Пример #1
0
        public override void ExecuteCmdlet()
        {
            if (this.IsParameterBound(c => c.InputObject))
            {
                this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(this.InputObject.Id);
                this.WorkspaceName     = AzureIdUtilities.GetWorkspaceName(this.InputObject.Id);
                this.AlertRuleId       = AzureIdUtilities.GetAlertRuleName(this.InputObject.Id);
                this.ActionId          = this.InputObject.Name;
            }

            if (this.IsParameterBound(c => c.ResourceId))
            {
                var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
                this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
                this.WorkspaceName     = AzureIdUtilities.GetWorkspaceName(this.ResourceId);
                this.AlertRuleId       = AzureIdUtilities.GetAlertRuleName(this.ResourceId);
                this.ActionId          = resourceIdentifier.ResourceName;
            }

            PSSentinelActionResponse alertRuleAction = null;

            try
            {
                alertRuleAction = this.SecurityInsightsClient.Actions.Get(ResourceGroupName, WorkspaceName, AlertRuleId, ActionId).ConvertToPSType();
            }
            catch
            {
                alertRuleAction = null;
            }

            if (alertRuleAction == null)
            {
                throw new Exception(string.Format("An Alert Rule Action with ActionId '{0}' for Alert Rule '{1}' in resource group '{2}' under workspace '{3}' does not exist. Please use New-AzSentinelAlertRuleAction to create an Alert Rule Action with these properties.", this.ActionId, this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName));
            }

            PSSentinelActionRequest updateAlertRuleAction = new PSSentinelActionRequest
            {
                LogicAppResourceId = this.LogicAppResourceId,
                TriggerUri         = this.TriggerUri
            };

            if (this.ShouldProcess(this.ActionId, string.Format("Updating Action '{0}' for Alert Rule '{1}' in resource group '{2}' under workspace '{3}'.", this.ActionId, this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName)))
            {
                var result = this.SecurityInsightsClient.Actions.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.AlertRuleId, this.ActionId, updateAlertRuleAction.CreatePSType()).ConvertToPSType();
                WriteObject(result);
            }
        }
Пример #2
0
        public override void ExecuteCmdlet()
        {
            var name          = ActionId;
            var alertrule     = AlertRuleId;
            var resourcegroup = ResourceGroupName;
            var workspacename = WorkspaceName;

            switch (ParameterSetName)
            {
            case ParameterSetNames.ActionId:
                break;

            case ParameterSetNames.InputObject:
                name          = InputObject.Name;
                alertrule     = AzureIdUtilities.GetAlertRuleName(InputObject.Id);
                workspacename = AzureIdUtilities.GetWorkspaceName(InputObject.Id);
                resourcegroup = AzureIdUtilities.GetResourceGroup(InputObject.Id);
                break;

            default:
                throw new PSInvalidOperationException();
            }

            if (ShouldProcess(name, VerbsCommon.Remove))
            {
                var result = SecurityInsightsClient.AlertRules.DeleteActionWithHttpMessagesAsync(resourcegroup, workspacename, alertrule, name).Result;
                if (result.Response.StatusCode == (System.Net.HttpStatusCode) 200)
                {
                    System.Console.WriteLine("success");
                }
                else if (result.Response.StatusCode == (System.Net.HttpStatusCode) 204)
                {
                    System.Console.WriteLine("success");
                }
            }

            if (PassThru.IsPresent)
            {
                WriteObject(true);
            }
        }