public static PSSentinelDataConnectorDataTypeTI ConvertToPSType(this TIDataConnectorDataTypes value)
{
return(new PSSentinelDataConnectorDataTypeTI()
{
Indicators = value?.Indicators.ConvertToPSType()
});
}
public override void ExecuteCmdlet()
{
if (DataConnectorId == null)
{
DataConnectorId = Guid.NewGuid().ToString();
}
var name = DataConnectorId;
var tenantId = AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant.Id;
if (ShouldProcess(name, VerbsCommon.New))
{
switch (ParameterSetName)
{
case ParameterSetNames.AzureActiveDirectory:
DataConnectorDataTypeCommon aadcommon = new DataConnectorDataTypeCommon
{
State = Alerts.ToLower()
};
AlertsDataTypeOfDataConnector aadalerts = new AlertsDataTypeOfDataConnector
{
Alerts = aadcommon
};
AADDataConnector aadDataTypes = new AADDataConnector
{
DataTypes = aadalerts,
TenantId = tenantId
};
DataConnector aadDataConnector = aadDataTypes;
var outputaadconnector = SecurityInsightsClient.DataConnectors.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, aadDataConnector);
WriteObject(outputaadconnector.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.AzureAdvancedThreatProtection:
DataConnectorDataTypeCommon aatpcommon = new DataConnectorDataTypeCommon
{
State = Alerts.ToLower()
};
AlertsDataTypeOfDataConnector aatpalerts = new AlertsDataTypeOfDataConnector
{
Alerts = aatpcommon
};
AATPDataConnector aatpDataTypes = new AATPDataConnector
{
DataTypes = aatpalerts,
TenantId = tenantId
};
DataConnector aatpDataConnector = aatpDataTypes;
var outputaatpconnector = SecurityInsightsClient.DataConnectors.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, aatpDataConnector);
WriteObject(outputaatpconnector.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.AzureSecurityCenter:
DataConnectorDataTypeCommon asccommon = new DataConnectorDataTypeCommon
{
State = Alerts.ToLower()
};
AlertsDataTypeOfDataConnector ascalerts = new AlertsDataTypeOfDataConnector
{
Alerts = asccommon
};
ASCDataConnector ascDataTypes = new ASCDataConnector
{
DataTypes = ascalerts,
SubscriptionId = SubscriptionId
};
DataConnector ascDataConnector = ascDataTypes;
var outputascconnector = SecurityInsightsClient.DataConnectors.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, ascDataConnector);
WriteObject(outputascconnector.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.AmazonWebServicesCloudTrail:
AwsCloudTrailDataConnectorDataTypesLogs awscommon = new AwsCloudTrailDataConnectorDataTypesLogs
{
State = Logs.ToLower()
};
AwsCloudTrailDataConnectorDataTypes awslogs = new AwsCloudTrailDataConnectorDataTypes
{
Logs = awscommon
};
AwsCloudTrailDataConnector awsDataTypes = new AwsCloudTrailDataConnector
{
DataTypes = awslogs,
AwsRoleArn = AwsRoleArn
};
DataConnector awsDataConnector = awsDataTypes;
var outputawsconnector = SecurityInsightsClient.DataConnectors.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, awsDataConnector);
WriteObject(outputawsconnector.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.MicrosoftCloudAppSecurity:
DataConnectorDataTypeCommon mcascommon = new DataConnectorDataTypeCommon
{
State = Alerts.ToLower()
};
DataConnectorDataTypeCommon mcasdiscovery = new DataConnectorDataTypeCommon
{
State = DiscoveryLogs
};
MCASDataConnectorDataTypes mcasDataTypes = new MCASDataConnectorDataTypes
{
Alerts = mcascommon,
DiscoveryLogs = mcasdiscovery
};
MCASDataConnector mcasConnector = new MCASDataConnector
{
DataTypes = mcasDataTypes,
TenantId = tenantId
};
DataConnector mcasDataConnector = mcasConnector;
var outputmcasconnector = SecurityInsightsClient.DataConnectors.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, mcasDataConnector);
WriteObject(outputmcasconnector.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.MicrosoftDefenderAdvancedThreatProtection:
DataConnectorDataTypeCommon mdatpcommon = new DataConnectorDataTypeCommon
{
State = Alerts.ToLower()
};
AlertsDataTypeOfDataConnector mdatpalerts = new AlertsDataTypeOfDataConnector
{
Alerts = mdatpcommon
};
MDATPDataConnector mdatpDataTypes = new MDATPDataConnector
{
DataTypes = mdatpalerts,
TenantId = tenantId
};
DataConnector mdatpDataConnector = mdatpDataTypes;
var outputmdatpconnector = SecurityInsightsClient.DataConnectors.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, mdatpDataConnector);
WriteObject(outputmdatpconnector.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.Office365:
OfficeDataConnectorDataTypesExchange officeExchange = new OfficeDataConnectorDataTypesExchange
{
State = Exchange.ToLower()
};
OfficeDataConnectorDataTypesSharePoint officeSharePoint = new OfficeDataConnectorDataTypesSharePoint
{
State = SharePoint.ToLower()
};
OfficeDataConnectorDataTypesTeams officeTeams = new OfficeDataConnectorDataTypesTeams
{
State = Teams.ToLower()
};
OfficeDataConnectorDataTypes officeDataTypes = new OfficeDataConnectorDataTypes
{
Exchange = officeExchange,
SharePoint = officeSharePoint,
Teams = officeTeams
};
OfficeDataConnector officeConnector = new OfficeDataConnector
{
DataTypes = officeDataTypes,
TenantId = tenantId
};
DataConnector officeDataConnector = officeConnector;
var outputofficeconnector = SecurityInsightsClient.DataConnectors.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, officeDataConnector);
WriteObject(outputofficeconnector.ConvertToPSType(), enumerateCollection: false);
break;
case ParameterSetNames.ThreatIntelligence:
TIDataConnectorDataTypesIndicators tiIndicators = new TIDataConnectorDataTypesIndicators
{
State = Indicators.ToLower()
};
TIDataConnectorDataTypes tiDataTypes = new TIDataConnectorDataTypes
{
Indicators = tiIndicators
};
TIDataConnector tiConnector = new TIDataConnector
{
DataTypes = tiDataTypes,
TenantId = tenantId
};
DataConnector tiDataConnector = tiConnector;
var outputticonnector = SecurityInsightsClient.DataConnectors.CreateOrUpdate(ResourceGroupName, WorkspaceName, name, tiDataConnector);
WriteObject(outputticonnector.ConvertToPSType(), enumerateCollection: false);
break;
default:
throw new PSInvalidOperationException();
}
}
}
