Ejemplo n.º 1
0
 public static PSSentinelFusionAlertRule ConvertToPSType(this FusionAlertRule value)
 {
     return(new PSSentinelFusionAlertRule()
     {
         Id = value.Id,
         Name = value.Name,
         Type = value.Type,
         Etag = value.Etag,
         Kind = "Fusion",
         AlertRuleTemplateName = value.AlertRuleTemplateName,
         Description = value.Description,
         DisplayName = value.DisplayName,
         Enabled = value.Enabled,
         LastModifiedUtc = value.LastModifiedUtc,
         Severity = value.Severity,
         Tactics = value.Tactics
     });
 }
Ejemplo n.º 2
0
        //Add Input object Support

        public override void ExecuteCmdlet()
        {
            if (AlertRuleId == null)
            {
                AlertRuleId = Guid.NewGuid().ToString();
            }
            if (SuppressionEnabled == false)
            {
                SuppressionDuration = new TimeSpan(1, 00, 00);
            }

            var name = AlertRuleId;

            if (ShouldProcess(name, VerbsCommon.New))
            {
                switch (ParameterSetName)
                {
                case ParameterSetNames.FusionAlertRule:
                    FusionAlertRule fusionalertrule = new FusionAlertRule
                    {
                        AlertRuleTemplateName = AlertRuleTemplateName,
                        Enabled = Enabled
                    };
                    var outputfusionalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, fusionalertrule);
                    WriteObject(outputfusionalertrule.ConvertToPSType(), enumerateCollection: false);
                    break;

                case ParameterSetNames.MicrosoftSecurityIncidentCreationRule:
                    MicrosoftSecurityIncidentCreationAlertRule msicalertrule = new MicrosoftSecurityIncidentCreationAlertRule
                    {
                        DisplayName               = DisplayName,
                        Enabled                   = Enabled,
                        ProductFilter             = ProductFilter,
                        AlertRuleTemplateName     = AlertRuleTemplateName,
                        Description               = Description,
                        DisplayNamesExcludeFilter = DisplayNamesExcludeFilter,
                        DisplayNamesFilter        = DisplayNamesFilter,
                        SeveritiesFilter          = SeveritiesFilter
                    };
                    var outputmsicalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, msicalertrule);
                    WriteObject(outputmsicalertrule.ConvertToPSType(), enumerateCollection: false);
                    break;

                case ParameterSetNames.ScheduledAlertRule:
                    ScheduledAlertRule scheduledalertrule = new ScheduledAlertRule
                    {
                        DisplayName           = DisplayName,
                        Enabled               = Enabled,
                        SuppressionDuration   = SuppressionDuration,
                        SuppressionEnabled    = SuppressionEnabled,
                        AlertRuleTemplateName = AlertRuleTemplateName,
                        Description           = Description,
                        Query            = Query,
                        QueryFrequency   = QueryFrequency,
                        QueryPeriod      = QueryPeriod,
                        Severity         = Severity,
                        Tactics          = Tactic,
                        TriggerOperator  = TriggerOperator,
                        TriggerThreshold = TriggerThreshold
                    };
                    var outputscheduledalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, scheduledalertrule);
                    WriteObject(outputscheduledalertrule.ConvertToPSType(), enumerateCollection: false);
                    break;

                default:
                    throw new PSInvalidOperationException();
                }
            }
        }