AZSentinel
AZSentinel copied to clipboard
wortell
PowerShell module for Azure Sentinel
# Environment ```none Windows build number:10.0.19043.0 PowerShell version (if applicable): 5.1 Any other software? Az.SecurityInsights version 1.0.0 # Steps to reproduce New-AzSentinelAlertRule ` -ResourceGroupName testrg` -WorkspaceName testlaw` -DisplayName "Test" `...
# Summary of the new feature/enhancement Sentinel now has an anomaly rule type in preview - https://docs.microsoft.com/en-us/azure/sentinel/tutorial-detect-threats-built-in#anomaly Anomaly rules can be duplicated from the inbuilt templates to allow tuning parameters....
# Summary of the new feature/enhancement Microsoft added Custom Details mapping and Event Grouping for each event (Trigger an alert for each event (preview)) for Analytical Rules. This allows for...
# Environment ```none Mac OS Big Sur 11.2.2. PowerShell version: 7.1.2 Module version: 0.6.21 ``` # Steps to reproduce I am trying to configure the Azure Defender data connector inside...
# Environment ```none Windows build number: [run "ver" at a command prompt] PowerShell version (if applicable): Any other software? ``` # Steps to reproduce **Import-AzSentinelDataConnector -verbose** # Expected behavior Using...
Will it be possible to assign entities using a script and/or function? Will it be possible to export the settings for future replication?
Will it be possible to assign alert details using a script and/or function? Will it be possible to export the settings for future replication? 
# Summary of the Pull Request ... ## References ... ## PR Checklist **By submitting this pull request, I confirm the following:** *please fill any appropriate checkboxes, e.g: [X]* -...
Looks like there are quite a few more entities coming as well - https://github.com/Azure/Azure-Sentinel/blob/9f0fa91b9045d80a01032aa0e164ea701a02f77d/.script/tests/detectionTemplateStructureValidation/Models/EntityType.cs ```PowerShell public enum EntityType { Account, Host, IP, Malware, File, Process, CloudApplication, DNS, AzureResource, FileHash, RegistryKey,...
I'm able to use Import-AzSentinelAlertRule and import the YAML based Detection Rules from https://github.com/Azure/Azure-Sentinel/tree/master/Detections after tweaking a couple of elements: - Change: name: -> displayname: - Add: enabled: true When...
