public void Actions_Get() { using (var context = MockContext.Start(this.GetType())) { var SecurityInsightsClient = TestHelper.GetSecurityInsightsClient(context); var RuleId = Guid.NewGuid().ToString(); var Rule = new MicrosoftSecurityIncidentCreationAlertRule() { ProductFilter = "Microsoft Cloud App Security", Enabled = true, DisplayName = "SDKTest" }; SecurityInsightsClient.AlertRules.CreateOrUpdate(TestHelper.ResourceGroup, TestHelper.WorkspaceName, RuleId, Rule); var ActionId = Guid.NewGuid().ToString(); var Action = new ActionRequest { LogicAppResourceId = TestHelper.ActionLAResourceID, TriggerUri = TestHelper.ActionLATriggerUri }; SecurityInsightsClient.Actions.CreateOrUpdate(TestHelper.ResourceGroup, TestHelper.WorkspaceName, RuleId, ActionId, Action); var alertRuleAction = SecurityInsightsClient.Actions.Get(TestHelper.ResourceGroup, TestHelper.WorkspaceName, RuleId, ActionId); ValidateAction(alertRuleAction); SecurityInsightsClient.AlertRules.Delete(TestHelper.ResourceGroup, TestHelper.WorkspaceName, RuleId); } }
public void AlertRules_Delete() { using (var context = MockContext.Start(this.GetType())) { var SecurityInsightsClient = GetSecurityInsightsClient(context); var RuleId = Guid.NewGuid().ToString(); var Rule = new MicrosoftSecurityIncidentCreationAlertRule() { ProductFilter = "Microsoft Cloud App Security", Enabled = true, DisplayName = "SDKTest" }; var alertRule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroup, WorkspaceName, RuleId, Rule); SecurityInsightsClient.AlertRules.Delete(ResourceGroup, WorkspaceName, RuleId); } }
//Add Input object Support public override void ExecuteCmdlet() { if (AlertRuleId == null) { AlertRuleId = Guid.NewGuid().ToString(); } if (SuppressionEnabled == false) { SuppressionDuration = new TimeSpan(1, 00, 00); } var name = AlertRuleId; if (ShouldProcess(name, VerbsCommon.New)) { switch (ParameterSetName) { case ParameterSetNames.FusionAlertRule: FusionAlertRule fusionalertrule = new FusionAlertRule { AlertRuleTemplateName = AlertRuleTemplateName, Enabled = Enabled }; var outputfusionalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, fusionalertrule); WriteObject(outputfusionalertrule.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.MicrosoftSecurityIncidentCreationRule: MicrosoftSecurityIncidentCreationAlertRule msicalertrule = new MicrosoftSecurityIncidentCreationAlertRule { DisplayName = DisplayName, Enabled = Enabled, ProductFilter = ProductFilter, AlertRuleTemplateName = AlertRuleTemplateName, Description = Description, DisplayNamesExcludeFilter = DisplayNamesExcludeFilter, DisplayNamesFilter = DisplayNamesFilter, SeveritiesFilter = SeveritiesFilter }; var outputmsicalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, msicalertrule); WriteObject(outputmsicalertrule.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ScheduledAlertRule: ScheduledAlertRule scheduledalertrule = new ScheduledAlertRule { DisplayName = DisplayName, Enabled = Enabled, SuppressionDuration = SuppressionDuration, SuppressionEnabled = SuppressionEnabled, AlertRuleTemplateName = AlertRuleTemplateName, Description = Description, Query = Query, QueryFrequency = QueryFrequency, QueryPeriod = QueryPeriod, Severity = Severity, Tactics = Tactic, TriggerOperator = TriggerOperator, TriggerThreshold = TriggerThreshold }; var outputscheduledalertrule = SecurityInsightsClient.AlertRules.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, scheduledalertrule); WriteObject(outputscheduledalertrule.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } } }
public static PSSentinelMicrosoftSecurityIncidentCreationRule ConvertToPSType(this MicrosoftSecurityIncidentCreationAlertRule value) { return(new PSSentinelMicrosoftSecurityIncidentCreationRule() { Id = value.Id, Name = value.Name, Etag = value.Etag, Type = value.Type, Kind = "MicrosoftSecurityIncidentCreation", AlertRuleTemplateName = value.AlertRuleTemplateName, Description = value.Description, DisplayName = value.DisplayName, Enabled = value.Enabled, LastModifiedUtc = value.LastModifiedUtc, DisplayNamesExcludeFilter = value.DisplayNamesExcludeFilter, DisplayNamesFilter = value.DisplayNamesFilter, ProductFilter = value.ProductFilter, SeveritiesFilter = value.SeveritiesFilter }); }