public override void ExecuteCmdlet() { var autoProvision = EnableAutoProvision.IsPresent ? "On" : "Off"; var name = Name; switch (ParameterSetName) { case ParameterSetNames.SubscriptionLevelResource: break; case ParameterSetNames.ResourceId: name = AzureIdUtilities.GetResourceName(ResourceId); break; case ParameterSetNames.InputObject: name = InputObject.Name; autoProvision = InputObject.AutoProvision; break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, VerbsCommon.Set)) { var aps = SecurityCenterClient.AutoProvisioningSettings.CreateWithHttpMessagesAsync(name, autoProvision).GetAwaiter().GetResult().Body; WriteObject(aps.ConvertToPSType(), enumerateCollection: false); } }
public override void ExecuteCmdlet() { var name = Name; switch (ParameterSetName) { case ParameterSetNames.SubscriptionLevelResource: break; case ParameterSetNames.ResourceId: name = AzureIdUtilities.GetResourceName(ResourceId); break; case ParameterSetNames.InputObject: name = InputObject.Name; break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, VerbsCommon.Remove)) { SecurityCenterClient.WorkspaceSettings.DeleteWithHttpMessagesAsync(name).GetAwaiter().GetResult(); } if (PassThru.IsPresent) { WriteObject(true); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.SubscriptionLevelResource: if (!string.IsNullOrEmpty(Name)) { var regulatoryComplianceAssessment = SecurityCenterClient.RegulatoryComplianceAssessments.GetWithHttpMessagesAsync( StandardName, ControlName, Name).GetAwaiter().GetResult().Body; WriteObject(regulatoryComplianceAssessment.ConvertToPSType(), enumerateCollection: false); break; } else { var regulatoryComplianceAssessments = SecurityCenterClient.RegulatoryComplianceAssessments.ListWithHttpMessagesAsync( StandardName, ControlName).GetAwaiter().GetResult().Body; WriteObject(regulatoryComplianceAssessments.ConvertToPSType(), enumerateCollection: true); break; } case ParameterSetNames.ResourceId: var regulatoryComplianceAssessmentByResource = SecurityCenterClient.RegulatoryComplianceAssessments.GetWithHttpMessagesAsync( AzureIdUtilities.GetRegulatoryStandardName(ResourceId), AzureIdUtilities.GetRegulatoryStandardControlName(ResourceId, false), AzureIdUtilities.GetRegulatoryStandardAssessmentName(ResourceId, true)) .GetAwaiter().GetResult().Body; WriteObject(regulatoryComplianceAssessmentByResource.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { var name = Name; var assessedResourceId = AssessedResourceId; switch (ParameterSetName) { case ParameterSetNames.SubscriptionLevelResource: case ParameterSetNames.ResourceIdLevelResource: break; case ParameterSetNames.ResourceId: name = AzureIdUtilities.GetResourceName(ResourceId); assessedResourceId = AzureIdUtilities.GetExtendedResourceId(ResourceId); break; case ParameterSetNames.InputObject: name = InputObject.Name; assessedResourceId = AzureIdUtilities.GetExtendedResourceId(InputObject.Id); break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, VerbsCommon.Remove)) { SecurityCenterClient.Assessments.DeleteWithHttpMessagesAsync(assessedResourceId ?? $"/subscriptions/{DefaultContext.Subscription.Id}", name).GetAwaiter().GetResult(); } if (PassThru.IsPresent) { WriteObject(true); } }
public override void ExecuteCmdlet() { var name = Name; switch (ParameterSetName) { case ParameterSetNames.SubscriptionLevelResource: // name was already set before the switch break; case ParameterSetNames.ResourceId: name = AzureIdUtilities.GetResourceName(ResourceId); break; case ParameterSetNames.InputObject: name = InputObject.Name; break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, VerbsCommon.Remove)) { SecurityCenterClient.AlertsSuppressionRules.DeleteWithHttpMessagesAsync(name); } if (PassThru.IsPresent) { WriteObject(true); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.SubscriptionScope: var tors = SecurityCenterClient.AllowedConnections.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body; WriteObject(tors.ConvertToPSType(), enumerateCollection: true); break; case ParameterSetNames.ResourceGroupLevelResource: SecurityCenterClient.AscLocation = Location; var tor = SecurityCenterClient.AllowedConnections.GetWithHttpMessagesAsync(ResourceGroupName, Name).GetAwaiter().GetResult().Body; WriteObject(tor.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceId: SecurityCenterClient.AscLocation = AzureIdUtilities.GetResourceLocation(ResourceId); tor = SecurityCenterClient.AllowedConnections.GetWithHttpMessagesAsync(AzureIdUtilities.GetResourceGroup(ResourceId), AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; WriteObject(tor.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.SubscriptionScope: var apsl = SecurityCenterClient.Compliances.ListWithHttpMessagesAsync(GetScope()).GetAwaiter().GetResult().Body; WriteObject(apsl.ConvertToPSType(), enumerateCollection: true); break; case ParameterSetNames.SubscriptionLevelResource: SecurityCenterClient.AscLocation = SecurityCenterClient.Locations.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body.First().Name; var aps = SecurityCenterClient.Compliances.GetWithHttpMessagesAsync(GetScope(), Name).GetAwaiter().GetResult().Body; WriteObject(aps.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceId: SecurityCenterClient.AscLocation = AzureIdUtilities.GetResourceLocation(ResourceId); aps = SecurityCenterClient.Compliances.GetWithHttpMessagesAsync(GetScope(AzureIdUtilities.GetResourceSubscription(ResourceId)), AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; WriteObject(aps.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.ResourceGroupLevelResource: break; case ParameterSetNames.ResourceId: Name = AzureIdUtilities.GetResourceName(ResourceId); ResourceGroupName = AzureIdUtilities.GetResourceGroup(ResourceId); break; case ParameterSetNames.InputObject: Name = InputObject.Name; ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id); Location = Location ?? InputObject.Location; DisabledDataSource = DisabledDataSource ?? ((List <string>)InputObject.DisabledDataSources).ToArray(); DisplayName = DisplayName ?? InputObject.DisplayName; Export = Export ?? ((List <string>)InputObject.Export).ToArray(); IotHub = IotHub ?? ((List <string>)InputObject.IotHubs).ToArray(); RecommendationsConfiguration = RecommendationsConfiguration ?? ((List <PSRecommendationConfiguration>)InputObject.RecommendationsConfiguration).ToArray(); Enabled = InputObject.Status.ToLower().Equals("enabled"); Tag = Tag ?? new Hashtable((IDictionary)(InputObject.Tags)); UnmaskedIpLoggingStatus = UnmaskedIpLoggingStatus ?? InputObject.UnmaskedIpLoggingStatus; UserDefinedResource = UserDefinedResource ?? InputObject.UserDefinedResources; Workspace = Workspace ?? InputObject.Workspace; break; default: throw new PSInvalidOperationException(); } IoTSecuritySolutionModel solutionModel = new IoTSecuritySolutionModel { Location = Location, DisabledDataSources = DisabledDataSource, DisplayName = DisplayName, Export = Export, IotHubs = IotHub, RecommendationsConfiguration = RecommendationsConfiguration?.CreatePSType(), Status = Enabled? "Enabled" : "Disabled", Tags = Tag?.Cast <DictionaryEntry>().ToDictionary(t => (string)t.Key, t => (string)t.Value), UnmaskedIpLoggingStatus = UnmaskedIpLoggingStatus, UserDefinedResources = UserDefinedResource?.CreatePSType(), Workspace = Workspace }; if (ShouldProcess(Name, VerbsCommon.Set)) { var outputSolution = SecurityCenterClient.IotSecuritySolution.CreateOrUpdateWithHttpMessagesAsync(ResourceGroupName, Name, solutionModel).GetAwaiter().GetResult().Body; WriteObject(outputSolution?.ConvertToPSType(), enumerateCollection: false); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.SubscriptionScope: var tasks = SecurityCenterClient.Tasks.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body; WriteObject(tasks.ConvertToPSType(), enumerateCollection: true); break; case ParameterSetNames.ResourceGroupScope: SecurityCenterClient.AscLocation = SecurityCenterClient.Locations.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body.First().Name; tasks = SecurityCenterClient.Tasks.ListByResourceGroupWithHttpMessagesAsync(ResourceGroupName).GetAwaiter().GetResult().Body; WriteObject(tasks.ConvertToPSType(), enumerateCollection: true); break; case ParameterSetNames.SubscriptionLevelResource: SecurityCenterClient.AscLocation = SecurityCenterClient.Locations.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body.First().Name; var task = SecurityCenterClient.Tasks.GetSubscriptionLevelTaskWithHttpMessagesAsync(Name).GetAwaiter().GetResult().Body; WriteObject(task.ConvertToPSType()); break; case ParameterSetNames.ResourceGroupLevelResource: SecurityCenterClient.AscLocation = SecurityCenterClient.Locations.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body.First().Name; task = SecurityCenterClient.Tasks.GetResourceGroupLevelTaskWithHttpMessagesAsync(ResourceGroupName, Name).GetAwaiter().GetResult().Body; WriteObject(task.ConvertToPSType()); break; case ParameterSetNames.ResourceId: SecurityCenterClient.AscLocation = AzureIdUtilities.GetResourceLocation(ResourceId); var rg = AzureIdUtilities.GetResourceGroup(ResourceId); if (string.IsNullOrEmpty(rg)) { task = SecurityCenterClient.Tasks.GetSubscriptionLevelTaskWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; } else { task = SecurityCenterClient.Tasks.GetResourceGroupLevelTaskWithHttpMessagesAsync(rg, AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; } WriteObject(task.ConvertToPSType()); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.InputObject)) { this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id); this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(InputObject.Id); this.BookmarkId = this.InputObject.Name; } if (this.IsParameterBound(c => c.ResourceId)) { var resourceIdentifier = new ResourceIdentifier(this.ResourceId); this.ResourceGroupName = resourceIdentifier.ResourceGroupName; this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId); this.BookmarkId = resourceIdentifier.ResourceName; } PSSentinelBookmark bookmark = null; try { bookmark = this.SecurityInsightsClient.Bookmarks.Get(this.ResourceGroupName, this.WorkspaceName, this.BookmarkId).ConvertToPSType(); } catch { bookmark = null; } if (bookmark == null) { throw new Exception(string.Format("A Bookmark with BookmarkId '{0}' in resource group '{1}' under parent workspace '{2}' does not exist. Please use New-AzSentinelBookmark to create a Bookmark with these properties.", this.BookmarkId, this.ResourceGroupName, this.WorkspaceName)); } var updatedbookmark = new PSSentinelBookmark(); updatedbookmark.Etag = bookmark.Etag; updatedbookmark.DisplayName = this.IsParameterBound(c => c.DisplayName) ? this.DisplayName : bookmark.DisplayName; //bookmark.IncidentInfo = this.IsParameterBound(c => c.IncidentInfo) ? this.IncidentInfo : bookmark.IncidentInfo; updatedbookmark.Labels = this.IsParameterBound(c => c.Label) ? this.Label : bookmark.Labels; updatedbookmark.Notes = this.IsParameterBound(c => c.Note) ? this.Note : bookmark.Notes; updatedbookmark.Query = this.IsParameterBound(c => c.Query) ? this.Query : bookmark.Query; updatedbookmark.QueryResult = this.IsParameterBound(c => c.QueryResult) ? this.QueryResult : bookmark.QueryResult; if (this.ShouldProcess(this.BookmarkId, string.Format("Updating BookmarkID '{0}' in resource group '{1}' under workspace '{2}'.", this.BookmarkId, this.ResourceGroupName, this.WorkspaceName))) { var result = this.SecurityInsightsClient.Bookmarks.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.BookmarkId, updatedbookmark.CreatePSType()).ConvertToPSType(); WriteObject(result); } }
public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.InputObject)) { this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id); this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(InputObject.Id); this.IncidentID = this.InputObject.Name; } if (this.IsParameterBound(c => c.ResourceId)) { var resourceIdentifier = new ResourceIdentifier(this.ResourceId); this.ResourceGroupName = resourceIdentifier.ResourceGroupName; this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId); this.IncidentID = resourceIdentifier.ResourceName; } PSSentinelIncident incident = null; try { incident = this.SecurityInsightsClient.Incidents.Get(this.ResourceGroupName, this.WorkspaceName, this.IncidentID).ConvertToPSType(); } catch { incident = null; } if (incident == null) { throw new Exception(string.Format("An Incident with IncidentID '{0}' in resource group '{1}' under parent workspace '{2}' does not exist. Please use New-AzSentinelBookmark to create a Bookmark with these properties.", this.IncidentID, this.ResourceGroupName, this.WorkspaceName)); } incident.Etag = incident.Etag; incident.Classification = this.IsParameterBound(c => c.Classification) ? this.Classification : incident.Classification; incident.ClassificationComment = this.IsParameterBound(c => c.ClassificationComment) ? this.ClassificationComment : incident.ClassificationComment; incident.ClassificationReason = this.IsParameterBound(c => c.ClassificationReason) ? this.ClassificationReason : incident.ClassificationReason; incident.Description = this.IsParameterBound(c => c.Description) ? this.Description : incident.Description; incident.Labels = this.IsParameterBound(c => c.Label) ? this.Label : incident.Labels; incident.Owner = this.IsParameterBound(c => c.Owner) ? this.Owner : incident.Owner; incident.Severity = this.IsParameterBound(c => c.Severity) ? this.Severity : incident.Severity; incident.Status = this.IsParameterBound(c => c.Status) ? this.Status : incident.Status; incident.Title = this.IsParameterBound(c => c.Title) ? this.Title : incident.Title; if (this.ShouldProcess(this.IncidentID, string.Format("Updating IncidentID '{0}' in resource group '{1}' under workspace '{2}'.", this.IncidentID, this.ResourceGroupName, this.WorkspaceName))) { var result = this.SecurityInsightsClient.Incidents.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.IncidentID, incident.CreatePSType()).ConvertToPSType(); WriteObject(result); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.ResourceIdLevelResource: break; case ParameterSetNames.InputObject: Name = InputObject.Name; var subscription = AzureIdUtilities.GetResourceSubscription(InputObject.Id); var rg = AzureIdUtilities.GetResourceGroup(InputObject.Id); var hubName = AzureIdUtilities.GetIotHubResourceName(InputObject.Id); HubResourceId = $"/subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Devices/iotHubs/{hubName}"; AllowlistRule = AllowlistRule ?? ((List <PSAllowlistCustomAlertRule>)InputObject.AllowlistRules).ToArray(); DenylistRule = DenylistRule ?? ((List <PSDenylistCustomAlertRule>)InputObject.DenylistRules).ToArray(); ThresholdRule = ThresholdRule ?? ((List <PSThresholdCustomAlertRule>)InputObject.ThresholdRules).ToArray(); TimeWindowRule = TimeWindowRule ?? ((List <PSTimeWindowCustomAlertRule>)InputObject.TimeWindowRules).ToArray(); break; case ParameterSetNames.ResourceId: Name = AzureIdUtilities.GetResourceName(ResourceId); subscription = AzureIdUtilities.GetResourceSubscription(ResourceId); rg = AzureIdUtilities.GetResourceGroup(ResourceId); hubName = AzureIdUtilities.GetIotHubResourceName(ResourceId); HubResourceId = $"/subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Devices/iotHubs/{hubName}"; break; default: throw new PSInvalidOperationException(); } DeviceSecurityGroup group = new DeviceSecurityGroup { AllowlistRules = AllowlistRule?.CreatePSType(), DenylistRules = DenylistRule?.CreatePSType(), ThresholdRules = ThresholdRule?.CreatePSType(), TimeWindowRules = TimeWindowRule?.CreatePSType() }; if (ShouldProcess(Name, VerbsCommon.Set)) { var outputGroup = SecurityCenterClient.DeviceSecurityGroups.CreateOrUpdateWithHttpMessagesAsync(HubResourceId, Name, group).GetAwaiter().GetResult(); var result = outputGroup.Body; WriteObject(result?.ConvertToPSType(), enumerateCollection: false); } }
public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.InputObject)) { this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(this.InputObject.Id); this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.InputObject.Id); this.AlertRuleId = AzureIdUtilities.GetAlertRuleName(this.InputObject.Id); this.ActionId = this.InputObject.Name; } if (this.IsParameterBound(c => c.ResourceId)) { var resourceIdentifier = new ResourceIdentifier(this.ResourceId); this.ResourceGroupName = resourceIdentifier.ResourceGroupName; this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId); this.AlertRuleId = AzureIdUtilities.GetAlertRuleName(this.ResourceId); this.ActionId = resourceIdentifier.ResourceName; } PSSentinelActionResponse alertRuleAction = null; try { alertRuleAction = this.SecurityInsightsClient.Actions.Get(ResourceGroupName, WorkspaceName, AlertRuleId, ActionId).ConvertToPSType(); } catch { alertRuleAction = null; } if (alertRuleAction == null) { throw new Exception(string.Format("An Alert Rule Action with ActionId '{0}' for Alert Rule '{1}' in resource group '{2}' under workspace '{3}' does not exist. Please use New-AzSentinelAlertRuleAction to create an Alert Rule Action with these properties.", this.ActionId, this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName)); } PSSentinelActionRequest updateAlertRuleAction = new PSSentinelActionRequest { LogicAppResourceId = this.LogicAppResourceId, TriggerUri = this.TriggerUri }; if (this.ShouldProcess(this.ActionId, string.Format("Updating Action '{0}' for Alert Rule '{1}' in resource group '{2}' under workspace '{3}'.", this.ActionId, this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName))) { var result = this.SecurityInsightsClient.Actions.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.AlertRuleId, this.ActionId, updateAlertRuleAction.CreatePSType()).ConvertToPSType(); WriteObject(result); } }
public override void ExecuteCmdlet() { var resourceGroupName = ""; var name = ""; switch (ParameterSetName) { case ParameterSetNames.ResourceGroupLevelResource: resourceGroupName = ResourceGroupName; name = Name; break; case ParameterSetNames.ResourceId: name = AzureIdUtilities.GetResourceName(ResourceId); resourceGroupName = AzureIdUtilities.GetResourceGroup(ResourceId); break; case ParameterSetNames.InputObject: name = InputObject.Name; resourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id); break; default: throw new PSInvalidOperationException(); } var automation = new Automation() { Location = Location ?? InputObject?.Location, Etag = Etag ?? InputObject?.ETag, Tags = Utilities.ConvertHashTableToDictionary <string, string>(Tag) ?? Utilities.ConvertHashTableToDictionary <string, string>(InputObject?.Tags), Description = Description ?? InputObject?.Description, IsEnabled = IsEnabled ?? InputObject?.IsEnabled, Scopes = Scope?.ConvertToAutomationType() ?? InputObject?.Scopes?.ConvertToAutomationType(), Sources = Source?.ConvertToAutomationType() ?? InputObject?.Sources?.ConvertToAutomationType(), Actions = Action?.ConvertToAutomationType() }; if (ShouldProcess(Name, VerbsCommon.Set)) { var result = SecurityCenterClient.Automations.ValidateWithHttpMessagesAsync(resourceGroupName, name, automation).GetAwaiter().GetResult().Body; WriteObject(result?.IsValid ?? false); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.SubscriptionScope: var pricings = SecurityCenterClient.Pricings.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body; WriteObject(pricings.ConvertToPSType(), enumerateCollection: true); break; case ParameterSetNames.ResourceGroupScope: pricings = SecurityCenterClient.Pricings.ListByResourceGroupWithHttpMessagesAsync(ResourceGroupName).GetAwaiter().GetResult().Body; WriteObject(pricings.ConvertToPSType(), enumerateCollection: true); break; case ParameterSetNames.SubscriptionLevelResource: var pricing = SecurityCenterClient.Pricings.GetSubscriptionPricingWithHttpMessagesAsync(Name).GetAwaiter().GetResult().Body; WriteObject(pricing.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceGroupLevelResource: pricing = SecurityCenterClient.Pricings.GetResourceGroupPricingWithHttpMessagesAsync(ResourceGroupName, Name).GetAwaiter().GetResult().Body; WriteObject(pricing.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceId: var rg = AzureIdUtilities.GetResourceGroup(ResourceId); if (string.IsNullOrEmpty(rg)) { pricing = SecurityCenterClient.Pricings.GetSubscriptionPricingWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; } else { pricing = SecurityCenterClient.Pricings.GetResourceGroupPricingWithHttpMessagesAsync(rg, AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; } WriteObject(pricing.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.SolutionLevelResource: break; case ParameterSetNames.ResourceId: ResourceGroupName = AzureIdUtilities.GetResourceGroup(ResourceId); SolutionName = AzureIdUtilities.GetIotSolutionResourceName(ResourceId); var idParts = ResourceId.Split('/'); if (idParts.Length > 2) { Name = $"{idParts[idParts.Length - 2]}/{idParts[idParts.Length - 1]}"; } else { throw new ArgumentException("Invalid format of the resource identifier.", "ResourceId"); } break; case ParameterSetNames.InputObject: ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id); SolutionName = AzureIdUtilities.GetIotSolutionResourceName(InputObject.Id); Name = AzureIdUtilities.GetResourceName(InputObject.Name); break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(Name, VerbsCommon.Set)) { SecurityCenterClient.IotSecuritySolutionsAnalyticsAggregatedAlert.DismissWithHttpMessagesAsync(ResourceGroupName, SolutionName, Name).GetAwaiter().GetResult(); } if (PassThru.IsPresent) { WriteObject(true); } }
public override void ExecuteCmdlet() { var name = ActionId; var alertrule = AlertRuleId; var resourcegroup = ResourceGroupName; var workspacename = WorkspaceName; switch (ParameterSetName) { case ParameterSetNames.ActionId: break; case ParameterSetNames.InputObject: name = InputObject.Name; alertrule = AzureIdUtilities.GetAlertRuleName(InputObject.Id); workspacename = AzureIdUtilities.GetWorkspaceName(InputObject.Id); resourcegroup = AzureIdUtilities.GetResourceGroup(InputObject.Id); break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, VerbsCommon.Remove)) { var result = SecurityInsightsClient.AlertRules.DeleteActionWithHttpMessagesAsync(resourcegroup, workspacename, alertrule, name).Result; if (result.Response.StatusCode == (System.Net.HttpStatusCode) 200) { System.Console.WriteLine("success"); } else if (result.Response.StatusCode == (System.Net.HttpStatusCode) 204) { System.Console.WriteLine("success"); } } if (PassThru.IsPresent) { WriteObject(true); } }
public override void ExecuteCmdlet() { var name = Name; var hubResourceId = HubResourceId; switch (ParameterSetName) { case ParameterSetNames.ResourceIdLevelResource: break; case ParameterSetNames.InputObject: name = InputObject.Name; var subscription = AzureIdUtilities.GetResourceSubscription(InputObject.Id); var rg = AzureIdUtilities.GetResourceGroup(InputObject.Id); var hubName = AzureIdUtilities.GetIotHubResourceName(InputObject.Id); hubResourceId = $"/subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Devices/iotHubs/{hubName}"; break; case ParameterSetNames.ResourceId: name = AzureIdUtilities.GetResourceName(ResourceId); subscription = AzureIdUtilities.GetResourceSubscription(ResourceId); rg = AzureIdUtilities.GetResourceGroup(ResourceId); hubName = AzureIdUtilities.GetIotHubResourceName(ResourceId); hubResourceId = $"/subscriptions/{subscription}/resourceGroups/{rg}/providers/Microsoft.Devices/iotHubs/{hubName}"; break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(Name, VerbsCommon.Remove)) { SecurityCenterClient.DeviceSecurityGroups.DeleteWithHttpMessagesAsync(hubResourceId, name).GetAwaiter().GetResult(); } if (PassThru.IsPresent) { WriteObject(true); } }
public override void ExecuteCmdlet() { var name = Name; var rg = ResourceGroupName; var location = Location; switch (ParameterSetName) { case ParameterSetNames.ResourceGroupLevelResource: break; case ParameterSetNames.ResourceId: location = AzureIdUtilities.GetResourceLocation(ResourceId);; name = AzureIdUtilities.GetResourceName(ResourceId); rg = AzureIdUtilities.GetResourceGroup(ResourceId); break; case ParameterSetNames.InputObject: name = InputObject.Name; rg = AzureIdUtilities.GetResourceGroup(InputObject.Id); location = AzureIdUtilities.GetResourceLocation(InputObject.Id); break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, VerbsCommon.Set)) { SecurityCenterClient.AscLocation = location; SecurityCenterClient.JitNetworkAccessPolicies.DeleteWithHttpMessagesAsync(rg, name).GetAwaiter().GetResult(); } if (PassThru.IsPresent) { WriteObject(true); } }
public override void ExecuteCmdlet() { var rg = ResourceGroupName; var name = Name; var tier = PricingTier; switch (ParameterSetName) { case ParameterSetNames.SubscriptionLevelResource: case ParameterSetNames.ResourceGroupLevelResource: break; case ParameterSetNames.InputObject: name = InputObject.Name; tier = InputObject.PricingTier; rg = AzureIdUtilities.GetResourceGroup(InputObject.Id); break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, VerbsCommon.Set)) { Pricing pricing; if (string.IsNullOrEmpty(rg)) { pricing = SecurityCenterClient.Pricings.UpdateSubscriptionPricingWithHttpMessagesAsync(name, tier).GetAwaiter().GetResult().Body; } else { pricing = SecurityCenterClient.Pricings.CreateOrUpdateResourceGroupPricingWithHttpMessagesAsync(rg, name, tier).GetAwaiter().GetResult().Body; } WriteObject(pricing.ConvertToPSType(), enumerateCollection: false); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.SubscriptionScope: var wssl = SecurityCenterClient.SecurityContacts.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body; WriteObject(wssl.ConvertToPSType(), enumerateCollection: true); break; case ParameterSetNames.SubscriptionLevelResource: var wss = SecurityCenterClient.SecurityContacts.GetWithHttpMessagesAsync(Name).GetAwaiter().GetResult().Body; WriteObject(wss.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceId: wss = SecurityCenterClient.SecurityContacts.GetWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; WriteObject(wss.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { var name = Name; var resourceGroupName = ResourceGroupName; switch (ParameterSetName) { case ParameterSetNames.ResourceGroupLevelResource: break; case ParameterSetNames.ResourceId: Name = AzureIdUtilities.GetResourceName(ResourceId); ResourceGroupName = AzureIdUtilities.GetResourceGroup(ResourceId); break; case ParameterSetNames.InputObject: Name = AzureIdUtilities.GetResourceName(InputObject.Id); ResourceGroupName = AzureIdUtilities.GetResourceGroup(InputObject.Id); RecommendationsConfiguration = RecommendationsConfiguration ?? ((List <PSRecommendationConfiguration>)InputObject.RecommendationsConfiguration).ToArray(); Tag = Tag ?? new Hashtable((IDictionary)(InputObject.Tags)); UserDefinedResource = UserDefinedResource ?? GetValidUserDefinedResources(InputObject.UserDefinedResources); break; default: throw new PSInvalidOperationException(); } UpdateIotSecuritySolutionData solutionData = new UpdateIotSecuritySolutionData(Tag?.Cast <DictionaryEntry>().ToDictionary(t => (string)t.Key, t => (string)t.Value), UserDefinedResource?.CreatePSType(), RecommendationsConfiguration?.CreatePSType()); if (ShouldProcess(Name, "Update")) { var outputSolution = SecurityCenterClient.IotSecuritySolution.UpdateWithHttpMessagesAsync(ResourceGroupName, Name, solutionData).GetAwaiter().GetResult().Body; WriteObject(outputSolution?.ConvertToPSType(), enumerateCollection: false); } }
public override void ExecuteCmdlet() { var name = Name; var location = Location; var rgName = ResourceGroupName; var vms = VirtualMachine; switch (ParameterSetName) { case "ResourceGroupLevelResource": break; case "ResourceId": name = AzureIdUtilities.GetResourceName(ResourceId); location = AzureIdUtilities.GetResourceLocation(ResourceId); rgName = AzureIdUtilities.GetResourceGroup(ResourceId); break; case "InputObject": name = InputObject.Name; location = InputObject.Location; rgName = InputObject.ResourceGroupName; vms = InputObject.VirtualMachine; break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, "Start")) { SecurityCenterClient.AscLocation = location; var aps = SecurityCenterClient.JitNetworkAccessPolicies.InitiateWithHttpMessagesAsync(rgName, name, vms.ConvertToCSType()).GetAwaiter().GetResult().Body; WriteObject(aps.ConvertToPSType(), enumerateCollection: false); } }
public override void ExecuteCmdlet() { int numberOfFetchedAlerts = 0; string nextLink = null; switch (ParameterSetName) { case ParameterSetNames.SubscriptionScope: var alerts = SecurityCenterClient.Alerts.ListWithHttpMessagesAsync().GetAwaiter().GetResult().Body; var PSTypeAlerts = alerts.ConvertToPSType(); WriteObject(PSTypeAlerts, enumerateCollection: true); numberOfFetchedAlerts += PSTypeAlerts.Count; nextLink = alerts?.NextPageLink; while (!string.IsNullOrWhiteSpace(nextLink) && numberOfFetchedAlerts < MaxAlertsToFetch) { alerts = SecurityCenterClient.Alerts.ListNextWithHttpMessagesAsync(alerts.NextPageLink).GetAwaiter().GetResult().Body; PSTypeAlerts = alerts.ConvertToPSType(); WriteObject(PSTypeAlerts, enumerateCollection: true); numberOfFetchedAlerts += PSTypeAlerts.Count; nextLink = alerts?.NextPageLink; } break; case ParameterSetNames.ResourceGroupScope: alerts = SecurityCenterClient.Alerts.ListByResourceGroupWithHttpMessagesAsync(ResourceGroupName).GetAwaiter().GetResult().Body; PSTypeAlerts = alerts.ConvertToPSType(); WriteObject(PSTypeAlerts, enumerateCollection: true); numberOfFetchedAlerts += PSTypeAlerts.Count; nextLink = alerts?.NextPageLink; while (!string.IsNullOrWhiteSpace(nextLink) && numberOfFetchedAlerts < MaxAlertsToFetch) { alerts = SecurityCenterClient.Alerts.ListNextWithHttpMessagesAsync(alerts.NextPageLink).GetAwaiter().GetResult().Body; PSTypeAlerts = alerts.ConvertToPSType(); WriteObject(PSTypeAlerts, enumerateCollection: true); numberOfFetchedAlerts += PSTypeAlerts.Count; nextLink = alerts?.NextPageLink; } break; case ParameterSetNames.SubscriptionLevelResource: SecurityCenterClient.AscLocation = Location; var alert = SecurityCenterClient.Alerts.GetSubscriptionLevelWithHttpMessagesAsync(Name).GetAwaiter().GetResult().Body; WriteObject(alert.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceGroupLevelResource: SecurityCenterClient.AscLocation = Location; alert = SecurityCenterClient.Alerts.GetResourceGroupLevelWithHttpMessagesAsync(Name, ResourceGroupName).GetAwaiter().GetResult().Body; WriteObject(alert.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceId: SecurityCenterClient.AscLocation = AzureIdUtilities.GetResourceLocation(ResourceId); var rg = AzureIdUtilities.GetResourceGroup(ResourceId); if (string.IsNullOrEmpty(rg)) { alert = SecurityCenterClient.Alerts.GetSubscriptionLevelWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; } else { alert = SecurityCenterClient.Alerts.GetResourceGroupLevelWithHttpMessagesAsync(AzureIdUtilities.GetResourceName(ResourceId), rg).GetAwaiter().GetResult().Body; } WriteObject(alert.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { var rg = ResourceGroupName; var name = Name; var actionType = ActionType; var location = Location; var status = ""; switch (ParameterSetName) { case ParameterSetNames.SubscriptionLevelResource: case ParameterSetNames.ResourceGroupLevelResource: break; case ParameterSetNames.ResourceId: location = AzureIdUtilities.GetResourceLocation(ResourceId); name = AzureIdUtilities.GetResourceName(ResourceId); break; case ParameterSetNames.InputObject: status = InputObject.State; name = InputObject.Name; rg = AzureIdUtilities.GetResourceGroup(InputObject.Id); location = AzureIdUtilities.GetResourceLocation(InputObject.Id); break; case ParameterSetNames.InputObjectV3: status = InputObjectV3.Status; name = InputObjectV3.Name; rg = AzureIdUtilities.GetResourceGroup(InputObjectV3.Id); location = AzureIdUtilities.GetResourceLocation(InputObjectV3.Id); break; default: throw new PSInvalidOperationException(); } if (!string.IsNullOrEmpty(status)) { switch (status.ToLower()) { case "dismissed": actionType = "Dismiss"; break; case "active": actionType = "Activate"; break; case "resolved": actionType = "Resolve"; break; default: break; } } SecurityCenterClient.AscLocation = location; if (string.IsNullOrEmpty(rg)) { if (ShouldProcess(name, VerbsCommon.Set)) { if (actionType == "Dismiss") { SecurityCenterClient.Alerts.UpdateSubscriptionLevelStateToDismissWithHttpMessagesAsync(name).GetAwaiter().GetResult(); } else if (actionType == "Activate") { SecurityCenterClient.Alerts.UpdateSubscriptionLevelStateToActivateWithHttpMessagesAsync(name).GetAwaiter().GetResult(); } else if (actionType == "Resolve") { SecurityCenterClient.Alerts.UpdateSubscriptionLevelStateToResolveWithHttpMessagesAsync(name).GetAwaiter().GetResult(); } } } else { if (ShouldProcess(name, VerbsCommon.Set)) { if (actionType == "Dismiss") { SecurityCenterClient.Alerts.UpdateResourceGroupLevelStateToDismissWithHttpMessagesAsync(name, rg).GetAwaiter().GetResult(); } else if (actionType == "Activate") { SecurityCenterClient.Alerts.UpdateResourceGroupLevelStateToActivateWithHttpMessagesAsync(name, rg).GetAwaiter().GetResult(); } else if (actionType == "Resolve") { SecurityCenterClient.Alerts.UpdateResourceGroupLevelStateToResolveWithHttpMessagesAsync(name, rg).GetAwaiter().GetResult(); } } } if (PassThru.IsPresent) { WriteObject(true); } }
public override void ExecuteCmdlet() { switch (ParameterSetName) { case ParameterSetNames.SubscriptionScope: int fetchedItems = 0; string nextLink = null; var assessments = SecurityCenterClient.SubAssessments.ListAllWithHttpMessagesAsync(AssessedResourceId ?? $"subscriptions/{DefaultContext.Subscription.Id}").GetAwaiter().GetResult().Body; var psAssessments = assessments.ConvertToPSType(); WriteObject(psAssessments, enumerateCollection: true); fetchedItems += psAssessments.Count; nextLink = assessments?.NextPageLink; while (!string.IsNullOrWhiteSpace(nextLink) && fetchedItems < MaxItemsToFetch) { assessments = SecurityCenterClient.SubAssessments.ListAllNextWithHttpMessagesAsync(nextLink).GetAwaiter().GetResult().Body; psAssessments = assessments.ConvertToPSType(); WriteObject(psAssessments, enumerateCollection: true); fetchedItems += psAssessments.Count; nextLink = assessments?.NextPageLink; } break; case ParameterSetNames.ResourceIdScope: fetchedItems = 0; nextLink = null; assessments = SecurityCenterClient.SubAssessments.ListWithHttpMessagesAsync(AssessedResourceId ?? $"subscriptions/{DefaultContext.Subscription.Id}", AssessmentName).GetAwaiter().GetResult().Body; psAssessments = assessments.ConvertToPSType(); WriteObject(psAssessments, enumerateCollection: true); fetchedItems += psAssessments.Count; nextLink = assessments?.NextPageLink; while (!string.IsNullOrWhiteSpace(nextLink) && fetchedItems < MaxItemsToFetch) { assessments = SecurityCenterClient.SubAssessments.ListNextWithHttpMessagesAsync(nextLink).GetAwaiter().GetResult().Body; psAssessments = assessments.ConvertToPSType(); WriteObject(psAssessments, enumerateCollection: true); fetchedItems += psAssessments.Count; nextLink = assessments?.NextPageLink; } break; case ParameterSetNames.SubscriptionLevelResource: case ParameterSetNames.ResourceIdLevelResource: var assessment = SecurityCenterClient.SubAssessments.GetWithHttpMessagesAsync(AssessedResourceId ?? $"subscriptions/{DefaultContext.Subscription.Id}", AssessmentName, Name).GetAwaiter().GetResult().Body; WriteObject(assessment.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceId: assessment = SecurityCenterClient.SubAssessments.GetWithHttpMessagesAsync(AzureIdUtilities.GetExtendedResourceId(ResourceId), AzureIdUtilities.GetAssessmentResourceName(ResourceId), AzureIdUtilities.GetResourceName(ResourceId)).GetAwaiter().GetResult().Body; WriteObject(assessment.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { int numberOfFetchedIncidentComments = 0; string nextLink = null; switch (ParameterSetName) { case ParameterSetNames.IncidentId: var incidentComments = SecurityInsightsClient.IncidentComments.ListByIncident(ResourceGroupName, WorkspaceName, IncidentId); int incidentCommentsCount = incidentComments.Count(); WriteObject(incidentComments.ConvertToPSType(), enumerateCollection: true); numberOfFetchedIncidentComments += incidentCommentsCount; nextLink = incidentComments?.NextPageLink; while (!string.IsNullOrWhiteSpace(nextLink) && numberOfFetchedIncidentComments < MaxIncidentCommentsToFetch) { incidentComments = SecurityInsightsClient.IncidentComments.ListByIncidentNext(incidentComments.NextPageLink); incidentCommentsCount = incidentComments.Count(); WriteObject(incidentComments.ConvertToPSType(), enumerateCollection: true); numberOfFetchedIncidentComments += incidentCommentsCount; nextLink = incidentComments?.NextPageLink; } break; case ParameterSetNames.IncidentCommentId: var incidentComment = SecurityInsightsClient.IncidentComments.Get(ResourceGroupName, WorkspaceName, IncidentId, IncidentCommentId); WriteObject(incidentComment.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceId: incidentComment = SecurityInsightsClient.IncidentComments.Get(ResourceGroupName, WorkspaceName, AzureIdUtilities.GetIncidentName(ResourceId), AzureIdUtilities.GetIncidentCommentName(ResourceId)); WriteObject(incidentComment.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }
public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.InputObject)) { this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(this.InputObject.Id); this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.InputObject.Id); this.DataConnectorId = this.InputObject.Name; } if (this.IsParameterBound(c => c.ResourceId)) { var resourceIdentifier = new ResourceIdentifier(this.ResourceId); this.ResourceGroupName = resourceIdentifier.ResourceGroupName; this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId); this.DataConnectorId = resourceIdentifier.ResourceName; } PSSentinelDataConnector dataConnector = null; try { dataConnector = this.SecurityInsightsClient.DataConnectors.Get(ResourceGroupName, WorkspaceName, DataConnectorId).ConvertToPSType(); } catch { dataConnector = null; } if (dataConnector == null) { throw new Exception(string.Format("A Data Connector with DataConnectorId '{0}' in resource group '{1}' under workspace '{2}' does not exist. Please use New-AzSentinelDataConnector to create a Data Connector with these properties.", this.DataConnectorId, this.ResourceGroupName, this.WorkspaceName)); } if (dataConnector.Kind == "AzureActiveDirectory") { var convertedAADDataConnector = dataConnector as PSSentinelDataConnectorAAD; convertedAADDataConnector.Etag = convertedAADDataConnector.Etag; convertedAADDataConnector.TenantId = convertedAADDataConnector.TenantId; convertedAADDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedAADDataConnector.DataTypes.Alerts.State; dataConnector = convertedAADDataConnector; } ; if (dataConnector.Kind == "AzureAdvancedThreatProtection") { var convertedAATPDataConnector = dataConnector as PSSentinelDataConnectorAATP; convertedAATPDataConnector.Etag = convertedAATPDataConnector.Etag; convertedAATPDataConnector.TenantId = convertedAATPDataConnector.TenantId; convertedAATPDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedAATPDataConnector.DataTypes.Alerts.State; dataConnector = convertedAATPDataConnector; } ; if (dataConnector.Kind == "AzureSecurityCenter") { var convertedASCDataConnector = dataConnector as PSSentinelDataConnectorASC; convertedASCDataConnector.Etag = convertedASCDataConnector.Etag; convertedASCDataConnector.SubscriptionId = this.IsParameterBound(c => c.SubscriptionId) ? this.SubscriptionId : convertedASCDataConnector.SubscriptionId; convertedASCDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedASCDataConnector.DataTypes.Alerts.State; dataConnector = convertedASCDataConnector; } ; if (dataConnector.Kind == "AmazonWebServicesCloudTrail") { var convertedAWSDataConnector = dataConnector as PSSentinelDataConnectorAWS; convertedAWSDataConnector.Etag = convertedAWSDataConnector.Etag; convertedAWSDataConnector.AwsRoleArn = this.IsParameterBound(c => c.AwsRoleArn) ? this.AwsRoleArn : convertedAWSDataConnector.AwsRoleArn; convertedAWSDataConnector.DataTypes.Logs.State = this.IsParameterBound(c => c.Logs) ? this.Logs : convertedAWSDataConnector.DataTypes.Logs.State; dataConnector = convertedAWSDataConnector; } ; if (dataConnector.Kind == "MicrosoftCloudAppSecurity") { var convertedMCASDataConnector = dataConnector as PSSentinelDataConnectorMCAS; convertedMCASDataConnector.Etag = convertedMCASDataConnector.Etag; convertedMCASDataConnector.TenantId = convertedMCASDataConnector.TenantId; convertedMCASDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedMCASDataConnector.DataTypes.Alerts.State; convertedMCASDataConnector.DataTypes.DiscoveryLogs.State = this.IsParameterBound(c => c.DiscoveryLogs) ? this.DiscoveryLogs : convertedMCASDataConnector.DataTypes.DiscoveryLogs.State; dataConnector = convertedMCASDataConnector; } ; if (dataConnector.Kind == "MicrosoftDefenderAdvancedThreatProtection") { var convertedMDATPDataConnector = dataConnector as PSSentinelDataConnectorMDATP; convertedMDATPDataConnector.Etag = convertedMDATPDataConnector.Etag; convertedMDATPDataConnector.TenantId = convertedMDATPDataConnector.TenantId; convertedMDATPDataConnector.DataTypes.Alerts.State = this.IsParameterBound(c => c.Alerts) ? this.Alerts : convertedMDATPDataConnector.DataTypes.Alerts.State; dataConnector = convertedMDATPDataConnector; } ; if (dataConnector.Kind == "Office365") { var convertedO365DataConnector = dataConnector as PSSentinelDataConnectorOffice; convertedO365DataConnector.Etag = convertedO365DataConnector.Etag; convertedO365DataConnector.TenantId = convertedO365DataConnector.TenantId; convertedO365DataConnector.DataTypes.Exchange.State = this.IsParameterBound(c => c.Exchange) ? this.Exchange : convertedO365DataConnector.DataTypes.Exchange.State; convertedO365DataConnector.DataTypes.SharePoint.State = this.IsParameterBound(c => c.SharePoint) ? this.SharePoint : convertedO365DataConnector.DataTypes.SharePoint.State; convertedO365DataConnector.DataTypes.Teams.State = this.IsParameterBound(c => c.Teams) ? this.Teams : convertedO365DataConnector.DataTypes.Teams.State; dataConnector = convertedO365DataConnector; } ; if (dataConnector.Kind == "ThreatIntelligence") { var convertedTIDataConnector = dataConnector as PSSentinelDataConnectorTI; convertedTIDataConnector.Etag = convertedTIDataConnector.Etag; convertedTIDataConnector.TenantId = convertedTIDataConnector.TenantId; convertedTIDataConnector.DataTypes.Indicators.State = this.IsParameterBound(c => c.Indicators) ? this.Indicators : convertedTIDataConnector.DataTypes.Indicators.State; dataConnector = convertedTIDataConnector; } ; if (this.ShouldProcess(this.DataConnectorId, string.Format("Updating Data Connector '{0}' in resource group '{1}' under workspace '{2}'.", this.DataConnectorId, this.ResourceGroupName, this.WorkspaceName))) { var result = this.SecurityInsightsClient.DataConnectors.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.DataConnectorId, dataConnector.CreatePSType()).ConvertToPSType(); WriteObject(result); } }
public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.InputObject)) { this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(this.InputObject.Id); this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.InputObject.Id); this.AlertRuleId = this.InputObject.Name; } if (this.IsParameterBound(c => c.ResourceId)) { var resourceIdentifier = new ResourceIdentifier(this.ResourceId); this.ResourceGroupName = resourceIdentifier.ResourceGroupName; this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId); this.AlertRuleId = resourceIdentifier.ResourceName; } PSSentinelAlertRule alertRule = null; try { alertRule = this.SecurityInsightsClient.AlertRules.Get(ResourceGroupName, WorkspaceName, AlertRuleId).ConvertToPSType(); } catch { alertRule = null; } if (alertRule == null) { throw new Exception(string.Format("An Alert Rule with AlertRuleId '{0}' in resource group '{1}' under workspace '{2}' does not exist. Please use New-AzSentinelAlertRule to create an Alert Rule Action with these properties.", this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName)); } if (alertRule.Kind == "Fusion") { var convertedFusionAlertRule = alertRule as PSSentinelFusionAlertRule; convertedFusionAlertRule.Etag = convertedFusionAlertRule.Etag; convertedFusionAlertRule.AlertRuleTemplateName = this.IsParameterBound(c => c.AlertRuleTemplateName) ? this.AlertRuleTemplateName : convertedFusionAlertRule.AlertRuleTemplateName; if (this.IsParameterBound(c => c.Enabled)) { convertedFusionAlertRule.Enabled = true; } else if (this.IsParameterBound(c => c.Disabled)) { convertedFusionAlertRule.Enabled = false; } else { convertedFusionAlertRule.Enabled = convertedFusionAlertRule.Enabled; } var alertule = convertedFusionAlertRule; } ; if (alertRule.Kind == "MicrosoftSecurityIncidentCreation") { var convertedMicrosoftSecurityIncidentCreationAlertRule = alertRule as PSSentinelMicrosoftSecurityIncidentCreationRule; convertedMicrosoftSecurityIncidentCreationAlertRule.Etag = convertedMicrosoftSecurityIncidentCreationAlertRule.Etag; convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayName = this.IsParameterBound(c => c.DisplayName) ? this.DisplayName : convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayName; if (this.IsParameterBound(c => c.Enabled)) { convertedMicrosoftSecurityIncidentCreationAlertRule.Enabled = true; } else if (this.IsParameterBound(c => c.Disabled)) { convertedMicrosoftSecurityIncidentCreationAlertRule.Enabled = false; } else { convertedMicrosoftSecurityIncidentCreationAlertRule.Enabled = convertedMicrosoftSecurityIncidentCreationAlertRule.Enabled; } convertedMicrosoftSecurityIncidentCreationAlertRule.Description = this.IsParameterBound(c => c.Description) ? this.Description : convertedMicrosoftSecurityIncidentCreationAlertRule.Description; convertedMicrosoftSecurityIncidentCreationAlertRule.AlertRuleTemplateName = this.IsParameterBound(c => c.AlertRuleTemplateName) ? this.AlertRuleTemplateName : convertedMicrosoftSecurityIncidentCreationAlertRule.AlertRuleTemplateName; convertedMicrosoftSecurityIncidentCreationAlertRule.ProductFilter = this.IsParameterBound(c => c.ProductFilter) ? this.ProductFilter : convertedMicrosoftSecurityIncidentCreationAlertRule.ProductFilter; convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayNamesExcludeFilter = this.IsParameterBound(c => c.DisplayNamesExcludeFilter) ? this.DisplayNamesExcludeFilter : convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayNamesExcludeFilter; convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayNamesFilter = this.IsParameterBound(c => c.DisplayNamesFilter) ? this.DisplayNamesFilter : convertedMicrosoftSecurityIncidentCreationAlertRule.DisplayNamesFilter; convertedMicrosoftSecurityIncidentCreationAlertRule.SeveritiesFilter = this.IsParameterBound(c => c.SeveritiesFilter) ? this.SeveritiesFilter : convertedMicrosoftSecurityIncidentCreationAlertRule.SeveritiesFilter; var alertule = convertedMicrosoftSecurityIncidentCreationAlertRule; } ; if (alertRule.Kind == "Scheduled") { var convertedScheduledAlertRule = alertRule as PSSentinelScheduledAlertRule; convertedScheduledAlertRule.Etag = convertedScheduledAlertRule.Etag; convertedScheduledAlertRule.DisplayName = this.IsParameterBound(c => c.DisplayName) ? this.DisplayName : convertedScheduledAlertRule.DisplayName; if (this.IsParameterBound(c => c.Enabled)) { convertedScheduledAlertRule.Enabled = true; } else if (this.IsParameterBound(c => c.Disabled)) { convertedScheduledAlertRule.Enabled = false; } else { convertedScheduledAlertRule.Enabled = convertedScheduledAlertRule.Enabled; } convertedScheduledAlertRule.SuppressionDuration = this.IsParameterBound(c => c.SuppressionDuration) ? this.SuppressionDuration : convertedScheduledAlertRule.SuppressionDuration; if (this.IsParameterBound(c => c.SuppressionEnabled)) { convertedScheduledAlertRule.SuppressionEnabled = true; } else if (this.IsParameterBound(c => c.SuppressionDisabled)) { convertedScheduledAlertRule.SuppressionEnabled = false; } else { convertedScheduledAlertRule.SuppressionEnabled = convertedScheduledAlertRule.SuppressionEnabled; } convertedScheduledAlertRule.AlertRuleTemplateName = this.IsParameterBound(c => c.AlertRuleTemplateName) ? this.AlertRuleTemplateName : convertedScheduledAlertRule.AlertRuleTemplateName; convertedScheduledAlertRule.Description = this.IsParameterBound(c => c.Description) ? this.Description : convertedScheduledAlertRule.Description; convertedScheduledAlertRule.Query = this.IsParameterBound(c => c.Query) ? this.Query : convertedScheduledAlertRule.Query; convertedScheduledAlertRule.QueryFrequency = this.IsParameterBound(c => c.QueryFrequency) ? this.QueryFrequency : convertedScheduledAlertRule.QueryFrequency; convertedScheduledAlertRule.QueryPeriod = this.IsParameterBound(c => c.QueryPeriod) ? this.QueryPeriod : convertedScheduledAlertRule.QueryPeriod; convertedScheduledAlertRule.Severity = this.IsParameterBound(c => c.Severity) ? this.Severity : convertedScheduledAlertRule.Severity; convertedScheduledAlertRule.Tactics = this.IsParameterBound(c => c.Tactic) ? this.Tactic : convertedScheduledAlertRule.Tactics; convertedScheduledAlertRule.TriggerOperator = this.IsParameterBound(c => c.TriggerOperator) ? this.TriggerOperator : convertedScheduledAlertRule.TriggerOperator; convertedScheduledAlertRule.TriggerThreshold = this.IsParameterBound(c => c.TriggerThreshold) ? this.TriggerThreshold : convertedScheduledAlertRule.TriggerThreshold; var alertule = convertedScheduledAlertRule; } ; if (this.ShouldProcess(this.AlertRuleId, string.Format("Updating Alert Rule '{0}' in resource group '{1}' under workspace '{2}'.", this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName))) { var result = this.SecurityInsightsClient.AlertRules.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.AlertRuleId, alertRule.CreatePSStype()).ConvertToPSType(); WriteObject(result); } }
public override void ExecuteCmdlet() { int numberOfFetchedDataConnectors = 0; string nextLink = null; switch (ParameterSetName) { case ParameterSetNames.WorkspaceScope: var dataconnectors = SecurityInsightsClient.DataConnectors.List(ResourceGroupName, WorkspaceName); int dataconnectorscount = dataconnectors.Count(); WriteObject(dataconnectors.ConvertToPSType(), enumerateCollection: true); numberOfFetchedDataConnectors += dataconnectorscount; nextLink = dataconnectors?.NextPageLink; while (!string.IsNullOrWhiteSpace(nextLink) && numberOfFetchedDataConnectors < MaxDataConnectorsToFetch) { dataconnectors = SecurityInsightsClient.DataConnectors.ListNext(dataconnectors.NextPageLink); dataconnectorscount = dataconnectors.Count(); WriteObject(dataconnectors.ConvertToPSType(), enumerateCollection: true); numberOfFetchedDataConnectors += dataconnectorscount; nextLink = dataconnectors?.NextPageLink; } break; case ParameterSetNames.DataConnectorId: var dataconnector = SecurityInsightsClient.DataConnectors.Get(ResourceGroupName, WorkspaceName, DataConnectorId); WriteObject(dataconnector.ConvertToPSType(), enumerateCollection: false); break; case ParameterSetNames.ResourceId: dataconnector = SecurityInsightsClient.DataConnectors.Get(ResourceGroupName, WorkspaceName, AzureIdUtilities.GetResourceName(ResourceId)); WriteObject(dataconnector.ConvertToPSType(), enumerateCollection: false); break; default: throw new PSInvalidOperationException(); } }