASDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedMCASDataConnector.DataTypes.Alerts.State;
convertedMCASDataConnector.DataTypes.DiscoveryLogs.State = this.IsParameterBound(c => c.DiscoveryLogs) ? this.DiscoveryLogs : convertedMCASDataConnector.DataTypes.DiscoveryLogs.State;
dataConnector = convertedMCASDataConnector;
}
;
if (dataConnector.Kind == "MicrosoftDefenderAdvancedThreatProtection")
{
var convertedMDATPDataConnector = dataConnector as PSSentinelDataConnectorMDATP;
convertedMDATPDataConnector.Etag = convertedMDATPDataConnector.Etag;
convertedMDATPDataConnector.TenantId = convertedMDATPDataConnector.TenantId;
convertedMDATPDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedMDATPDataConnector.DataTypes.Alerts.State;
dataConnector = convertedMDATPDataConnector;
}
;
if (dataConnector.Kind == "Office365")
{
var convertedO365DataConnector = dataConnector as PSSentinelDataConnectorOffice;
convertedO365DataConnector.Etag = convertedO365DataConnector.Etag;
convertedO365DataConnector.TenantId = convertedO365DataConnector.TenantId;
convertedO365DataConnector.DataTypes.Exchange.State = this.IsParameterBound(c => c.Exchange) ? this.Exchange : convertedO365DataConnector.DataTypes.Exchange.State;
convertedO365DataConnector.DataTypes.SharePoint.State = this.IsParameterBound(c => c.SharePoint) ? this.SharePoint : convertedO365DataConnector.DataTypes.SharePoint.State;
convertedO365DataConnector.DataTypes.Teams.State = this.IsParameterBound(c => c.Teams) ? this.Teams : convertedO365DataConnector.DataTypes.Teams.State;
dataConnector = convertedO365DataConnector;
}
;
if (dataConnector.Kind == "ThreatIntelligence")
{
var convertedTIDataConnector = dataConnector as PSSentinelDataConnectorTI;
convertedTIDataConnector.Etag = convertedTIDataConnector.Etag;
convertedTIDataConnector.TenantId = convertedTIDataConnector.TenantId;
convertedTIDataConnector.DataTypes.Indicators.State = this.IsParameterBound(c => c.Indicators) ? this.Indicators : convertedTIDataConnector.DataTypes.Indicators.State;
dataConnector = convertedTIDataConnector;
}
;
if (this.ShouldProcess(this.DataConnectorId, string.Format("Updating Data Connector '{0}' in resource group '{1}' under workspace '{2}'.", this.DataConnectorId, this.ResourceGroupName, this.WorkspaceName)))
{
var result = this.SecurityInsightsClient.DataConnectors.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.DataConnectorId, dataConnector.CreatePSType()).ConvertToPSType();
WriteObject(result);
}
}
public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(this.InputObject.Id);
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.InputObject.Id);
this.AlertRuleId = this.InputObject.Name;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId);
this.AlertRuleId = resourceIdentifier.ResourceName;
}
PSSentinelAlertRule alertRule = null;
try
{
alertRule = this.SecurityInsightsClient.AlertRules.Get(ResourceGroupName, WorkspaceName, AlertRuleId).ConvertToPSType();
}
catch
{
alertRule = null;
}
if (alertRule == null)
{
throw new Exception(string.Format("An Alert Rule with AlertRuleId '{0}' in resource group '{1}' under workspace '{2}' does not exist. Please use New-AzSentinelAlertRule to create an Alert Rule Action with these properties.", this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName));
}
if (alertRule.Kind == "Fusion")
{
var convertedFusionAlertRule = alertRule as PSSentinelFusionAlertRule;
convertedFusionAlertRule.Etag = convertedFusionAlertRule.Etag;
convertedFusionAlertRule.AlertRuleTemplateName = this.IsParameterBound(c => c.AlertRuleTemplateName) ? this.AlertRuleTemplateName : convertedFusionAlertRule.AlertRuleTemplateName;
if (this.IsParameterBound(c => c.Enabled))
{
convertedFusionAlertRule.Enabled = true;
}
else if (this.IsParameterBound(c => c.Disabled))
{
convertedFusionAlertRule.Enabled = false;
}
else
{
convertedFusionAlertRule.Enabled = convertedFusionAlertRule.Enabled;
}
var alertule = convertedFusionAlertRule;
}
;
if (alertRule.Kind == "MicrosoftSecurityIncidentCreation")
{
var convertedMicrosoftSecurityIncidentCreationAlertRule = alertRule as PSSentinelMicrosoftSecurityIncidentCreationRule;
convertedMicrosoftSecurityIncidentCreationAlertRule.Etag = convertedMicrosoftSecurityIncidentCreationAlertRule.Etag;
convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayName = this.IsParameterBound(c => c.DisplayName) ? this.DisplayName : convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayName;
if (this.IsParameterBound(c => c.Enabled))
{
convertedMicrosoftSecurityIncidentCreationAlertRule.Enabled = true;
}
else if (this.IsParameterBound(c => c.Disabled))
{
convertedMicrosoftSecurityIncidentCreationAlertRule.Enabled = false;
}
else
{
convertedMicrosoftSecurityIncidentCreationAlertRule.Enabled = convertedMicrosoftSecurityIncidentCreationAlertRule.Enabled;
}
convertedMicrosoftSecurityIncidentCreationAlertRule.Description = this.IsParameterBound(c => c.Description) ? this.Description : convertedMicrosoftSecurityIncidentCreationAlertRule.Description;
convertedMicrosoftSecurityIncidentCreationAlertRule.AlertRuleTemplateName = this.IsParameterBound(c => c.AlertRuleTemplateName) ? this.AlertRuleTemplateName : convertedMicrosoftSecurityIncidentCreationAlertRule.AlertRuleTemplateName;
convertedMicrosoftSecurityIncidentCreationAlertRule.ProductFilter = this.IsParameterBound(c => c.ProductFilter) ? this.ProductFilter : convertedMicrosoftSecurityIncidentCreationAlertRule.ProductFilter;
convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayNamesExcludeFilter = this.IsParameterBound(c => c.DisplayNamesExcludeFilter) ? this.DisplayNamesExcludeFilter : convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayNamesExcludeFilter;
convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayNamesFilter = this.IsParameterBound(c => c.DisplayNamesFilter) ? this.DisplayNamesFilter : convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayNamesFilter;
convertedMicrosoftSecurityIncidentCreationAlertRule.SeveritiesFilter = this.IsParameterBound(c => c.SeveritiesFilter) ? this.SeveritiesFilter : convertedMicrosoftSecurityIncidentCreationAlertRule.SeveritiesFilter;
var alertule = convertedMicrosoftSecurityIncidentCreationAlertRule;
}
;
if (alertRule.Kind == "Scheduled")
{
var convertedScheduledAlertRule = alertRule as PSSentinelScheduledAlertRule;
convertedScheduledAlertRule.Etag = convertedScheduledAlertRule.Etag;
convertedScheduledAlertRule.DisplayName = this.IsParameterBound(c => c.DisplayName) ? this.DisplayName : convertedScheduledAlertRule.DisplayName;
if (this.IsParameterBound(c => c.Enabled))
{
convertedScheduledAlertRule.Enabled = true;
}
else if (this.IsParameterBound(c => c.Disabled))
{
convertedScheduledAlertRule.Enabled = false;
}
else
{
convertedScheduledAlertRule.Enabled = convertedScheduledAlertRule.Enabled;
}
convertedScheduledAlertRule.SuppressionDuration = this.IsParameterBound(c => c.SuppressionDuration) ? this.SuppressionDuration : convertedScheduledAlertRule.SuppressionDuration;
if (this.IsParameterBound(c => c.SuppressionEnabled))
{
convertedScheduledAlertRule.SuppressionEnabled = true;
}
else if (this.IsParameterBound(c => c.SuppressionDisabled))
{
convertedScheduledAlertRule.SuppressionEnabled = false;
}
else
{
convertedScheduledAlertRule.SuppressionEnabled = convertedScheduledAlertRule.SuppressionEnabled;
}
convertedScheduledAlertRule.AlertRuleTemplateName = this.IsParameterBound(c => c.AlertRuleTemplateName) ? this.AlertRuleTemplateName : convertedScheduledAlertRule.AlertRuleTemplateName;
convertedScheduledAlertRule.Description = this.IsParameterBound(c => c.Description) ? this.Description : convertedScheduledAlertRule.Description;
convertedScheduledAlertRule.Query = this.IsParameterBound(c => c.Query) ? this.Query : convertedScheduledAlertRule.Query;
convertedScheduledAlertRule.QueryFrequency = this.IsParameterBound(c => c.QueryFrequency) ? this.QueryFrequency : convertedScheduledAlertRule.QueryFrequency;
convertedScheduledAlertRule.QueryPeriod = this.IsParameterBound(c => c.QueryPeriod) ? this.QueryPeriod : convertedScheduledAlertRule.QueryPeriod;
convertedScheduledAlertRule.Severity = this.IsParameterBound(c => c.Severity) ? this.Severity : convertedScheduledAlertRule.Severity;
convertedScheduledAlertRule.Tactics = this.IsParameterBound(c => c.Tactic) ? this.Tactic : convertedScheduledAlertRule.Tactics;
convertedScheduledAlertRule.TriggerOperator = this.IsParameterBound(c => c.TriggerOperator) ? this.TriggerOperator : convertedScheduledAlertRule.TriggerOperator;
convertedScheduledAlertRule.TriggerThreshold = this.IsParameterBound(c => c.TriggerThreshold) ? this.TriggerThreshold : convertedScheduledAlertRule.TriggerThreshold;
var alertule = convertedScheduledAlertRule;
}
;
if (this.ShouldProcess(this.AlertRuleId, string.Format("Updating Alert Rule '{0}' in resource group '{1}' under workspace '{2}'.", this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName)))
{
var result = this.SecurityInsightsClient.AlertRules.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.AlertRuleId, alertRule.CreatePSStype()).ConvertToPSType();
WriteObject(result);
}
}
public override void ExecuteCmdlet()
{
int numberOfFetchedDataConnectors = 0;
string nextLink = null;
switch (ParameterSetName)
{
case ParameterSetNames.WorkspaceScope:
var dataconnectors = SecurityInsightsClient.DataConnectors.List(ResourceGroupName, WorkspaceName);
int dataconnectorscount = dataconnectors.Count();
WriteObject(dataconnectors.ConvertToPSType(), enumerateCollection: true);
numberOfFetchedDataConnectors += dataconnectorscount;
nextLink = dataconnectors?.NextPageLink;
while (!string.IsNullOrWhiteSpace(nextLink) && numberOfFetchedDataConnectors < MaxDataConnectorsToFetch)
{
dataconnectors = SecurityInsightsClient.DataConnectors.ListNext(dataconnectors.NextPageLink);
dataconnectorscount = dataconnectors.Count();
WriteObject(dataconnectors.ConvertToPSType(), enumerateCollection: true);
numberOfFetchedDataConnectors += dataconnectorscount;
nextLink = dataconnectors?.NextPageLink;
}
break;
case ParameterSetNames.DataConnectorId:
var dataconnector = SecurityInsightsClient.DataConnectors.Get(ResourceGroupName, WorkspaceName, DataConnectorId);
WriteObject(dataconnector.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ResourceId:
dataconnector = SecurityInsightsClient.DataConnectors.Get(ResourceGroupName, WorkspaceName, AzureIdUtilities.GetResourceName(ResourceId));
WriteObject(dataconnector.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
