public static PSSentinelFusionAlertRule ConvertToPSType(this FusionAlertRule value) { return(new PSSentinelFusionAlertRule() { Id = value.Id, Name = value.Name, Type = value.Type, Etag = value.Etag, Kind = "Fusion", AlertRuleTemplateName = value.AlertRuleTemplateName, Description = value.Description, DisplayName = value.DisplayName, Enabled = value.Enabled, LastModifiedUtc = value.LastModifiedUtc, Severity = value.Severity, Tactics = value.Tactics }); }
//Add Input object Support public override void ExecuteCmdlet() { if (AlertRuleId == null) { AlertRuleId = Guid.NewGuid().ToString(); } if (SuppressionEnabled == false) { SuppressionDuration = new TimeSpan(1, 00, 00); } var name = AlertRuleId; if (ShouldProcess(name, VerbsCommon.New)) { switch (ParameterSetName) { case ParameterSetNames.FusionAlertRule: FusionAlertRule fusionalertrule = new FusionAlertRule { AlertRuleTemplateName = AlertRuleTemplateName, Enabled = Enabled }; var outputfusionalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, fusionalertrule); WriteObject(outputfusionalertrule.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.MicrosoftSecurityIncidentCreationRule: MicrosoftSecurityIncidentCreationAlertRule msicalertrule = new MicrosoftSecurityIncidentCreationAlertRule { DisplayName = DisplayName, Enabled = Enabled, ProductFilter = ProductFilter, AlertRuleTemplateName = AlertRuleTemplateName, Description = Description, DisplayNamesExcludeFilter = DisplayNamesExcludeFilter, DisplayNamesFilter = DisplayNamesFilter, SeveritiesFilter = SeveritiesFilter }; var outputmsicalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, msicalertrule); WriteObject(outputmsicalertrule.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ScheduledAlertRule: ScheduledAlertRule scheduledalertrule = new ScheduledAlertRule { DisplayName = DisplayName, Enabled = Enabled, SuppressionDuration = SuppressionDuration, SuppressionEnabled = SuppressionEnabled, AlertRuleTemplateName = AlertRuleTemplateName, Description = Description, Query = Query, QueryFrequency = QueryFrequency, QueryPeriod = QueryPeriod, Severity = Severity, Tactics = Tactic, TriggerOperator = TriggerOperator, TriggerThreshold = TriggerThreshold }; var outputscheduledalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, scheduledalertrule); WriteObject(outputscheduledalertrule.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } } }