AZSentinel
AZSentinel copied to clipboard
wortell
PowerShell module for Azure Sentinel
# Environment ```none Windows build number: 10.0.19042.1083 PowerShell version (if applicable): 7.0.6 ``` # Steps to reproduce #1-Connect to Azure Connect-AzAccount #2-Set Azure Context Set-AzContext -Subscription 76b3de50-2f93-451e-9482-4e7a23712baf #3-Create Workspace New-AzOperationalInsightsWorkspace...
# Environment ``` Windows build number: Microsoft Windows [Version 10.0.19042.985] PowerShell version (if applicable): 7.1.3 ``` # Steps to reproduce Run "Get-AzSentinelHuntingRule". # Expected behavior Hunting Rule information is output....
I'm cleaning up old incidents in my Sentinel environment; as it has alot of invalid incidents now i want to do this more efficient than through the GUI. using Get-AZSentinelIncident...
# Summary of the new feature/enhancement Currently when changing the PlaybookName for an analytic, the new playbook gets activated alongside any existing playbooks. It would be useful if we could...
Is Azure Government supported? I am 100% confident that the subscription and workspace exists. `Get-AzSentinelAlertRule -WorkspaceName "XXXXX" -Verbose VERBOSE: Getting Worspace from Subscription XXXXXX-XXXXXXX-XXXXXX VERBOSE: GET https://management.azure.com/subscriptions/XXXXXX-XXXXXXX-XXXXXX/providers/Microsoft.OperationalInsights/workspaces?api-version=2015-11-01-preview with 0-byte payload...
Hello, I've noticed that creating a new rule using **`New-AzSentinelAlertRule`** and setting any value to the **`SuppressionDuration`** parameter, the rule creation fails with the following error: ```powershell ##[error]Unable to initiate...
# Summary of the new feature/enhancement It would be really handy to be able to retrieve all the incidents that took place in a timeframe, and be able to pass...
We created a SP with Contributor rigths and Azure Sentinel Contributor rights. When we use the SP to create alter rules of type Fusion or MicrosoftSecurityIncidentCreation or MLBehaviorAnalyticswe we get...
Analytics Rules with mapped MITRE techniques do not get imported as JSON Currently "import-azsentinlealertrule" command under module "azsentinel" 0.6.21 doesn't deploy Techniques values when deploying the analytics rules. For example...
# Environment ```none ``` # Steps to reproduce Fork this Sentinel github repo into my repository click on the "+Add new" option and create a connection Select the content type...
