diff --git a/src/SecurityInsights/SecurityInsights.Autorest/Properties/AssemblyInfo.cs b/src/SecurityInsights/SecurityInsights.Autorest/Properties/AssemblyInfo.cs new file mode 100644 index 000000000000..6b2d2ac4af0d --- /dev/null +++ b/src/SecurityInsights/SecurityInsights.Autorest/Properties/AssemblyInfo.cs @@ -0,0 +1,27 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the Apache License, Version 2.0 (the ""License""); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an ""AS IS"" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// Code generated by Microsoft (R) AutoRest Code Generator.Changes may cause incorrect behavior and will be lost if the code +// is regenerated. + +using System; +using System.Reflection; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; + +[assembly: System.Reflection.AssemblyCompanyAttribute("Microsoft")] +[assembly: System.Reflection.AssemblyCopyrightAttribute("Copyright © Microsoft")] +[assembly: System.Reflection.AssemblyProductAttribute("Microsoft Azure PowerShell")] +[assembly: System.Reflection.AssemblyTitleAttribute("Microsoft Azure PowerShell - SecurityInsights")] +[assembly: System.Reflection.AssemblyFileVersionAttribute("3.2.0")] +[assembly: System.Reflection.AssemblyVersionAttribute("3.2.0")] +[assembly: System.Runtime.InteropServices.ComVisibleAttribute(false)] +[assembly: System.CLSCompliantAttribute(false)] + diff --git a/src/SecurityInsights/SecurityInsights.Autorest/README.md b/src/SecurityInsights/SecurityInsights.Autorest/README.md index b5506b75aa70..58b22c1c9e70 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/README.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/README.md @@ -66,7 +66,7 @@ input-file: - $(repo)/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/ThreatIntelligence.json #- $(repo)/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/Watchlists.json - $(repo)/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/dataConnectors.json - - $(repo)/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/operations.json + # - $(repo)/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/preview/2021-09-01-preview/operations.json module-version: 1.2.0 title: SecurityInsights @@ -74,29 +74,12 @@ subject-prefix: Sentinel inlining-threshold: 50 -# For new modules, please avoid setting 3.x using the use-extension method and instead, use 4.x as the default option -use-extension: - "@autorest/powershell": "3.x" - directive: - # Fixes/overrides to swaggers - # Fix to x-ms-enum when integer (https://github.com/Azure/autorest.powershell/issues/856) - - from: dataConnectors.json - where: $.definitions.Availability.properties.status - transform: >- - return { - "description": "The connector Availability Status", - "format": "int32", - "type": "integer", - "enum": [ - 1 - ] - } # Customize # Hide Operation API - - where: - subject: Operation - hide: true + # - where: + # subject: Operation + # hide: true # Hide OfficeConsent API - where: subject: OfficeConsent @@ -109,8 +92,12 @@ directive: # Change Sets to Updates to match current module - where: verb: Set + subject: AlertRuleAction set: verb: Update + - where: + verb: Set + remove: true # fix subject name to encrichment - where: subject: DomainWhois @@ -145,44 +132,15 @@ directive: set: verb: Get subject: EntityActivity - # Fix Update ThreatIntelligenceIndicator - - select: command - where: - verb: New - subject: ThreatIntelligenceIndicator - variant: CreateExpanded1 - set: - verb: Update - variant: UpdateExpanded - - select: command - where: - verb: New - subject: ThreatIntelligenceIndicator - variant: CreateViaIdentity1 - set: - verb: Update - variant: UpdateViaIdentity - - select: command - where: - verb: New - subject: ThreatIntelligenceIndicator - variant: CreateViaIdentityExpanded1 - set: - verb: Update - variant: UpdateViaIdentityExpanded - - where: - subject: ThreatIntelligenceIndicatorQuery - variant: QueryViaIdentityExpanded - remove: true # Fix Entity Insights - where: subject: EntityInsight - variant: ^Get$|^GetViaIdentity$ + variant: ^(Get|GetViaIdentity)(?!.*?Expanded) remove: true # Fix Entity TimeLime - where: subject: EntityTimeline - variant: List + variant: ^(List)(?!.*?Expanded) remove: true # Rename Id for user expierence - where: @@ -225,11 +183,6 @@ directive: parameter-name: Id set: alias: IncidentCommentId - #Remove Enrichment - - where: - subject: ^Enrichment$ - variant: ^GetViaIdenity$|^GetViaIdenity1$ - remove: true # Remove source control (requires OAUTH tokens) - where: subject: SourceControl @@ -240,14 +193,24 @@ directive: subject: DataConnectorsCheckRequirement hide: true - where: + verb: New + subject: ^AlertRule$|^DataConnector$|^EntityQuery$ + variant: Create + hide: true + - where: + verb: Update subject: ^AlertRule$|^DataConnector$|^EntityQuery$ - variant: ^Create$|^CreateExpanded$|^Update$|^UpdateExpanded$|^UpdateViaIdentity$|^UpdateViaIdentityExpanded$ + variant: Update hide: true + - where: + subject: ^AlertRule$|^DataConnector$|^EntityQuery$ + variant: ^(Create|Update)(?=.*?(Expanded|JsonFilePath|JsonString))|^CreateViaIdentity$|^CreateViaIdentityWorkspace$|^UpdateViaIdentity$ + remove: true - where: verb: ^Update$|^Remove$ subject: Setting hide: true - # Hide Etag as it isnt used + # Hide Etag as it isn't used - where: parameter-name: Etag hide: true @@ -255,16 +218,16 @@ directive: - where: verb: ^Add$|^New$|^Update$|^Remove$ subject: ThreatIntelligenceIndicator - hide: true + remove: true - where: verb: ^Add$|^New$|^Update$|^Remove$ subject: ThreatIntelligenceIndicatorTag - hide: true + remove: true # CCP - where: verb: ^Connect$|^Disconnect$ subject: DataConnector - hide: true + remove: true # cmdlet review feedback - where: subject: Bookmark @@ -296,11 +259,6 @@ directive: parameter-name: DataConnectorsCheckRequirement set: parameter-name: DataConnectorCheckRequirement - - where: - verb: New - subject: AlertRuleAction - variant: Create - hide: true - where: verb: New subject: ^AlertRuleAction$|^AutomationRule$|^Bookmark$|^Incident$|^IncidentComment$| @@ -319,28 +277,26 @@ directive: - where: verb: Expand subject: ^Bookmark$|^Entity$ - hide: true + remove: true - where: verb: ^New$|^Update$|^Remove$ subject: Metadata - hide: true + remove: true # Hide Source Control - where: verb: Get subject: SourceControlRepository hide: true - # Hide UpdateViaId and Update - - where: - variant: ^Update$|^UpdateViaIdentity$ - hide: true # Remove the unexpanded parameter set - where: - variant: ^Append$|^AppendViaIdentity$|^Connect$|^ConnectViaIdentity$|^CreateViaIdentity$|^CreateViaIdentityExpanded$|^Expand$|^ExpandViaIdentity$|^ExpandViaIdentityExpanded$|^GetViaIdentityExpanded$|^PostViaIdentity$|^Query$|^QueryViaIdentity$|^QueriesViaIdentity$|^Replace$|^ReplaceViaIdentity$ + subject: AlertRuleAction|AutomationRule|Bookmark|Incident|SentinelOnboardingState + variant: ^(Create|Update)(?!.*?(Expanded|JsonFilePath|JsonString))|^CreateViaIdentityExpanded$ remove: true - # fix Equals that conflicts with inhertied property - where: - enum-name: AutomationRulePropertyConditionSupportedOperator - enum-value-name: Equals - set: - enum-value-name: Equal + variant: ^(Append|Connect|Expand|Query|Replace)(?!.*?(Expanded|JsonFilePath|JsonString)) + remove: true + # Remove module-cross object (unknown) + - where: + variant: ^(Create|Update|Query|Queries|Replace|Get|Delete)(?=.*?Workspace) + remove: true ``` diff --git a/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelAlertRule.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelAlertRule.ps1 index b6b024229fff..f01ff35b4649 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelAlertRule.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelAlertRule.ps1 @@ -23,7 +23,7 @@ Creates the alert rule. https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentinelalertrule #> function New-AzSentinelAlertRule { - [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule])] + [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AlertRule])] [CmdletBinding(DefaultParameterSetName = 'FusionMLTI', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] param( [Parameter()] @@ -55,9 +55,9 @@ function New-AzSentinelAlertRule { ${RuleId}, [Parameter(Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", "NRT")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind] + [System.String] # Kind of the the data connection ${Kind}, @@ -100,14 +100,14 @@ function New-AzSentinelAlertRule { [Parameter(ParameterSetName = 'MicrosoftSecurityIncidentCreation', Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", "Office 365 Advanced Threat Protection", "Microsoft Defender Advanced Threat Protection")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName] + [System.String] ${ProductFilter}, [Parameter(ParameterSetName = 'MicrosoftSecurityIncidentCreation')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity[]] + [System.String[]] #High, Medium, Low, Informational ${SeveritiesFilter}, @@ -138,15 +138,15 @@ function New-AzSentinelAlertRule { [Parameter(ParameterSetName = 'NRT', Mandatory)] [Parameter(ParameterSetName = 'Scheduled', Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("High", "Medium", "Low", "Informational")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity] + [System.String] ${Severity}, [Parameter(ParameterSetName = 'NRT')] [Parameter(ParameterSetName = 'Scheduled')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - #[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("InitialAccess", "Execution", "Persistence", "PrivilegeEscalation", "DefenseEvasion", "CredentialAccess", "Discovery", "LateralMovement", "Collection", "Exfiltration", "CommandAndControl", "Impact", "PreAttack")] [System.String[]] #InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, Exfiltration, CommandAndControl, Impact, PreAttack ${Tactic}, @@ -187,22 +187,22 @@ function New-AzSentinelAlertRule { [Parameter(ParameterSetName = 'NRT')] [Parameter(ParameterSetName = 'Scheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("DisplayName", "Severity")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail[]] + [System.String[]] ${GroupByAlertDetail}, [Parameter(ParameterSetName = 'NRT')] [Parameter(ParameterSetName = 'Scheduled')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [string[]] + [System.String[]] ${GroupByCustomDetail}, [Parameter(ParameterSetName = 'NRT')] [Parameter(ParameterSetName = 'Scheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Account", "Host", "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", "MailMessage", "SubmissionMail")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType[]] + [System.String[]] ${GroupByEntity}, @@ -210,7 +210,7 @@ function New-AzSentinelAlertRule { [Parameter(ParameterSetName = 'Scheduled')] #'Account', 'Host', 'IP', 'Malware', 'File', 'Process', 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail' [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.EntityMapping[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.EntityMapping[]] ${EntityMapping}, [Parameter(ParameterSetName = 'NRT')] @@ -249,9 +249,9 @@ function New-AzSentinelAlertRule { ${QueryPeriod}, [Parameter(ParameterSetName = 'Scheduled', Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("GreaterThan", "LessThan", "Equal", "NotEqual")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator] + [System.String] ${TriggerOperator}, [Parameter(ParameterSetName = 'Scheduled', Mandatory)] @@ -260,9 +260,9 @@ function New-AzSentinelAlertRule { ${TriggerThreshold}, [Parameter(ParameterSetName = 'Scheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("SingleAlert", "AlertPerResult")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind] + [System.String] ${EventGroupingSettingAggregationKind}, [Parameter()] @@ -329,7 +329,7 @@ function New-AzSentinelAlertRule { try { #Fusion if ($PSBoundParameters['Kind'] -eq 'Fusion'){ - $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.FusionAlertRule]::new() + $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.FusionAlertRule]::new() $AlertRule.AlertRuleTemplateName = $PSBoundParameters['AlertRuleTemplate'] $null = $PSBoundParameters.Remove('AlertRuleTemplate') @@ -344,7 +344,7 @@ function New-AzSentinelAlertRule { } #MSIC if($PSBoundParameters['Kind'] -eq 'MicrosoftSecurityIncidentCreation'){ - $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MicrosoftSecurityIncidentCreationAlertRule]::new() + $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MicrosoftSecurityIncidentCreationAlertRule]::new() If($PSBoundParameters['AlertRuleTemplateName']){ $AlertRule.AlertRuleTemplateName = $PSBoundParameters['AlertRuleTemplateName'] @@ -384,7 +384,7 @@ function New-AzSentinelAlertRule { } #ML if ($PSBoundParameters['Kind'] -eq 'MLBehaviorAnalytics'){ - $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MlBehaviorAnalyticsAlertRule]::new() + $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MlBehaviorAnalyticsAlertRule]::new() $AlertRule.AlertRuleTemplateName = $PSBoundParameters['AlertRuleTemplate'] $null = $PSBoundParameters.Remove('AlertRuleTemplate') @@ -400,7 +400,7 @@ function New-AzSentinelAlertRule { #NRT if($PSBoundParameters['Kind'] -eq 'NRT'){ - $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.NrtAlertRule]::new() + $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.NrtAlertRule]::new() If($PSBoundParameters['AlertRuleTemplateName']){ $AlertRule.AlertRuleTemplateName = $PSBoundParameters['AlertRuleTemplateName'] @@ -518,7 +518,7 @@ function New-AzSentinelAlertRule { } #Scheduled if ($PSBoundParameters['Kind'] -eq 'Scheduled'){ - $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ScheduledAlertRule]::new() + $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ScheduledAlertRule]::new() If($PSBoundParameters['AlertRuleTemplateName']){ $AlertRule.AlertRuleTemplateName = $PSBoundParameters['AlertRuleTemplateName'] @@ -652,7 +652,7 @@ function New-AzSentinelAlertRule { } #TI if ($PSBoundParameters['Kind'] -eq 'ThreatIntelligence'){ - $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ThreatIntelligenceAlertRule]::new() + $AlertRule = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ThreatIntelligenceAlertRule]::new() $AlertRule.AlertRuleTemplateName = $PSBoundParameters['AlertRuleTemplate'] $null = $PSBoundParameters.Remove('AlertRuleTemplate') @@ -667,8 +667,9 @@ function New-AzSentinelAlertRule { } $null = $PSBoundParameters.Remove('FusionMLTI') - - $AlertRule.Kind = $PSBoundParameters['Kind'] + + #Autorest powershell V4 does not need the Kind property. The object has the Kind value for each. + # $AlertRule.Kind = $PSBoundParameters['Kind'] $null = $PSBoundParameters.Remove('Kind') $null = $PSBoundParameters.Add('AlertRule', $AlertRule) diff --git a/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelDataConnector.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelDataConnector.ps1 index 6b5fec092bc3..48b2d2bc8a4a 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelDataConnector.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelDataConnector.ps1 @@ -23,7 +23,7 @@ Creates or updates the data connector. https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentineldataconnector #> function New-AzSentinelDataConnector { - [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector])] + [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnector])] [CmdletBinding(DefaultParameterSetName = 'AADAATP', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] param( [Parameter()] @@ -53,9 +53,9 @@ function New-AzSentinelDataConnector { ${Id}, [Parameter(Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind] + [System.String] # Kind of the the data connection ${Kind}, @@ -88,25 +88,25 @@ function New-AzSentinelDataConnector { [Parameter(ParameterSetName = 'MicrosoftDefenderAdvancedThreatProtection')] [Parameter(ParameterSetName = 'OfficeATP')] [Parameter(ParameterSetName = 'OfficeIRM')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Alerts}, [Parameter(ParameterSetName = 'Dynamics365')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${CommonDataServiceActivity}, [Parameter(ParameterSetName = 'MicrosoftCloudAppSecurity')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${DiscoveryLog}, [Parameter(ParameterSetName = 'MicrosoftThreatIntelligence')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${BingSafetyPhishingURL}, @@ -118,7 +118,7 @@ function New-AzSentinelDataConnector { ${BingSafetyPhishingUrlLookbackPeriod}, [Parameter(ParameterSetName = 'MicrosoftThreatIntelligence')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${MicrosoftEmergingThreatFeed}, @@ -130,31 +130,31 @@ function New-AzSentinelDataConnector { ${MicrosoftEmergingThreatFeedLookbackPeriod}, [Parameter(ParameterSetName = 'MicrosoftThreatProtection')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Incident}, [Parameter(ParameterSetName = 'Office365')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Exchange}, [Parameter(ParameterSetName = 'Office365')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${SharePoint}, [Parameter(ParameterSetName = 'Office365')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Teams}, [Parameter(ParameterSetName = 'ThreatIntelligence')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Indicator}, @@ -196,9 +196,9 @@ function New-AzSentinelDataConnector { ${TaxiiLookbackPeriod}, [Parameter(ParameterSetName = 'ThreatIntelligenceTaxii', Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("OnceAMinute", "OnceAnHour", "OnceADay")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency] + [System.String] ${PollingFrequency}, [Parameter(ParameterSetName = 'AmazonWebServicesCloudTrail', Mandatory)] @@ -209,14 +209,14 @@ function New-AzSentinelDataConnector { [Parameter(ParameterSetName = 'AmazonWebServicesCloudTrail')] [Parameter(ParameterSetName = 'AmazonWebServicesS3', Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Log}, [Parameter(ParameterSetName = 'AmazonWebServicesS3', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [String[]] + [System.String[]] ${SQSURL}, [Parameter(ParameterSetName = 'AmazonWebServicesS3', Mandatory)] @@ -257,25 +257,25 @@ function New-AzSentinelDataConnector { [Parameter(ParameterSetName = 'GenericUI', Mandatory)] #[Parameter(ParameterSetName = 'APIPolling', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.GraphQueries[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.GraphQueries[]] ${UiConfigGraphQuery}, [Parameter(ParameterSetName = 'GenericUI', Mandatory)] #[Parameter(ParameterSetName = 'APIPolling', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.SampleQueries[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.SampleQueries[]] ${UiConfigSampleQuery}, [Parameter(ParameterSetName = 'GenericUI', Mandatory)] #[Parameter(ParameterSetName = 'APIPolling', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.LastDataReceivedDataType[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.LastDataReceivedDataType[]] ${UiConfigDataType}, [Parameter(ParameterSetName = 'GenericUI', Mandatory)] #[Parameter(ParameterSetName = 'APIPolling', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ConnectivityCriteria[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ConnectivityCriteria[]] ${UiConfigConnectivityCriterion}, [Parameter(ParameterSetName = 'GenericUI', Mandatory)] @@ -294,19 +294,19 @@ function New-AzSentinelDataConnector { [Parameter(ParameterSetName = 'GenericUI')] #[Parameter(ParameterSetName = 'APIPolling')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsResourceProviderItem[]] ${PermissionResourceProvider}, [Parameter(ParameterSetName = 'GenericUI')] #[Parameter(ParameterSetName = 'APIPolling')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsCustomsItem[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsCustomsItem[]] ${PermissionCustom}, [Parameter(ParameterSetName = 'GenericUI', Mandatory)] #[Parameter(ParameterSetName = 'APIPolling', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.InstructionSteps[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.InstructionSteps[]] ${UiConfigInstructionStep}, [Parameter()] @@ -372,7 +372,7 @@ function New-AzSentinelDataConnector { process { try { if ($PSBoundParameters['Kind'] -eq 'AzureActiveDirectory'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AadDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AadDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -383,7 +383,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'AzureAdvancedThreatProtection'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AatpDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AatpDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -394,7 +394,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'Dynamics365'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Dynamics365DataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Dynamics365DataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -405,7 +405,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'MicrosoftCloudAppSecurity'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.McasDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.McasDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -421,7 +421,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'MicrosoftDefenderAdvancedThreatProtection'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MdatpDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MdatpDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -432,7 +432,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'MicrosoftThreatIntelligence'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MstiDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MstiDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -487,7 +487,7 @@ function New-AzSentinelDataConnector { } if($PSBoundParameters['Kind'] -eq 'MicrosoftThreatProtection'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MtpDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MtpDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -498,7 +498,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'Office365'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.OfficeDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.OfficeDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -519,7 +519,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'OfficeATP'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.OfficeAtpDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.OfficeAtpDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -530,7 +530,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'OfficeIRM'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.OfficeIrmDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.OfficeIrmDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -541,7 +541,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'ThreatIntelligence'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.TiDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.TiDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -554,7 +554,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'ThreatIntelligenceTaxii'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.TiTaxiiDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.TiTaxiiDataConnector]::new() $DataConnector.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') @@ -596,7 +596,7 @@ function New-AzSentinelDataConnector { } if($PSBoundParameters['Kind'] -eq 'AzureSecurityCenter'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AscDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AscDataConnector]::new() $DataConnector.SubscriptionId = $PSBoundParameters['ASCSubscriptionId'] $null = $PSBoundParameters.Remove('ASCSubscriptionId') @@ -607,7 +607,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'AmazonWebServicesCloudTrail'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AwsCloudTrailDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AwsCloudTrailDataConnector]::new() $DataConnector.AWSRoleArn = $PSBoundParameters['AWSRoleArn'] $null = $PSBoundParameters.Remove('AWSRoleArn') @@ -618,7 +618,7 @@ function New-AzSentinelDataConnector { } } if($PSBoundParameters['Kind'] -eq 'AmazonWebServicesS3'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AwsCloudTrailDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AwsCloudTrailDataConnector]::new() $DataConnector.RoleArn = $PSBoundParameters['AWSRoleArn'] $null = $PSBoundParameters.Remove('AWSRoleArn') @@ -635,7 +635,7 @@ function New-AzSentinelDataConnector { $null = $PSBoundParameters.Remove('DetinationTable') } if($PSBoundParameters['Kind'] -eq 'GenericUI'){ - $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CodelessUiDataConnector]::new() + $DataConnector = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.CodelessUiDataConnector]::new() $DataConnector.ConnectorUiConfigTitle = $PSBoundParameters['UiConfigTitle'] $null = $PSBoundParameters.Remove('UiConfigTitle') @@ -691,8 +691,9 @@ function New-AzSentinelDataConnector { $null = $PSBoundParameters.Remove('UiConfigInstructionStep') } - - $DataConnector.Kind = $PSBoundParameters['Kind'] + + #Autorest powershell V4 does not need the Kind property. The object has the Kind value for each. + # $DataConnector.Kind = $PSBoundParameters['Kind'] $null = $PSBoundParameters.Remove('Kind') $null = $PSBoundParameters.Remove('DataConnector') diff --git a/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelEntityQuery.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelEntityQuery.ps1 index 7b4c4359d5cc..7c7f5bd36db8 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelEntityQuery.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/custom/New-AzSentinelEntityQuery.ps1 @@ -23,7 +23,7 @@ Creates or updates the entity query. https://learn.microsoft.com/powershell/module/az.securityinsights/new-azsentinelentityquery #> function New-AzSentinelEntityQuery { - [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery])] + [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.CustomEntityQuery])] [CmdletBinding(DefaultParameterSetName = 'Activity', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] param( [Parameter()] @@ -46,7 +46,9 @@ function New-AzSentinelEntityQuery { [System.String] # The name of the workspace. ${WorkspaceName}, - + + [Parameter()] + [Alias('EntityQueryId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.DefaultInfo(Script = '(New-Guid).Guid')] [System.String] @@ -54,9 +56,9 @@ function New-AzSentinelEntityQuery { ${Id}, [Parameter(Mandatory)] - [ArgumentCompleter( { param ( $CommandName, $EntityQueryName, $WordToComplete, $CommandAst, $FakeBoundParameters ) return @('Activity') })] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Activity","Expansion")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityQueryKind] + [System.String] # Kind of the the Entity Query ${Kind}, @@ -81,9 +83,9 @@ function New-AzSentinelEntityQuery { ${QueryDefinitionQuery}, [Parameter(ParameterSetName = 'Activity', Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Account", "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType] + [System.String] ${InputEntityType}, [Parameter(ParameterSetName = 'Activity')] @@ -93,7 +95,7 @@ function New-AzSentinelEntityQuery { [Parameter(ParameterSetName = 'Activity')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityEntityQueriesPropertiesEntitiesFilter] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ActivityEntityQueriesPropertiesEntitiesFilter] ${EntitiesFilter}, [Parameter(ParameterSetName = 'Activity')] @@ -165,7 +167,7 @@ function New-AzSentinelEntityQuery { try { if ($PSBoundParameters['Kind'] -eq 'Activity'){ - $EntityQuery = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityCustomEntityQuery]::new() + $EntityQuery = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ActivityCustomEntityQuery]::new() $EntityQuery.Title = $PSBoundParameters['Title'] $null = $PSBoundParameters.Remove('Title') diff --git a/src/SecurityInsights/SecurityInsights.Autorest/custom/Test-AzSentinelDataConnectorCheckRequirement.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/custom/Test-AzSentinelDataConnectorCheckRequirement.ps1 index 8c416263b84c..c95f66edee1f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/custom/Test-AzSentinelDataConnectorCheckRequirement.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/custom/Test-AzSentinelDataConnectorCheckRequirement.ps1 @@ -23,7 +23,7 @@ Get requirements state for a data connector type. https://learn.microsoft.com/powershell/module/az.securityinsights/test-azsentineldataconnectorcheckrequirement #> function Test-AzSentinelDataConnectorCheckRequirement { - [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnectorsCheckRequirements])] + [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnectorsCheckRequirements])] [CmdletBinding(DefaultParameterSetName = 'AADTenant', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] param( [Parameter()] @@ -48,9 +48,9 @@ function Test-AzSentinelDataConnectorCheckRequirement { ${WorkspaceName}, [Parameter(Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind] + [System.String] # Kind of the the data connection ${Kind}, @@ -136,68 +136,68 @@ function Test-AzSentinelDataConnectorCheckRequirement { try { if ($PSBoundParameters['Kind'] -eq 'AzureActiveDirectory'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AadCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AadCheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'AzureAdvancedThreatProtection'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AatpCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AatpCheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'Dynamics365'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Dynamics365CheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Dynamics365CheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'MicrosoftCloudAppSecurity'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MCASCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MCASCheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'MicrosoftDefenderAdvancedThreatProtection'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MDATPCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MDATPCheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'MicrosoftThreatIntelligence'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MSTICheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MSTICheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'MicrosoftThreatProtection'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.MtpCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.MtpCheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } #if($PSBoundParameters['Kind'] -eq 'Office365'){ - # $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Office365CheckRequirements]::new() + # $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Office365CheckRequirements]::new() # $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] # $null = $PSBoundParameters.Remove('TenantId') #} if($PSBoundParameters['Kind'] -eq 'OfficeATP'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.OfficeATPCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.OfficeATPCheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'OfficeIRM'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.OfficeIrmCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.OfficeIrmCheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'ThreatIntelligence'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.TICheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.TICheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'ThreatIntelligenceTaxii'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.TiTaxiiCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.TiTaxiiCheckRequirements]::new() $DataConnectorCheckRequirement.TenantId = $PSBoundParameters['TenantId'] $null = $PSBoundParameters.Remove('TenantId') } if($PSBoundParameters['Kind'] -eq 'AzureSecurityCenter'){ - $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ASCCheckRequirements]::new() + $DataConnectorCheckRequirement = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ASCCheckRequirements]::new() $DataConnectorCheckRequirement.SubscriptionId = $PSBoundParameters['ASCSubscriptionId'] $null = $PSBoundParameters.Remove('ASCSubscriptionId') } diff --git a/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelAlertRule.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelAlertRule.ps1 index 5b685ccfb790..e490855a0193 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelAlertRule.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelAlertRule.ps1 @@ -23,7 +23,7 @@ Updates the alert rule. https://learn.microsoft.com/powershell/module/az.securityinsights/Update-azsentinelalertrule #> function Update-AzSentinelAlertRule { - [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule])] + [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AlertRule])] [CmdletBinding(DefaultParameterSetName = 'UpdateScheduled', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] param( [Parameter(ParameterSetName = 'UpdateFusionMLTI')] @@ -160,15 +160,15 @@ function Update-AzSentinelAlertRule { [Parameter(ParameterSetName = 'UpdateMicrosoftSecurityIncidentCreation')] [Parameter(ParameterSetName = 'UpdateViaIdentityMicrosoftSecurityIncidentCreation')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", "Office 365 Advanced Threat Protection", "Microsoft Defender Advanced Threat Protection")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName] + [System.String] ${ProductFilter}, [Parameter(ParameterSetName = 'UpdateMicrosoftSecurityIncidentCreation')] [Parameter(ParameterSetName = 'UpdateViaIdentityMicrosoftSecurityIncidentCreation')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity[]] + [System.String[]] #High, Medium, Low, Informational ${SeveritiesFilter}, @@ -209,18 +209,17 @@ function Update-AzSentinelAlertRule { [Parameter(ParameterSetName = 'UpdateScheduled')] [Parameter(ParameterSetName = 'UpdateViaIdentityNRT')] [Parameter(ParameterSetName = 'UpdateViaIdentityUpdateScheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("High", "Medium", "Low", "Informational")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity] + [System.String] ${Severity}, [Parameter(ParameterSetName = 'UpdateNRT')] [Parameter(ParameterSetName = 'UpdateScheduled')] [Parameter(ParameterSetName = 'UpdateViaIdentityNRT')] [Parameter(ParameterSetName = 'UpdateViaIdentityUpdateScheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("InitialAccess", "Execution", "Persistence", "PrivilegeEscalation", "DefenseEvasion", "CredentialAccess", "Discovery", "LateralMovement", "Collection", "Exfiltration", "CommandAndControl", "Impact", "PreAttack")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic] [System.String[]] ${Tactic}, @@ -273,9 +272,9 @@ function Update-AzSentinelAlertRule { [Parameter(ParameterSetName = 'UpdateScheduled')] [Parameter(ParameterSetName = 'UpdateViaIdentityNRT')] [Parameter(ParameterSetName = 'UpdateViaIdentityUpdateScheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("DisplayName", "Severity")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail[]] + [System.String[]] ${GroupByAlertDetail}, [Parameter(ParameterSetName = 'UpdateNRT')] @@ -283,16 +282,16 @@ function Update-AzSentinelAlertRule { [Parameter(ParameterSetName = 'UpdateViaIdentityNRT')] [Parameter(ParameterSetName = 'UpdateViaIdentityUpdateScheduled')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [string[]] + [System.String[]] ${GroupByCustomDetail}, [Parameter(ParameterSetName = 'UpdateNRT')] [Parameter(ParameterSetName = 'UpdateScheduled')] [Parameter(ParameterSetName = 'UpdateViaIdentityNRT')] [Parameter(ParameterSetName = 'UpdateViaIdentityUpdateScheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Account", "Host", "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", "MailMessage", "SubmissionMail")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType[]] + [System.String[]] ${GroupByEntity}, @@ -302,7 +301,7 @@ function Update-AzSentinelAlertRule { [Parameter(ParameterSetName = 'UpdateViaIdentityUpdateScheduled')] #'Account', 'Host', 'IP', 'Malware', 'File', 'Process', 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail' [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.EntityMapping[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.EntityMapping[]] ${EntityMapping}, [Parameter(ParameterSetName = 'UpdateNRT')] @@ -352,9 +351,9 @@ function Update-AzSentinelAlertRule { [Parameter(ParameterSetName = 'UpdateScheduled')] [Parameter(ParameterSetName = 'UpdateViaIdentityUpdateScheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("GreaterThan", "LessThan", "Equal", "NotEqual")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator] + [string] ${TriggerOperator}, [Parameter(ParameterSetName = 'UpdateScheduled')] @@ -365,9 +364,9 @@ function Update-AzSentinelAlertRule { [Parameter(ParameterSetName = 'UpdateScheduled')] [Parameter(ParameterSetName = 'UpdateViaIdentityUpdateScheduled')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("SingleAlert", "AlertPerResult")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind] + [string] ${EventGroupingSettingAggregationKind}, [Parameter()] diff --git a/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelDataConnector.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelDataConnector.ps1 index ac1241ccf167..4f2f178096a8 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelDataConnector.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelDataConnector.ps1 @@ -23,7 +23,7 @@ Updates the data connector. https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentineldataconnector #> function Update-AzSentinelDataConnector { - [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector])] + [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnector])] [CmdletBinding(DefaultParameterSetName = 'UpdateAADAATP', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] param( [Parameter(ParameterSetName = 'UpdateAmazonWebServicesCloudTrail')] @@ -270,28 +270,28 @@ function Update-AzSentinelDataConnector { [Parameter(ParameterSetName = 'UpdateViaIdentityMicrosoftDefenderAdvancedThreatProtection')] [Parameter(ParameterSetName = 'UpdateViaIdentityOfficeATP')] [Parameter(ParameterSetName = 'UpdateViaIdentityOfficeIRM')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Alerts}, [Parameter(ParameterSetName = 'UpdateDynamics365')] [Parameter(ParameterSetName = 'UpdateViaIdentityDynamics365')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${CommonDataServiceActivity}, [Parameter(ParameterSetName = 'UpdateMicrosoftCloudAppSecurity')] [Parameter(ParameterSetName = 'UpdateViaIdentityMicrosoftCloudAppSecurity')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${DiscoveryLog}, [Parameter(ParameterSetName = 'UpdateMicrosoftThreatIntelligence')] [Parameter(ParameterSetName = 'UpdateViaIdentityMicrosoftThreatIntelligence')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${BingSafetyPhishinURL}, @@ -305,7 +305,7 @@ function Update-AzSentinelDataConnector { [Parameter(ParameterSetName = 'UpdateMicrosoftThreatIntelligence')] [Parameter(ParameterSetName = 'UpdateViaIdentityMicrosoftThreatIntelligence')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${MicrosoftEmergingThreatFeed}, @@ -319,35 +319,35 @@ function Update-AzSentinelDataConnector { [Parameter(ParameterSetName = 'UpdateMicrosoftThreatProtection')] [Parameter(ParameterSetName = 'UpdateViaIdentityMicrosoftThreatProtection')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Incident}, [Parameter(ParameterSetName = 'UpdateOffice365')] [Parameter(ParameterSetName = 'UpdateViaIdentityOffice365')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Exchange}, [Parameter(ParameterSetName = 'UpdateOffice365')] [Parameter(ParameterSetName = 'UpdateViaIdentityOffice365')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${SharePoint}, [Parameter(ParameterSetName = 'UpdateOffice365')] [Parameter(ParameterSetName = 'UpdateViaIdentityOffice365')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Teams}, [Parameter(ParameterSetName = 'UpdateThreatIntelligence')] [Parameter(ParameterSetName = 'UpdateViaIdentityThreatIntelligence')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Indicator}, @@ -396,9 +396,9 @@ function Update-AzSentinelDataConnector { [Parameter(ParameterSetName = 'UpdateThreatIntelligenceTaxii')] [Parameter(ParameterSetName = 'UpdateViaIdentityThreatIntelligenceTaxii')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("OnceAMinute", "OnceAnHour", "OnceADay")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency] + [System.String] ${PollingFrequency}, [Parameter(ParameterSetName = 'UpdateAmazonWebServicesCloudTrail')] @@ -413,7 +413,7 @@ function Update-AzSentinelDataConnector { [Parameter(ParameterSetName = 'UpdateAmazonWebServicesS3')] [Parameter(ParameterSetName = 'UpdateViaIdentityAmazonWebServicesCloudTrail')] [Parameter(ParameterSetName = 'UpdateViaIdentityAmazonWebServicesS3')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataTypeState])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Enabled", "Disabled")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] ${Log}, @@ -463,25 +463,25 @@ function Update-AzSentinelDataConnector { [Parameter(ParameterSetName = 'UpdateGenericUI')] [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.GraphQueries[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.GraphQueries[]] ${UiConfigGraphQuery}, [Parameter(ParameterSetName = 'UpdateGenericUI')] [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.SampleQueries[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.SampleQueries[]] ${UiConfigSampleQuery}, [Parameter(ParameterSetName = 'UpdateGenericUI')] [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.LastDataReceivedDataType[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.LastDataReceivedDataType[]] ${UiConfigDataType}, [Parameter(ParameterSetName = 'UpdateGenericUI')] [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ConnectivityCriteria[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ConnectivityCriteria[]] ${UiConfigConnectivityCriterion}, [Parameter(ParameterSetName = 'UpdateGenericUI')] @@ -500,19 +500,19 @@ function Update-AzSentinelDataConnector { [Parameter(ParameterSetName = 'UpdateGenericUI')] [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsResourceProviderItem[]] ${PermissionResourceProvider}, [Parameter(ParameterSetName = 'UpdateGenericUI')] [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsCustomsItem[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsCustomsItem[]] ${PermissionCustom}, [Parameter(ParameterSetName = 'UpdateGenericUI')] [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.InstructionSteps[]] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.InstructionSteps[]] ${UiConfigInstructionStep}, [Parameter()] diff --git a/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelEntityQuery.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelEntityQuery.ps1 index 6c6de877501b..6e6e34056b73 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelEntityQuery.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelEntityQuery.ps1 @@ -23,7 +23,7 @@ Updates the entity query. https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelentityquery #> function Update-AzSentinelEntityQuery { - [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery])] + [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.CustomEntityQuery])] [CmdletBinding(DefaultParameterSetName = 'UpdateActivity', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] param( [Parameter(ParameterSetName = 'UpdateActivity')] @@ -48,10 +48,11 @@ function Update-AzSentinelEntityQuery { ${WorkspaceName}, [Parameter(ParameterSetName = 'UpdateActivity', Mandatory)] + [Alias('EntityQueryId')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] [System.String] # The Id of the Entity Query. - ${EntityQueryId}, + ${Id}, [Parameter(ParameterSetName = 'UpdateViaIdentityActivity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Path')] @@ -86,9 +87,9 @@ function Update-AzSentinelEntityQuery { [Parameter(ParameterSetName = 'UpdateActivity')] [Parameter(ParameterSetName = 'UpdateViaIdentityActivity')] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Account", "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType] + [System.String] ${InputEntityType}, [Parameter(ParameterSetName = 'UpdateActivity')] @@ -100,7 +101,7 @@ function Update-AzSentinelEntityQuery { [Parameter(ParameterSetName = 'UpdateActivity')] [Parameter(ParameterSetName = 'UpdateViaIdentityActivity')] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityEntityQueriesPropertiesEntitiesFilter] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ActivityEntityQueriesPropertiesEntitiesFilter] ${EntitiesFilter}, [Parameter(ParameterSetName = 'UpdateActivity')] diff --git a/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelSetting.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelSetting.ps1 index 932e88e09df6..f2603c766d01 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelSetting.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/custom/Update-AzSentinelSetting.ps1 @@ -23,7 +23,7 @@ Updates setting. https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelsetting #> function Update-AzSentinelSetting { - [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Settings])] + [OutputType([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Settings])] [CmdletBinding(DefaultParameterSetName = 'UpdateExpandedAnomaliesEyesOnEntityAnalytics', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] param( [Parameter(ParameterSetName = 'UpdateExpandedAnomaliesEyesOnEntityAnalytics')] @@ -52,7 +52,7 @@ function Update-AzSentinelSetting { [Parameter(ParameterSetName = 'UpdateExpandedAnomaliesEyesOnEntityAnalytics', Mandatory)] [Parameter(ParameterSetName = 'UpdateExpandedUeba', Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SettingKind])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("Anomalies", "EyesOn", "EntityAnalytics", "Ueba")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] [System.String] # The setting Name @@ -78,9 +78,9 @@ function Update-AzSentinelSetting { #.Ueba [Parameter(ParameterSetName = 'UpdateExpandedUeba', Mandatory)] [Parameter(ParameterSetName = 'UpdateViaIdentityExpandedUeba', Mandatory)] - [ArgumentCompleter([Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.UebaDataSources])] + [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.PSArgumentCompleterAttribute("AuditLogs", "AzureActivity", "SecurityEvent", "SigninLogs")] [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Category('Body')] - [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.UebaDataSources[]] + [System.String[]] ${DataSource}, [Parameter()] diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Az.SecurityInsights.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Az.SecurityInsights.md index b83e4905d45a..b64a0e616e93 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Az.SecurityInsights.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Az.SecurityInsights.md @@ -1,6 +1,6 @@ --- Module Name: Az.SecurityInsights -Module Guid: 3a0e09d6-7b89-4078-a565-5db26e7455b8 +Module Guid: 30887292-63d0-435d-8713-830b8f4d72fc Download Help Link: https://learn.microsoft.com/powershell/module/az.securityinsights Help Version: 1.0.0.0 Locale: en-US @@ -96,16 +96,16 @@ Query threat intelligence indicators as per filtering criteria. Creates the alert rule. ### [New-AzSentinelAlertRuleAction](New-AzSentinelAlertRuleAction.md) -Creates or updates the action of alert rule. +Create the action of alert rule. ### [New-AzSentinelAutomationRule](New-AzSentinelAutomationRule.md) -Creates or updates the automation rule. +Create the automation rule. ### [New-AzSentinelBookmark](New-AzSentinelBookmark.md) -Creates or updates the bookmark. +Create the bookmark. ### [New-AzSentinelBookmarkRelation](New-AzSentinelBookmarkRelation.md) -Creates the bookmark relation. +Create the bookmark relation. ### [New-AzSentinelDataConnector](New-AzSentinelDataConnector.md) Creates or updates the data connector. @@ -114,16 +114,16 @@ Creates or updates the data connector. Creates or updates the entity query. ### [New-AzSentinelIncident](New-AzSentinelIncident.md) -Creates or updates the incident. +Create the incident. ### [New-AzSentinelIncidentComment](New-AzSentinelIncidentComment.md) -Creates or updates the incident comment. +Create the incident comment. ### [New-AzSentinelIncidentRelation](New-AzSentinelIncidentRelation.md) -Creates or updates the incident relation. +Create the incident relation. ### [New-AzSentinelIncidentTeam](New-AzSentinelIncidentTeam.md) -Creates a Microsoft team to investigate the incident by sharing information and insights between participants. +Create a Microsoft team to investigate the incident by sharing information and insights between participants. ### [New-AzSentinelOnboardingState](New-AzSentinelOnboardingState.md) Create Sentinel onboarding state @@ -168,16 +168,16 @@ Get requirements state for a data connector type. Updates the alert rule. ### [Update-AzSentinelAlertRuleAction](Update-AzSentinelAlertRuleAction.md) -Creates or updates the action of alert rule. +Update the action of alert rule. ### [Update-AzSentinelAutomationRule](Update-AzSentinelAutomationRule.md) -Creates or updates the automation rule. +Update the automation rule. ### [Update-AzSentinelBookmark](Update-AzSentinelBookmark.md) -Creates or updates the bookmark. +Update the bookmark. ### [Update-AzSentinelBookmarkRelation](Update-AzSentinelBookmarkRelation.md) -Creates the bookmark relation. +Update the bookmark relation. ### [Update-AzSentinelDataConnector](Update-AzSentinelDataConnector.md) Updates the data connector. @@ -186,13 +186,16 @@ Updates the data connector. Updates the entity query. ### [Update-AzSentinelIncident](Update-AzSentinelIncident.md) -Creates or updates the incident. +Update the incident. ### [Update-AzSentinelIncidentComment](Update-AzSentinelIncidentComment.md) -Creates or updates the incident comment. +Update the incident comment. ### [Update-AzSentinelIncidentRelation](Update-AzSentinelIncidentRelation.md) -Creates or updates the incident relation. +Update the incident relation. + +### [Update-AzSentinelOnboardingState](Update-AzSentinelOnboardingState.md) +Update Sentinel onboarding state ### [Update-AzSentinelSetting](Update-AzSentinelSetting.md) Updates setting. diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRule.md index d88fae2c7bba..6832d2ec925f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRule.md @@ -113,7 +113,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -197,7 +196,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAlertRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRuleAction.md index 72e75fc020b1..a833d2524fc1 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRuleAction.md @@ -30,6 +30,12 @@ Get-AzSentinelAlertRuleAction -InputObject [-Default [] ``` +### GetViaIdentityAlertRule +``` +Get-AzSentinelAlertRuleAction -AlertRuleInputObject -Id + [-DefaultProfile ] [] +``` + ## DESCRIPTION Gets the action of alert rule. @@ -54,6 +60,21 @@ This command lists all Actions for a given Alert Rule. ## PARAMETERS +### -AlertRuleInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityAlertRule +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -75,7 +96,7 @@ Action ID ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: Get, GetViaIdentityAlertRule Aliases: ActionId Required: True @@ -87,7 +108,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -171,7 +191,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IActionResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRuleTemplate.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRuleTemplate.md index cddb95aa6682..60d6708fe858 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRuleTemplate.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAlertRuleTemplate.md @@ -114,7 +114,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -183,7 +182,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRuleTemplate +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAlertRuleTemplate ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAutomationRule.md index cb7607c2deb4..fe7c99c2e275 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelAutomationRule.md @@ -105,7 +105,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -174,7 +173,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelBookmark.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelBookmark.md index 0fe583825b85..a32fa4d4a0cb 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelBookmark.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelBookmark.md @@ -103,7 +103,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -172,7 +171,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IBookmark ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelBookmarkRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelBookmarkRelation.md index 160e332d5ea9..1c7d35f42820 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelBookmarkRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelBookmarkRelation.md @@ -31,6 +31,12 @@ Get-AzSentinelBookmarkRelation -InputObject [-Defaul [] ``` +### GetViaIdentityBookmark +``` +Get-AzSentinelBookmarkRelation -BookmarkInputObject -RelationName + [-DefaultProfile ] [] +``` + ## DESCRIPTION Gets a bookmark relation. @@ -93,6 +99,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -BookmarkInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityBookmark +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -127,7 +148,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -162,7 +182,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: Get, GetViaIdentityBookmark Aliases: Required: True @@ -260,7 +280,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelDataConnector.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelDataConnector.md index a61d5e8fdc04..fb4d13552cf4 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelDataConnector.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelDataConnector.md @@ -102,7 +102,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -171,7 +170,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IDataConnector ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEnrichment.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEnrichment.md index 1f8c0537c973..a43d5964f528 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEnrichment.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEnrichment.md @@ -24,18 +24,6 @@ Get-AzSentinelEnrichment -ResourceGroupName -Domain [-Subscrip [-DefaultProfile ] [] ``` -### GetViaIdentity -``` -Get-AzSentinelEnrichment -InputObject -IPAddress - [-DefaultProfile ] [] -``` - -### GetViaIdentity1 -``` -Get-AzSentinelEnrichment -InputObject -Domain - [-DefaultProfile ] [] -``` - ## DESCRIPTION Get geodata for a single IP address @@ -107,7 +95,7 @@ Domain name to be enriched ```yaml Type: System.String -Parameter Sets: Get1, GetViaIdentity1 +Parameter Sets: Get1 Aliases: Required: True @@ -117,28 +105,12 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -InputObject -Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. - -```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity -Parameter Sets: GetViaIdentity, GetViaIdentity1 -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -IPAddress IP address (v4 or v6) to be enriched ```yaml Type: System.String -Parameter Sets: Get, GetViaIdentity +Parameter Sets: Get Aliases: Required: True @@ -154,7 +126,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: Get, Get1 +Parameter Sets: (All) Aliases: Required: True @@ -169,7 +141,7 @@ The ID of the target subscription. ```yaml Type: System.String[] -Parameter Sets: Get, Get1 +Parameter Sets: (All) Aliases: Required: False @@ -184,13 +156,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentDomainWhois +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEnrichmentDomainWhois -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentIPGeodata +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEnrichmentIPGeodata ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntity.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntity.md index 78c778cb8f7e..a1ce78f8560f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntity.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntity.md @@ -67,8 +67,8 @@ This command gets an Entity. ### Example 3: Get a Entity by object Id ```powershell - $Entitys = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" - $Entitys[0] | Get-AzSentinelEntity + $Entities = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" + $Entities[0] | Get-AzSentinelEntity ``` ```output @@ -127,7 +127,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -196,7 +195,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntity +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntity ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityActivity.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityActivity.md index bfb7275e5c59..040e88c67073 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityActivity.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityActivity.md @@ -12,11 +12,18 @@ Get Insights and Activities for an entity. ## SYNTAX +### Queries (Default) ``` Get-AzSentinelEntityActivity -EntityId -ResourceGroupName -WorkspaceName [-SubscriptionId ] [-DefaultProfile ] [] ``` +### QueriesViaIdentity +``` +Get-AzSentinelEntityActivity -InputObject [-DefaultProfile ] + [] +``` + ## DESCRIPTION Get Insights and Activities for an entity. @@ -74,7 +81,7 @@ entity ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: Queries Aliases: Required: True @@ -84,13 +91,28 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -InputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: QueriesViaIdentity +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -ResourceGroupName The name of the resource group. The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: Queries Aliases: Required: True @@ -105,7 +127,7 @@ The ID of the target subscription. ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: Queries Aliases: Required: False @@ -120,7 +142,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: Queries Aliases: Required: True @@ -135,9 +157,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQueryItem +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IGetQueriesResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityInsight.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityInsight.md index dd05ca0a7e69..27b0d9d36830 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityInsight.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityInsight.md @@ -12,12 +12,20 @@ Execute Insights for an entity. ## SYNTAX +### GetExpanded (Default) ``` Get-AzSentinelEntityInsight -EntityId -ResourceGroupName -WorkspaceName -EndTime -StartTime [-SubscriptionId ] [-AddDefaultExtendedTimeRange] [-InsightQueryId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` +### GetViaIdentityExpanded +``` +Get-AzSentinelEntityInsight -InputObject -EndTime -StartTime + [-AddDefaultExtendedTimeRange] [-InsightQueryId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + ## DESCRIPTION Execute Insights for an entity. @@ -44,7 +52,7 @@ This command gets insights for an Entity for a given time range. ```powershell $startTime = (Get-Date).AddDays(-7).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z" $endTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z" - $Entity = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "8d036a2d-f37d-e936-6cca-4e172687cb79" + $Entity = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "00001111-aaaa-2222-bbbb-3333cccc4444" $Entity | Get-AzSentinelEntityInsight -EndTime $endTime -StartTime $startTime ``` @@ -112,7 +120,7 @@ entity ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: GetExpanded Aliases: Required: True @@ -122,6 +130,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -InputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InsightQueryId List of Insights Query Id. If empty, default value is all insights of this entity @@ -144,7 +167,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: GetExpanded Aliases: Required: True @@ -174,7 +197,7 @@ The ID of the target subscription. ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: GetExpanded Aliases: Required: False @@ -189,7 +212,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: GetExpanded Aliases: Required: True @@ -235,9 +258,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityGetInsightsResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityGetInsightsResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityQuery.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityQuery.md index 1ba6c7d485de..e795898575c8 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityQuery.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityQuery.md @@ -132,7 +132,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -216,7 +215,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQuery +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityQuery ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityQueryTemplate.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityQueryTemplate.md index d639fd432785..782e36c02541 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityQueryTemplate.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityQueryTemplate.md @@ -120,7 +120,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -204,7 +203,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQueryTemplate +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityQueryTemplate ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityRelation.md index ee86f37000fd..c3a21e944fb9 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityRelation.md @@ -31,6 +31,12 @@ Get-AzSentinelEntityRelation -InputObject [-DefaultP [] ``` +### GetViaIdentityEntity +``` +Get-AzSentinelEntityRelation -EntityInputObject -RelationName + [-DefaultProfile ] [] +``` + ## DESCRIPTION Gets an entity relation. @@ -91,6 +97,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -EntityInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityEntity +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -Filter Filters the results, based on a Boolean condition. Optional. @@ -109,7 +130,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -144,7 +164,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: Get, GetViaIdentityEntity Aliases: Required: True @@ -242,7 +262,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityTimeline.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityTimeline.md index f022e6f10d43..d8ed38859874 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityTimeline.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelEntityTimeline.md @@ -14,7 +14,7 @@ Timeline for an entity. ``` Get-AzSentinelEntityTimeline -EntityId -ResourceGroupName -WorkspaceName - -EndTime -StartTime [-SubscriptionId ] [-Kind ] + -EndTime -StartTime [-SubscriptionId ] [-Kind ] [-NumberOfBucket ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` @@ -95,7 +95,7 @@ Accept wildcard characters: False Array of timeline Item kinds. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityTimelineKind[] +Type: System.String[] Parameter Sets: (All) Aliases: @@ -220,7 +220,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityTimelineResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityTimelineResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncident.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncident.md index c15c3e2801ab..b73e28cebb70 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncident.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncident.md @@ -121,7 +121,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -239,7 +238,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncident ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentAlert.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentAlert.md index fe0ec5b53713..784a1ea4d6fa 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentAlert.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentAlert.md @@ -158,7 +158,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISecurityAlert +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentAlertList ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentBookmark.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentBookmark.md index 4cdfbcc80e8e..108d374ca4a2 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentBookmark.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentBookmark.md @@ -157,7 +157,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IHuntingBookmark +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentBookmarkList ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentComment.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentComment.md index 2f4e84b54292..9597b300759f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentComment.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentComment.md @@ -31,6 +31,12 @@ Get-AzSentinelIncidentComment -InputObject [-Default [] ``` +### GetViaIdentityIncident +``` +Get-AzSentinelIncidentComment -Id -IncidentInputObject + [-DefaultProfile ] [] +``` + ## DESCRIPTION Gets an incident comment. @@ -108,7 +114,7 @@ Incident comment ID ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: Get, GetViaIdentityIncident Aliases: IncidentCommentId Required: True @@ -133,9 +139,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityIncident +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -253,7 +273,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentComment ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentEntity.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentEntity.md index 09dee1c030a6..9344a6ccefb6 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentEntity.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentEntity.md @@ -152,7 +152,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentEntitiesResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentEntitiesResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentRelation.md index 5d6dea9d95c1..46c7943370f2 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelIncidentRelation.md @@ -31,6 +31,12 @@ Get-AzSentinelIncidentRelation -InputObject [-Defaul [] ``` +### GetViaIdentityIncident +``` +Get-AzSentinelIncidentRelation -IncidentInputObject -RelationName + [-DefaultProfile ] [] +``` + ## DESCRIPTION Gets an incident relation. @@ -133,9 +139,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityIncident +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -170,7 +190,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: Get, GetViaIdentityIncident Aliases: Required: True @@ -268,7 +288,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelMetadata.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelMetadata.md index 8e9b08aa8d3b..5f4fd125003a 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelMetadata.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelMetadata.md @@ -85,7 +85,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -217,7 +216,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IMetadataModel ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelOnboardingState.md index bfdc0c6f797e..c0dd1bd67aac 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelOnboardingState.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelOnboardingState.md @@ -79,7 +79,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -164,7 +163,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISentinelOnboardingState +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISentinelOnboardingState + +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISentinelOnboardingStatesList ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelSetting.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelSetting.md index 480f11433513..3f109891f75f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelSetting.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelSetting.md @@ -110,7 +110,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -195,7 +194,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISettings +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISettingList + +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISettings ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelThreatIntelligenceIndicator.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelThreatIntelligenceIndicator.md index 49b471e887e5..bad69c7ce86b 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelThreatIntelligenceIndicator.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelThreatIntelligenceIndicator.md @@ -117,7 +117,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -250,7 +249,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IThreatIntelligenceInformation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelThreatIntelligenceIndicatorMetric.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelThreatIntelligenceIndicatorMetric.md index db28e0be3015..e5ffc8989b38 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelThreatIntelligenceIndicatorMetric.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Get-AzSentinelThreatIntelligenceIndicatorMetric.md @@ -107,7 +107,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceMetrics +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IThreatIntelligenceMetricsList ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Invoke-AzSentinelThreatIntelligenceIndicatorQuery.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Invoke-AzSentinelThreatIntelligenceIndicatorQuery.md index 2302e83c5f64..3db8eab7b1f1 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Invoke-AzSentinelThreatIntelligenceIndicatorQuery.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Invoke-AzSentinelThreatIntelligenceIndicatorQuery.md @@ -12,6 +12,7 @@ Query threat intelligence indicators as per filtering criteria. ## SYNTAX +### QueryExpanded (Default) ``` Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName -WorkspaceName [-SubscriptionId ] [-Id ] [-IncludeDisabled] [-Keyword ] [-MaxConfidence ] @@ -21,6 +22,29 @@ Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName -W [] ``` +### QueryViaIdentityExpanded +``` +Invoke-AzSentinelThreatIntelligenceIndicatorQuery -InputObject [-Id ] + [-IncludeDisabled] [-Keyword ] [-MaxConfidence ] [-MaxValidUntil ] + [-MinConfidence ] [-MinValidUntil ] [-PageSize ] [-PatternType ] + [-SkipToken ] [-SortBy ] [-Source ] + [-ThreatType ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + +### QueryViaJsonFilePath +``` +Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName -WorkspaceName + -JsonFilePath [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + +### QueryViaJsonString +``` +Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName -WorkspaceName + -JsonString [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + ## DESCRIPTION Query threat intelligence indicators as per filtering criteria. @@ -62,7 +86,7 @@ Ids of threat intelligence indicators ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -77,7 +101,7 @@ Parameter to include/exclude disabled indicators. ```yaml Type: System.Management.Automation.SwitchParameter -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -87,12 +111,57 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -InputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: QueryViaIdentityExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -JsonFilePath +Path of Json file supplied to the Query operation + +```yaml +Type: System.String +Parameter Sets: QueryViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Query operation + +```yaml +Type: System.String +Parameter Sets: QueryViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Keyword Keywords for searching threat intelligence indicators ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -107,7 +176,7 @@ Maximum confidence. ```yaml Type: System.Int32 -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -122,7 +191,7 @@ End time for ValidUntil filter. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -137,7 +206,7 @@ Minimum confidence. ```yaml Type: System.Int32 -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -152,7 +221,7 @@ Start time for ValidUntil filter. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -167,7 +236,7 @@ Page size ```yaml Type: System.Int32 -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -182,7 +251,7 @@ Pattern types ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -198,7 +267,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaJsonFilePath, QueryViaJsonString Aliases: Required: True @@ -213,7 +282,7 @@ Skip token. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -225,11 +294,10 @@ Accept wildcard characters: False ### -SortBy Columns to sort by and sorting order -To construct, see NOTES section for SORTBY properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceSortingCriteria[] -Parameter Sets: (All) +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IThreatIntelligenceSortingCriteria[] +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -244,7 +312,7 @@ Sources of threat intelligence indicators ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -259,7 +327,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaJsonFilePath, QueryViaJsonString Aliases: Required: False @@ -274,7 +342,7 @@ Threat types of threat intelligence indicators ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -289,7 +357,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaJsonFilePath, QueryViaJsonString Aliases: Required: True @@ -335,9 +403,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IThreatIntelligenceInformation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAlertRule.md index cd5453b81089..85f70988ba8f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAlertRule.md @@ -15,27 +15,27 @@ Creates the alert rule. ### FusionMLTI (Default) ``` New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -AlertRuleTemplate - -Kind [-RuleId ] [-SubscriptionId ] [-Enabled] [-DefaultProfile ] - [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + -Kind [-RuleId ] [-SubscriptionId ] [-Enabled] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### MicrosoftSecurityIncidentCreation ``` -New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -Kind - -ProductFilter [-RuleId ] [-SubscriptionId ] - [-AlertRuleTemplateName ] [-Description ] [-DisplayNamesExcludeFilter ] - [-DisplayNamesFilter ] [-Enabled] [-SeveritiesFilter ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] +New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -Kind + -ProductFilter [-RuleId ] [-SubscriptionId ] [-AlertRuleTemplateName ] + [-Description ] [-DisplayNamesExcludeFilter ] [-DisplayNamesFilter ] [-Enabled] + [-SeveritiesFilter ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] + [] ``` ### NRT ``` New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -DisplayName - -Kind -Query -Severity [-RuleId ] [-SubscriptionId ] + -Kind -Query -Severity [-RuleId ] [-SubscriptionId ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertRuleTemplateName ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-CreateIncident] - [-Description ] [-Enabled] [-EntityMapping ] [-GroupByAlertDetail ] - [-GroupByCustomDetail ] [-GroupByEntity ] [-GroupingConfigurationEnabled] + [-Description ] [-Enabled] [-EntityMapping ] [-GroupByAlertDetail ] + [-GroupByCustomDetail ] [-GroupByEntity ] [-GroupingConfigurationEnabled] [-LookbackDuration ] [-MatchingMethod ] [-ReOpenClosedIncident] [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] @@ -44,13 +44,13 @@ New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -Dis ### Scheduled ``` New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -DisplayName - -Kind -Query -QueryFrequency -QueryPeriod - -Severity -TriggerOperator -TriggerThreshold [-RuleId ] - [-SubscriptionId ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] - [-AlertRuleTemplateName ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] - [-CreateIncident] [-Description ] [-Enabled] [-EntityMapping ] - [-EventGroupingSettingAggregationKind ] [-GroupByAlertDetail ] - [-GroupByCustomDetail ] [-GroupByEntity ] [-GroupingConfigurationEnabled] + -Kind -Query -QueryFrequency -QueryPeriod -Severity + -TriggerOperator -TriggerThreshold [-RuleId ] [-SubscriptionId ] + [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertRuleTemplateName ] + [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-CreateIncident] + [-Description ] [-Enabled] [-EntityMapping ] + [-EventGroupingSettingAggregationKind ] [-GroupByAlertDetail ] + [-GroupByCustomDetail ] [-GroupByEntity ] [-GroupingConfigurationEnabled] [-LookbackDuration ] [-MatchingMethod ] [-ReOpenClosedIncident] [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] @@ -95,7 +95,7 @@ This command creates an Alert Rule of the MicrosoftSecurityIncidentCreation kind ### Example 5: Create a Scheduled Alert Rule ```powershell -New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Exection Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventId == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10 +New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Execution Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventID == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10 ``` This command creates an Alert Rule of the Scheduled kind. @@ -323,10 +323,9 @@ Accept wildcard characters: False ### -EntityMapping 'Account', 'Host', 'IP', 'Malware', 'File', 'Process', 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail' -To construct, see NOTES section for ENTITYMAPPING properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.EntityMapping[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.EntityMapping[] Parameter Sets: NRT, Scheduled Aliases: @@ -341,7 +340,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind +Type: System.String Parameter Sets: Scheduled Aliases: @@ -356,7 +355,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail[] +Type: System.String[] Parameter Sets: NRT, Scheduled Aliases: @@ -386,7 +385,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType[] +Type: System.String[] Parameter Sets: NRT, Scheduled Aliases: @@ -416,7 +415,7 @@ Accept wildcard characters: False Kind of the the data connection ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind +Type: System.String Parameter Sets: (All) Aliases: @@ -476,7 +475,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName +Type: System.String Parameter Sets: MicrosoftSecurityIncidentCreation Aliases: @@ -582,7 +581,7 @@ Accept wildcard characters: False High, Medium, Low, Informational ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity[] +Type: System.String[] Parameter Sets: MicrosoftSecurityIncidentCreation Aliases: @@ -597,7 +596,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity +Type: System.String Parameter Sets: NRT, Scheduled Aliases: @@ -655,7 +654,6 @@ Accept wildcard characters: False ``` ### -Tactic -[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic] InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, Exfiltration, CommandAndControl, Impact, PreAttack ```yaml @@ -674,7 +672,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator +Type: System.String Parameter Sets: Scheduled Aliases: @@ -753,7 +751,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AlertRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAlertRuleAction.md index ba345cd7e57c..ab6f116f68f0 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAlertRuleAction.md @@ -8,18 +8,40 @@ schema: 2.0.0 # New-AzSentinelAlertRuleAction ## SYNOPSIS -Creates or updates the action of alert rule. +Create the action of alert rule. ## SYNTAX +### CreateExpanded (Default) ``` New-AzSentinelAlertRuleAction -ResourceGroupName -RuleId -WorkspaceName [-Id ] [-SubscriptionId ] [-LogicAppResourceId ] [-TriggerUri ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` +### CreateViaIdentityAlertRuleExpanded +``` +New-AzSentinelAlertRuleAction -AlertRuleInputObject [-Id ] + [-LogicAppResourceId ] [-TriggerUri ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + +### CreateViaJsonFilePath +``` +New-AzSentinelAlertRuleAction -ResourceGroupName -RuleId -WorkspaceName + -JsonFilePath [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] + [-WhatIf] [] +``` + +### CreateViaJsonString +``` +New-AzSentinelAlertRuleAction -ResourceGroupName -RuleId -WorkspaceName + -JsonString [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] + [-WhatIf] [] +``` + ## DESCRIPTION -Creates or updates the action of alert rule. +Create the action of alert rule. ## EXAMPLES @@ -34,6 +56,21 @@ This command adds an existing Logic App Playbook to an existing analytics rule ## PARAMETERS +### -AlertRuleInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: CreateViaIdentityAlertRuleExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -65,12 +102,42 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -LogicAppResourceId Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaIdentityAlertRuleExpanded Aliases: Required: False @@ -86,7 +153,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -101,7 +168,7 @@ Alert rule ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -116,7 +183,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: False @@ -131,7 +198,7 @@ Logic App Callback URL for this specific workflow. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaIdentityAlertRuleExpanded Aliases: Required: False @@ -146,7 +213,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -192,9 +259,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IActionResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAutomationRule.md index d64ec4ce81fa..2ba6154ba7e7 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelAutomationRule.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelAutomationRule ## SYNOPSIS -Creates or updates the automation rule. +Create the automation rule. ## SYNTAX @@ -20,22 +20,29 @@ New-AzSentinelAutomationRule -ResourceGroupName -WorkspaceName [-TriggeringLogicIsEnabled] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` -### Create +### CreateViaJsonFilePath ``` -New-AzSentinelAutomationRule -ResourceGroupName -WorkspaceName - -AutomationRule [-Id ] [-SubscriptionId ] [-DefaultProfile ] - [-Confirm] [-WhatIf] [] +New-AzSentinelAutomationRule -ResourceGroupName -WorkspaceName -JsonFilePath + [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + +### CreateViaJsonString +``` +New-AzSentinelAutomationRule -ResourceGroupName -WorkspaceName -JsonString + [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] ``` ## DESCRIPTION -Creates or updates the automation rule. +Create the automation rule. ## EXAMPLES ### Example 1: Create an Automation Rule using Run Playbook ```powershell $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myResourceGroup" -Name "Reset-AADPassword" - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = ($LogicAppResourceId.Id) @@ -47,7 +54,7 @@ This command creates an Automation Rule that has an Action of Run Playbook. ### Example 2: Creates an Automation Rule that has an Action of changing the severity ```powershell - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleModifyPropertiesAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleModifyPropertiesAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "ModifyProperties" $automationRuleAction.ActionConfigurationSeverity = "Low" @@ -60,10 +67,9 @@ This command creates an Automation Rule that has an Action of changing the sever ### -Action The actions to execute when the automation rule is triggered -To construct, see NOTES section for ACTION properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleAction[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction[] Parameter Sets: CreateExpanded Aliases: @@ -74,22 +80,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -AutomationRule -Represents an automation rule. -To construct, see NOTES section for AUTOMATIONRULE properties and create a hash table. - -```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule -Parameter Sets: Create -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -136,6 +126,36 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Order The order of execution of the automation rule @@ -186,7 +206,7 @@ Accept wildcard characters: False The conditions to evaluate to determine if the automation rule should be triggered on a given object ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleCondition[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition[] Parameter Sets: CreateExpanded Aliases: @@ -278,11 +298,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelBookmark.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelBookmark.md index f25c8e4ae6a5..3fd42d0dba6c 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelBookmark.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelBookmark.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelBookmark ## SYNOPSIS -Creates or updates the bookmark. +Create the bookmark. ## SYNTAX @@ -16,20 +16,26 @@ Creates or updates the bookmark. ``` New-AzSentinelBookmark -ResourceGroupName -WorkspaceName [-Id ] [-SubscriptionId ] [-DisplayName ] [-EventTime ] [-IncidentInfoIncidentId ] - [-IncidentInfoRelationName ] [-IncidentInfoSeverity ] [-IncidentInfoTitle ] + [-IncidentInfoRelationName ] [-IncidentInfoSeverity ] [-IncidentInfoTitle ] [-Label ] [-Note ] [-Query ] [-QueryEndTime ] [-QueryResult ] [-QueryStartTime ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` -### Create +### CreateViaJsonFilePath ``` -New-AzSentinelBookmark -ResourceGroupName -WorkspaceName -Bookmark +New-AzSentinelBookmark -ResourceGroupName -WorkspaceName -JsonFilePath [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` +### CreateViaJsonString +``` +New-AzSentinelBookmark -ResourceGroupName -WorkspaceName -JsonString [-Id ] + [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION -Creates or updates the bookmark. +Create the bookmark. ## EXAMPLES @@ -52,22 +58,6 @@ This command creates a Bookmark. ## PARAMETERS -### -Bookmark -Represents a bookmark in Azure Security Insights. -To construct, see NOTES section for BOOKMARK properties and create a hash table. - -```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark -Parameter Sets: Create -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -163,7 +153,7 @@ Accept wildcard characters: False The severity of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -189,6 +179,36 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Label List of labels relevant to this bookmark @@ -361,11 +381,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IBookmark ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelBookmarkRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelBookmarkRelation.md index 3bcbe2d64bab..e4987b69e747 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelBookmarkRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelBookmarkRelation.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelBookmarkRelation ## SYNOPSIS -Creates the bookmark relation. +Create the bookmark relation. ## SYNTAX @@ -19,15 +19,28 @@ New-AzSentinelBookmarkRelation -BookmarkId -ResourceGroupName [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` -### Create +### CreateViaIdentityBookmarkExpanded +``` +New-AzSentinelBookmarkRelation -BookmarkInputObject [-RelationName ] + [-RelatedResourceId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + +### CreateViaJsonFilePath ``` New-AzSentinelBookmarkRelation -BookmarkId -ResourceGroupName -WorkspaceName - -Relation [-RelationName ] [-SubscriptionId ] [-DefaultProfile ] + -JsonFilePath [-RelationName ] [-SubscriptionId ] [-DefaultProfile ] + [-Confirm] [-WhatIf] [] +``` + +### CreateViaJsonString +``` +New-AzSentinelBookmarkRelation -BookmarkId -ResourceGroupName -WorkspaceName + -JsonString [-RelationName ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` ## DESCRIPTION -Creates the bookmark relation. +Create the bookmark relation. ## EXAMPLES @@ -46,7 +59,7 @@ Bookmark ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -56,6 +69,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -BookmarkInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: CreateViaIdentityBookmarkExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -72,34 +100,48 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -RelatedResourceId -The resource ID of the related resource +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml Type: System.String -Parameter Sets: CreateExpanded +Parameter Sets: CreateViaJsonFilePath Aliases: -Required: False +Required: True Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False ``` -### -Relation -Represents a relation between two resources -To construct, see NOTES section for RELATION properties and create a hash table. +### -JsonString +Json string supplied to the Create operation ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation -Parameter Sets: Create +Type: System.String +Parameter Sets: CreateViaJsonString Aliases: Required: True Position: Named Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RelatedResourceId +The resource ID of the related resource + +```yaml +Type: System.String +Parameter Sets: CreateExpanded, CreateViaIdentityBookmarkExpanded +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False Accept wildcard characters: False ``` @@ -124,7 +166,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -139,7 +181,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: False @@ -154,7 +196,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -200,11 +242,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelDataConnector.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelDataConnector.md index 7c5d7703cf38..5bd149fbfbd2 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelDataConnector.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelDataConnector.md @@ -14,22 +14,22 @@ Creates or updates the data connector. ### AADAATP (Default) ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-Alerts ] [-TenantId ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-Alerts ] [-TenantId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### AmazonWebServicesCloudTrail ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -AWSRoleArn - -Kind [-Id ] [-SubscriptionId ] [-Log ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + -Kind [-Id ] [-SubscriptionId ] [-Log ] [-DefaultProfile ] + [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` ### AmazonWebServicesS3 ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -AWSRoleArn - -DetinationTable -Kind -Log -SQSURL [-Id ] + -DetinationTable -Kind -Log -SQSURL [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` @@ -37,96 +37,95 @@ New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName ### AzureSecurityCenter ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -ASCSubscriptionId - -Kind [-Id ] [-SubscriptionId ] [-Alerts ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + -Kind [-Id ] [-SubscriptionId ] [-Alerts ] [-DefaultProfile ] + [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` ### Dynamics365 ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-CommonDataServiceActivity ] [-TenantId ] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-CommonDataServiceActivity ] [-TenantId ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` ### GenericUI ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName - -AvailabilityIsPreview -Kind - -UiConfigConnectivityCriterion -UiConfigDataType - -UiConfigDescriptionMarkdown -UiConfigGraphQueriesTableName - -UiConfigGraphQuery -UiConfigInstructionStep - -UiConfigPublisher -UiConfigSampleQuery -UiConfigTitle [-Id ] - [-SubscriptionId ] [-AvailabilityStatus ] [-PermissionCustom ] + -AvailabilityIsPreview -Kind -UiConfigConnectivityCriterion + -UiConfigDataType -UiConfigDescriptionMarkdown + -UiConfigGraphQueriesTableName -UiConfigGraphQuery + -UiConfigInstructionStep -UiConfigPublisher + -UiConfigSampleQuery -UiConfigTitle [-Id ] [-SubscriptionId ] + [-AvailabilityStatus ] [-PermissionCustom ] [-PermissionResourceProvider ] [-UiConfigCustomImage ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` ### MicrosoftCloudAppSecurity ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-Alerts ] [-DiscoveryLog ] [-TenantId ] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-Alerts ] [-DiscoveryLog ] [-TenantId ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` ### MicrosoftDefenderAdvancedThreatProtection ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-Alerts ] [-TenantId ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-Alerts ] [-TenantId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### MicrosoftThreatIntelligence ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-BingSafetyPhishingURL ] - [-BingSafetyPhishingUrlLookbackPeriod ] [-MicrosoftEmergingThreatFeed ] - [-MicrosoftEmergingThreatFeedLookbackPeriod ] [-TenantId ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-BingSafetyPhishingURL ] [-BingSafetyPhishingUrlLookbackPeriod ] + [-MicrosoftEmergingThreatFeed ] [-MicrosoftEmergingThreatFeedLookbackPeriod ] + [-TenantId ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] + [] ``` ### MicrosoftThreatProtection ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-Incident ] [-TenantId ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-Incident ] [-TenantId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### Office365 ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-Exchange ] [-SharePoint ] [-Teams ] - [-TenantId ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] - [] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-Exchange ] [-SharePoint ] [-Teams ] [-TenantId ] + [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` ### OfficeATP ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-Alerts ] [-TenantId ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-Alerts ] [-TenantId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### OfficeIRM ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-Alerts ] [-TenantId ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-Alerts ] [-TenantId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### ThreatIntelligence ``` -New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind - [-Id ] [-SubscriptionId ] [-Indicator ] [-TenantId ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] +New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -Kind [-Id ] + [-SubscriptionId ] [-Indicator ] [-TenantId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### ThreatIntelligenceTaxii ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -APIRootURL - -CollectionId -FriendlyName -Kind -PollingFrequency - -WorkspaceId [-Id ] [-SubscriptionId ] [-Password ] - [-TaxiiLookbackPeriod ] [-TenantId ] [-UserName ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + -CollectionId -FriendlyName -Kind -PollingFrequency -WorkspaceId + [-Id ] [-SubscriptionId ] [-Password ] [-TaxiiLookbackPeriod ] + [-TenantId ] [-UserName ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] + [-WhatIf] [] ``` ## DESCRIPTION @@ -432,7 +431,7 @@ Accept wildcard characters: False Kind of the the data connection ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind +Type: System.String Parameter Sets: (All) Aliases: @@ -520,10 +519,9 @@ Accept wildcard characters: False ### -PermissionCustom [Parameter(ParameterSetName = 'APIPolling')] -To construct, see NOTES section for PERMISSIONCUSTOM properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsCustomsItem[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsCustomsItem[] Parameter Sets: GenericUI Aliases: @@ -536,10 +534,9 @@ Accept wildcard characters: False ### -PermissionResourceProvider [Parameter(ParameterSetName = 'APIPolling')] -To construct, see NOTES section for PERMISSIONRESOURCEPROVIDER properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsResourceProviderItem[] Parameter Sets: GenericUI Aliases: @@ -554,7 +551,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency +Type: System.String Parameter Sets: ThreatIntelligenceTaxii Aliases: @@ -673,10 +670,9 @@ Accept wildcard characters: False ### -UiConfigConnectivityCriterion [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGCONNECTIVITYCRITERION properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ConnectivityCriteria[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ConnectivityCriteria[] Parameter Sets: GenericUI Aliases: @@ -704,10 +700,9 @@ Accept wildcard characters: False ### -UiConfigDataType [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGDATATYPE properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.LastDataReceivedDataType[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.LastDataReceivedDataType[] Parameter Sets: GenericUI Aliases: @@ -750,10 +745,9 @@ Accept wildcard characters: False ### -UiConfigGraphQuery [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGGRAPHQUERY properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.GraphQueries[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.GraphQueries[] Parameter Sets: GenericUI Aliases: @@ -766,10 +760,9 @@ Accept wildcard characters: False ### -UiConfigInstructionStep [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGINSTRUCTIONSTEP properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.InstructionSteps[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.InstructionSteps[] Parameter Sets: GenericUI Aliases: @@ -797,10 +790,9 @@ Accept wildcard characters: False ### -UiConfigSampleQuery [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGSAMPLEQUERY properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.SampleQueries[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.SampleQueries[] Parameter Sets: GenericUI Aliases: @@ -909,7 +901,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnector ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelEntityQuery.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelEntityQuery.md index 375ca2bed2e4..54a174a8788d 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelEntityQuery.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelEntityQuery.md @@ -14,11 +14,10 @@ Creates or updates the entity query. ``` New-AzSentinelEntityQuery -ResourceGroupName -WorkspaceName -Content - -Description -InputEntityType -Kind -QueryDefinitionQuery - -Title [-Id ] [-SubscriptionId ] - [-EntitiesFilter ] [-RequiredInputFieldsSet ] - [-TemplateName ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] - [] + -Description -InputEntityType -Kind -QueryDefinitionQuery -Title + [-Id ] [-SubscriptionId ] [-EntitiesFilter ] + [-RequiredInputFieldsSet ] [-TemplateName ] [-DefaultProfile ] [-AsJob] [-NoWait] + [-Confirm] [-WhatIf] [] ``` ## DESCRIPTION @@ -115,10 +114,10 @@ Accept wildcard characters: False ``` ### -EntitiesFilter -To construct, see NOTES section for ENTITIESFILTER properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityEntityQueriesPropertiesEntitiesFilter +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ActivityEntityQueriesPropertiesEntitiesFilter Parameter Sets: (All) Aliases: @@ -135,7 +134,7 @@ The Id of the Entity Query. ```yaml Type: System.String Parameter Sets: (All) -Aliases: +Aliases: EntityQueryId Required: False Position: Named @@ -148,7 +147,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType +Type: System.String Parameter Sets: (All) Aliases: @@ -163,7 +162,7 @@ Accept wildcard characters: False Kind of the the Entity Query ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityQueryKind +Type: System.String Parameter Sets: (All) Aliases: @@ -334,7 +333,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.CustomEntityQuery ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncident.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncident.md index 74611f758884..2b306f17fcd1 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncident.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncident.md @@ -8,31 +8,36 @@ schema: 2.0.0 # New-AzSentinelIncident ## SYNOPSIS -Creates or updates the incident. +Create the incident. ## SYNTAX ### CreateExpanded (Default) ``` New-AzSentinelIncident -ResourceGroupName -WorkspaceName [-Id ] - [-SubscriptionId ] [-Classification ] [-ClassificationComment ] - [-ClassificationReason ] [-Description ] - [-FirstActivityTimeUtc ] [-Label ] [-LastActivityTimeUtc ] - [-OwnerAssignedTo ] [-OwnerEmail ] [-OwnerObjectId ] - [-OwnerUserPrincipalName ] [-ProviderIncidentId ] [-ProviderName ] - [-Severity ] [-Status ] [-Title ] [-DefaultProfile ] - [-Confirm] [-WhatIf] [] + [-SubscriptionId ] [-Classification ] [-ClassificationComment ] + [-ClassificationReason ] [-Description ] [-FirstActivityTimeUtc ] + [-Label ] [-LastActivityTimeUtc ] [-OwnerAssignedTo ] + [-OwnerEmail ] [-OwnerObjectId ] [-OwnerUserPrincipalName ] + [-ProviderIncidentId ] [-ProviderName ] [-Severity ] [-Status ] + [-Title ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` -### Create +### CreateViaJsonFilePath ``` -New-AzSentinelIncident -ResourceGroupName -WorkspaceName -Incident +New-AzSentinelIncident -ResourceGroupName -WorkspaceName -JsonFilePath [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` +### CreateViaJsonString +``` +New-AzSentinelIncident -ResourceGroupName -WorkspaceName -JsonString [-Id ] + [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION -Creates or updates the incident. +Create the incident. ## EXAMPLES @@ -60,7 +65,7 @@ This command creates an Incident. The reason the incident was closed ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -90,7 +95,7 @@ Accept wildcard characters: False The classification reason the incident was closed with ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -162,28 +167,41 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Incident -Represents an incident in Azure Security Insights. -To construct, see NOTES section for INCIDENT properties and create a hash table. +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident -Parameter Sets: Create +Type: System.String +Parameter Sets: CreateViaJsonString Aliases: Required: True Position: Named Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False Accept wildcard characters: False ``` ### -Label List of labels relevant to this incident -To construct, see NOTES section for LABEL properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentLabel[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel[] Parameter Sets: CreateExpanded Aliases: @@ -319,7 +337,7 @@ Accept wildcard characters: False The severity of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -334,7 +352,7 @@ Accept wildcard characters: False The status of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -426,11 +444,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncident ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentComment.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentComment.md index f665c8c1be9a..e3e460d77226 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentComment.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentComment.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelIncidentComment ## SYNOPSIS -Creates or updates the incident comment. +Create the incident comment. ## SYNTAX @@ -19,15 +19,28 @@ New-AzSentinelIncidentComment -IncidentId -ResourceGroupName - [-WhatIf] [] ``` -### Create +### CreateViaIdentityIncidentExpanded +``` +New-AzSentinelIncidentComment -IncidentInputObject [-Id ] + [-Message ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + +### CreateViaJsonFilePath ``` New-AzSentinelIncidentComment -IncidentId -ResourceGroupName -WorkspaceName - -IncidentComment [-Id ] [-SubscriptionId ] [-DefaultProfile ] - [-Confirm] [-WhatIf] [] + -JsonFilePath [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] + [-WhatIf] [] +``` + +### CreateViaJsonString +``` +New-AzSentinelIncidentComment -IncidentId -ResourceGroupName -WorkspaceName + -JsonString [-Id ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] + [-WhatIf] [] ``` ## DESCRIPTION -Creates or updates the incident comment. +Create the incident comment. ## EXAMPLES @@ -71,13 +84,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -IncidentComment -Represents an incident comment -To construct, see NOTES section for INCIDENTCOMMENT properties and create a hash table. +### -IncidentId +Incident ID ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment -Parameter Sets: Create +Type: System.String +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: CreateViaIdentityIncidentExpanded Aliases: Required: True @@ -87,12 +114,27 @@ Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` -### -IncidentId -Incident ID +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString Aliases: Required: True @@ -107,7 +149,7 @@ The comment message ```yaml Type: System.String -Parameter Sets: CreateExpanded +Parameter Sets: CreateExpanded, CreateViaIdentityIncidentExpanded Aliases: Required: False @@ -123,7 +165,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -138,7 +180,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: False @@ -153,7 +195,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -199,11 +241,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentComment ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentRelation.md index 6ce8de0899bd..c7aba42af1cc 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentRelation.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelIncidentRelation ## SYNOPSIS -Creates or updates the incident relation. +Create the incident relation. ## SYNTAX @@ -19,15 +19,28 @@ New-AzSentinelIncidentRelation -IncidentId -ResourceGroupName [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` -### Create +### CreateViaIdentityIncidentExpanded +``` +New-AzSentinelIncidentRelation -IncidentInputObject [-RelationName ] + [-RelatedResourceId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + +### CreateViaJsonFilePath ``` New-AzSentinelIncidentRelation -IncidentId -ResourceGroupName -WorkspaceName - -Relation [-RelationName ] [-SubscriptionId ] [-DefaultProfile ] + -JsonFilePath [-RelationName ] [-SubscriptionId ] [-DefaultProfile ] + [-Confirm] [-WhatIf] [] +``` + +### CreateViaJsonString +``` +New-AzSentinelIncidentRelation -IncidentId -ResourceGroupName -WorkspaceName + -JsonString [-RelationName ] [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` ## DESCRIPTION -Creates or updates the incident relation. +Create the incident relation. ## EXAMPLES @@ -69,7 +82,7 @@ Incident ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -79,34 +92,63 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -RelatedResourceId -The resource ID of the related resource +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: CreateViaIdentityIncidentExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml Type: System.String -Parameter Sets: CreateExpanded +Parameter Sets: CreateViaJsonFilePath Aliases: -Required: False +Required: True Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False ``` -### -Relation -Represents a relation between two resources -To construct, see NOTES section for RELATION properties and create a hash table. +### -JsonString +Json string supplied to the Create operation ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation -Parameter Sets: Create +Type: System.String +Parameter Sets: CreateViaJsonString Aliases: Required: True Position: Named Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RelatedResourceId +The resource ID of the related resource + +```yaml +Type: System.String +Parameter Sets: CreateExpanded, CreateViaIdentityIncidentExpanded +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False Accept wildcard characters: False ``` @@ -131,7 +173,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -146,7 +188,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: False @@ -161,7 +203,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonFilePath, CreateViaJsonString Aliases: Required: True @@ -207,11 +249,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentTeam.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentTeam.md index f2acc06c0e9d..8d779411015f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentTeam.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelIncidentTeam.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelIncidentTeam ## SYNOPSIS -Creates a Microsoft team to investigate the incident by sharing information and insights between participants. +Create a Microsoft team to investigate the incident by sharing information and insights between participants. ## SYNTAX @@ -19,15 +19,22 @@ New-AzSentinelIncidentTeam -IncidentId -ResourceGroupName -Wor [-TeamDescription ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` -### Create +### CreateViaJsonFilePath ``` New-AzSentinelIncidentTeam -IncidentId -ResourceGroupName -WorkspaceName - -TeamProperty [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + -JsonFilePath [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + +### CreateViaJsonString +``` +New-AzSentinelIncidentTeam -IncidentId -ResourceGroupName -WorkspaceName + -JsonString [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` ## DESCRIPTION -Creates a Microsoft team to investigate the incident by sharing information and insights between participants. +Create a Microsoft team to investigate the incident by sharing information and insights between participants. ## EXAMPLES @@ -41,7 +48,7 @@ Creates a Microsoft team to investigate the incident by sharing information and Description : Name : Incident : NewIncident3 PrimaryChannelUrl : https://teams.microsoft.com/l/team/19:vYoGjeGlZmTEDmu0gTbrk9T_eDS4pKIkEU7UuM1IyZk1%40thread.tacv2/conversations?groupId=3c637cc5-caf1-46c7-93ac-069c6 - 4b05395&tenantId=8f21ced5-2eff-4f8d-aff1-4dbb4cee8e3d + 4b05395&tenantId=00001111-aaaa-2222-bbbb-3333cccc4444 TeamCreationTimeUtc : 2/4/2022 3:02:03 PM TeamId : 3c637cc5-caf1-46c7-93ac-069c64b05395 ``` @@ -96,6 +103,36 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -MemberId List of member IDs to add to the team @@ -172,22 +209,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -TeamProperty -Describes team properties -To construct, see NOTES section for TEAMPROPERTY properties and create a hash table. - -```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ITeamProperties -Parameter Sets: Create -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -WorkspaceName The name of the workspace. @@ -239,11 +260,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ITeamProperties - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ITeamInformation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ITeamInformation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelOnboardingState.md index 25047a8fced7..71487c276adc 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelOnboardingState.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/New-AzSentinelOnboardingState.md @@ -19,11 +19,18 @@ New-AzSentinelOnboardingState -Name -ResourceGroupName -Worksp [] ``` -### Create +### CreateViaJsonFilePath ``` New-AzSentinelOnboardingState -Name -ResourceGroupName -WorkspaceName - -SentinelOnboardingStateParameter [-SubscriptionId ] - [-DefaultProfile ] [-Confirm] [-WhatIf] [] + -JsonFilePath [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + +### CreateViaJsonString +``` +New-AzSentinelOnboardingState -Name -ResourceGroupName -WorkspaceName + -JsonString [-SubscriptionId ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] ``` ## DESCRIPTION @@ -71,14 +78,13 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Name -The Sentinel onboarding state name. -Supports - default +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml Type: System.String -Parameter Sets: (All) -Aliases: SentinelOnboardingStateName +Parameter Sets: CreateViaJsonFilePath +Aliases: Required: True Position: Named @@ -87,13 +93,12 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ResourceGroupName -The name of the resource group. -The name is case insensitive. +### -JsonString +Json string supplied to the Create operation ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateViaJsonString Aliases: Required: True @@ -103,19 +108,35 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -SentinelOnboardingStateParameter -Sentinel onboarding state -To construct, see NOTES section for SENTINELONBOARDINGSTATEPARAMETER properties and create a hash table. +### -Name +The Sentinel onboarding state name. +Supports - default ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISentinelOnboardingState -Parameter Sets: Create +Type: System.String +Parameter Sets: (All) +Aliases: SentinelOnboardingStateName + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +The name of the resource group. +The name is case insensitive. + +```yaml +Type: System.String +Parameter Sets: (All) Aliases: Required: True Position: Named Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False Accept wildcard characters: False ``` @@ -185,11 +206,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISentinelOnboardingState - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISentinelOnboardingState +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISentinelOnboardingState ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAlertRule.md index f29ccd58c5b0..34b487d41bde 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAlertRule.md @@ -56,7 +56,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAlertRuleAction.md index 4615c1f76cd6..daae041c9914 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAlertRuleAction.md @@ -25,6 +25,12 @@ Remove-AzSentinelAlertRuleAction -InputObject [-Defa [-PassThru] [-Confirm] [-WhatIf] [] ``` +### DeleteViaIdentityAlertRule +``` +Remove-AzSentinelAlertRuleAction -AlertRuleInputObject -Id + [-DefaultProfile ] [-PassThru] [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION Delete the action of alert rule. @@ -39,6 +45,21 @@ This command removes an alert rule action. ## PARAMETERS +### -AlertRuleInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: DeleteViaIdentityAlertRule +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -60,7 +81,7 @@ Action ID ```yaml Type: System.String -Parameter Sets: Delete +Parameter Sets: Delete, DeleteViaIdentityAlertRule Aliases: ActionId Required: True @@ -72,7 +93,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAutomationRule.md index c540df572150..0d0a305e1bf8 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelAutomationRule.md @@ -71,7 +71,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelBookmark.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelBookmark.md index 292b9698ffa6..fefe86825388 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelBookmark.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelBookmark.md @@ -71,7 +71,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelBookmarkRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelBookmarkRelation.md index de9e1b0c6da2..1b8521c19503 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelBookmarkRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelBookmarkRelation.md @@ -25,6 +25,12 @@ Remove-AzSentinelBookmarkRelation -InputObject [-Def [-PassThru] [-Confirm] [-WhatIf] [] ``` +### DeleteViaIdentityBookmark +``` +Remove-AzSentinelBookmarkRelation -BookmarkInputObject -RelationName + [-DefaultProfile ] [-PassThru] [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION Delete the bookmark relation. @@ -54,6 +60,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -BookmarkInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: DeleteViaIdentityBookmark +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -72,7 +93,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -106,7 +126,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Delete +Parameter Sets: Delete, DeleteViaIdentityBookmark Aliases: Required: True diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelDataConnector.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelDataConnector.md index 815b44761e24..7c62d1f952b3 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelDataConnector.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelDataConnector.md @@ -71,7 +71,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelEntityQuery.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelEntityQuery.md index ff92f248116d..8179a0454b72 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelEntityQuery.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelEntityQuery.md @@ -79,7 +79,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncident.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncident.md index 1372957fc71c..03d311e765e0 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncident.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncident.md @@ -78,7 +78,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncidentComment.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncidentComment.md index 93eef1526029..cd5a0bf67b15 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncidentComment.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncidentComment.md @@ -25,6 +25,12 @@ Remove-AzSentinelIncidentComment -InputObject [-Defa [-PassThru] [-Confirm] [-WhatIf] [] ``` +### DeleteViaIdentityIncident +``` +Remove-AzSentinelIncidentComment -Id -IncidentInputObject + [-DefaultProfile ] [-PassThru] [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION Delete the incident comment. @@ -60,7 +66,7 @@ Incident comment ID ```yaml Type: System.String -Parameter Sets: Delete +Parameter Sets: Delete, DeleteViaIdentityIncident Aliases: IncidentCommentId Required: True @@ -85,9 +91,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: DeleteViaIdentityIncident +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncidentRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncidentRelation.md index 8237b55ba92e..2ca8c8ac579d 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncidentRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelIncidentRelation.md @@ -25,6 +25,12 @@ Remove-AzSentinelIncidentRelation -InputObject [-Def [-PassThru] [-Confirm] [-WhatIf] [] ``` +### DeleteViaIdentityIncident +``` +Remove-AzSentinelIncidentRelation -IncidentInputObject -RelationName + [-DefaultProfile ] [-PassThru] [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION Delete the incident relation. @@ -70,9 +76,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: DeleteViaIdentityIncident +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -106,7 +126,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Delete +Parameter Sets: Delete, DeleteViaIdentityIncident Aliases: Required: True diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelOnboardingState.md index 2180f889ef84..67a1ae95f897 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelOnboardingState.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Remove-AzSentinelOnboardingState.md @@ -56,7 +56,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Test-AzSentinelDataConnectorCheckRequirement.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Test-AzSentinelDataConnectorCheckRequirement.md index 887b3cd9beef..433128cc68b7 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Test-AzSentinelDataConnectorCheckRequirement.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Test-AzSentinelDataConnectorCheckRequirement.md @@ -15,15 +15,15 @@ Get requirements state for a data connector type. ### AADTenant (Default) ``` Test-AzSentinelDataConnectorCheckRequirement -ResourceGroupName -WorkspaceName - -Kind [-SubscriptionId ] [-TenantId ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + -Kind [-SubscriptionId ] [-TenantId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### AzureSecurityCenter ``` Test-AzSentinelDataConnectorCheckRequirement -ResourceGroupName -WorkspaceName - -ASCSubscriptionId -Kind [-SubscriptionId ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + -ASCSubscriptionId -Kind [-SubscriptionId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ## DESCRIPTION @@ -92,7 +92,7 @@ Accept wildcard characters: False Kind of the the data connection ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind +Type: System.String Parameter Sets: (All) Aliases: @@ -218,7 +218,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnectorsCheckRequirements +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnectorsCheckRequirements ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAlertRule.md index a1fab810857d..d35bd9609bbb 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAlertRule.md @@ -18,13 +18,13 @@ Update-AzSentinelAlertRule -ResourceGroupName -RuleId -Workspa [-SubscriptionId ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertRuleTemplateName ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-CreateIncident] [-Description ] [-Disabled] [-DisplayName ] [-Enabled] - [-EntityMapping ] [-EventGroupingSettingAggregationKind ] - [-GroupByAlertDetail ] [-GroupByCustomDetail ] - [-GroupByEntity ] [-GroupingConfigurationEnabled] [-LookbackDuration ] - [-MatchingMethod ] [-Query ] [-QueryFrequency ] [-QueryPeriod ] - [-ReOpenClosedIncident] [-Severity ] [-SuppressionDuration ] [-SuppressionEnabled] - [-Tactic ] [-TriggerOperator ] [-TriggerThreshold ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + [-EntityMapping ] [-EventGroupingSettingAggregationKind ] + [-GroupByAlertDetail ] [-GroupByCustomDetail ] [-GroupByEntity ] + [-GroupingConfigurationEnabled] [-LookbackDuration ] [-MatchingMethod ] [-Query ] + [-QueryFrequency ] [-QueryPeriod ] [-ReOpenClosedIncident] [-Severity ] + [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] [-TriggerOperator ] + [-TriggerThreshold ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] + [] ``` ### UpdateFusionMLTI @@ -39,8 +39,8 @@ Update-AzSentinelAlertRule -ResourceGroupName -RuleId -Workspa Update-AzSentinelAlertRule -ResourceGroupName -RuleId -WorkspaceName -MicrosoftSecurityIncidentCreation [-SubscriptionId ] [-AlertRuleTemplateName ] [-Description ] [-Disabled] [-DisplayNamesExcludeFilter ] [-DisplayNamesFilter ] - [-Enabled] [-ProductFilter ] [-SeveritiesFilter ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + [-Enabled] [-ProductFilter ] [-SeveritiesFilter ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### UpdateNRT @@ -49,10 +49,10 @@ Update-AzSentinelAlertRule -ResourceGroupName -RuleId -Workspa [-SubscriptionId ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertRuleTemplateName ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-CreateIncident] [-Description ] [-Disabled] [-DisplayName ] [-Enabled] - [-EntityMapping ] [-GroupByAlertDetail ] [-GroupByCustomDetail ] - [-GroupByEntity ] [-GroupingConfigurationEnabled] [-LookbackDuration ] - [-MatchingMethod ] [-Query ] [-ReOpenClosedIncident] [-Severity ] - [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] [-DefaultProfile ] + [-EntityMapping ] [-GroupByAlertDetail ] [-GroupByCustomDetail ] + [-GroupByEntity ] [-GroupingConfigurationEnabled] [-LookbackDuration ] + [-MatchingMethod ] [-Query ] [-ReOpenClosedIncident] [-Severity ] + [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` @@ -67,9 +67,8 @@ Update-AzSentinelAlertRule -InputObject -FusionMLorT ``` Update-AzSentinelAlertRule -InputObject -MicrosoftSecurityIncidentCreation [-AlertRuleTemplateName ] [-Description ] [-Disabled] [-DisplayNamesExcludeFilter ] - [-DisplayNamesFilter ] [-Enabled] [-ProductFilter ] - [-SeveritiesFilter ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] - [] + [-DisplayNamesFilter ] [-Enabled] [-ProductFilter ] [-SeveritiesFilter ] + [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` ### UpdateViaIdentityNRT @@ -77,10 +76,10 @@ Update-AzSentinelAlertRule -InputObject -MicrosoftSe Update-AzSentinelAlertRule -InputObject -NRT [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertRuleTemplateName ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-CreateIncident] [-Description ] [-Disabled] - [-DisplayName ] [-Enabled] [-EntityMapping ] [-GroupByAlertDetail ] - [-GroupByCustomDetail ] [-GroupByEntity ] [-GroupingConfigurationEnabled] + [-DisplayName ] [-Enabled] [-EntityMapping ] [-GroupByAlertDetail ] + [-GroupByCustomDetail ] [-GroupByEntity ] [-GroupingConfigurationEnabled] [-LookbackDuration ] [-MatchingMethod ] [-Query ] [-ReOpenClosedIncident] - [-Severity ] [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] + [-Severity ] [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` @@ -90,13 +89,12 @@ Update-AzSentinelAlertRule -InputObject -Scheduled [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertRuleTemplateName ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-CreateIncident] [-Description ] [-Disabled] [-DisplayName ] [-Enabled] [-EntityMapping ] - [-EventGroupingSettingAggregationKind ] [-GroupByAlertDetail ] - [-GroupByCustomDetail ] [-GroupByEntity ] [-GroupingConfigurationEnabled] + [-EventGroupingSettingAggregationKind ] [-GroupByAlertDetail ] + [-GroupByCustomDetail ] [-GroupByEntity ] [-GroupingConfigurationEnabled] [-LookbackDuration ] [-MatchingMethod ] [-Query ] [-QueryFrequency ] - [-QueryPeriod ] [-ReOpenClosedIncident] [-Severity ] - [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] - [-TriggerOperator ] [-TriggerThreshold ] [-DefaultProfile ] [-AsJob] - [-NoWait] [-Confirm] [-WhatIf] [] + [-QueryPeriod ] [-ReOpenClosedIncident] [-Severity ] [-SuppressionDuration ] + [-SuppressionEnabled] [-Tactic ] [-TriggerOperator ] [-TriggerThreshold ] + [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` ## DESCRIPTION @@ -325,10 +323,9 @@ Accept wildcard characters: False ### -EntityMapping 'Account', 'Host', 'IP', 'Malware', 'File', 'Process', 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail' -To construct, see NOTES section for ENTITYMAPPING properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.EntityMapping[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.EntityMapping[] Parameter Sets: UpdateNRT, UpdateScheduled, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -343,7 +340,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind +Type: System.String Parameter Sets: UpdateScheduled, UpdateViaIdentityUpdateScheduled Aliases: @@ -373,7 +370,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail[] +Type: System.String[] Parameter Sets: UpdateNRT, UpdateScheduled, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -403,7 +400,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType[] +Type: System.String[] Parameter Sets: UpdateNRT, UpdateScheduled, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -524,7 +521,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName +Type: System.String Parameter Sets: UpdateMicrosoftSecurityIncidentCreation, UpdateViaIdentityMicrosoftSecurityIncidentCreation Aliases: @@ -645,7 +642,7 @@ Accept wildcard characters: False High, Medium, Low, Informational ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity[] +Type: System.String[] Parameter Sets: UpdateMicrosoftSecurityIncidentCreation, UpdateViaIdentityMicrosoftSecurityIncidentCreation Aliases: @@ -660,7 +657,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity +Type: System.String Parameter Sets: UpdateNRT, UpdateScheduled, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -721,7 +718,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic +Type: System.String[] Parameter Sets: UpdateNRT, UpdateScheduled, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -736,7 +733,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator +Type: System.String Parameter Sets: UpdateScheduled, UpdateViaIdentityUpdateScheduled Aliases: @@ -817,7 +814,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AlertRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAlertRuleAction.md index 7bbb96688722..34b3ee65ba05 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAlertRuleAction.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelAlertRuleAction ## SYNOPSIS -Creates or updates the action of alert rule. +Update the action of alert rule. ## SYNTAX @@ -19,14 +19,35 @@ Update-AzSentinelAlertRuleAction -Id -ResourceGroupName -RuleI [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` +### UpdateViaIdentityAlertRuleExpanded +``` +Update-AzSentinelAlertRuleAction -AlertRuleInputObject -Id + [-LogicAppResourceId ] [-TriggerUri ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + ### UpdateViaIdentityExpanded ``` Update-AzSentinelAlertRuleAction -InputObject [-LogicAppResourceId ] [-TriggerUri ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` +### UpdateViaJsonFilePath +``` +Update-AzSentinelAlertRuleAction -Id -ResourceGroupName -RuleId + -WorkspaceName -JsonFilePath [-SubscriptionId ] [-DefaultProfile ] + [-Confirm] [-WhatIf] [] +``` + +### UpdateViaJsonString +``` +Update-AzSentinelAlertRuleAction -Id -ResourceGroupName -RuleId + -WorkspaceName -JsonString [-SubscriptionId ] [-DefaultProfile ] + [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION -Creates or updates the action of alert rule. +Update the action of alert rule. ## EXAMPLES @@ -41,6 +62,21 @@ This command updates an alert rule action ## PARAMETERS +### -AlertRuleInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityAlertRuleExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -62,7 +98,7 @@ Action ID ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaIdentityAlertRuleExpanded, UpdateViaJsonFilePath, UpdateViaJsonString Aliases: ActionId Required: True @@ -74,7 +110,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -88,12 +123,42 @@ Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Update operation + +```yaml +Type: System.String +Parameter Sets: UpdateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Update operation + +```yaml +Type: System.String +Parameter Sets: UpdateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -LogicAppResourceId Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: UpdateExpanded, UpdateViaIdentityAlertRuleExpanded, UpdateViaIdentityExpanded Aliases: Required: False @@ -109,7 +174,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonFilePath, UpdateViaJsonString Aliases: Required: True @@ -124,7 +189,7 @@ Alert rule ID ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonFilePath, UpdateViaJsonString Aliases: Required: True @@ -139,7 +204,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonFilePath, UpdateViaJsonString Aliases: Required: False @@ -154,7 +219,7 @@ Logic App Callback URL for this specific workflow. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: UpdateExpanded, UpdateViaIdentityAlertRuleExpanded, UpdateViaIdentityExpanded Aliases: Required: False @@ -169,7 +234,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonFilePath, UpdateViaJsonString Aliases: Required: True @@ -219,7 +284,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IActionResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAutomationRule.md index 1c3b24dffb26..76b73ca8be3f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelAutomationRule.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelAutomationRule ## SYNOPSIS -Creates or updates the automation rule. +Update the automation rule. ## SYNTAX @@ -29,14 +29,14 @@ Update-AzSentinelAutomationRule -InputObject [-Actio ``` ## DESCRIPTION -Creates or updates the automation rule. +Update the automation rule. ## EXAMPLES ### Example 1: Updates an automation rule ```powershell $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myResourceGroup" -Name "Reset-AADPassword" - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = ($LogicAppResourceId.Id) @@ -50,10 +50,9 @@ This command updates an automation rule ### -Action The actions to execute when the automation rule is triggered -To construct, see NOTES section for ACTION properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleAction[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction[] Parameter Sets: (All) Aliases: @@ -112,7 +111,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -176,7 +174,7 @@ Accept wildcard characters: False The conditions to evaluate to determine if the automation rule should be triggered on a given object ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleCondition[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition[] Parameter Sets: (All) Aliases: @@ -272,7 +270,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelBookmark.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelBookmark.md index e87fa3e8c907..206c1f97e4bf 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelBookmark.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelBookmark.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelBookmark ## SYNOPSIS -Creates or updates the bookmark. +Update the bookmark. ## SYNTAX @@ -16,7 +16,7 @@ Creates or updates the bookmark. ``` Update-AzSentinelBookmark -Id -ResourceGroupName -WorkspaceName [-SubscriptionId ] [-DisplayName ] [-EventTime ] [-IncidentInfoIncidentId ] - [-IncidentInfoRelationName ] [-IncidentInfoSeverity ] [-IncidentInfoTitle ] + [-IncidentInfoRelationName ] [-IncidentInfoSeverity ] [-IncidentInfoTitle ] [-Label ] [-Note ] [-Query ] [-QueryEndTime ] [-QueryResult ] [-QueryStartTime ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` @@ -25,13 +25,13 @@ Update-AzSentinelBookmark -Id -ResourceGroupName -WorkspaceNam ``` Update-AzSentinelBookmark -InputObject [-DisplayName ] [-EventTime ] [-IncidentInfoIncidentId ] [-IncidentInfoRelationName ] - [-IncidentInfoSeverity ] [-IncidentInfoTitle ] [-Label ] [-Note ] + [-IncidentInfoSeverity ] [-IncidentInfoTitle ] [-Label ] [-Note ] [-Query ] [-QueryEndTime ] [-QueryResult ] [-QueryStartTime ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` ## DESCRIPTION -Creates or updates the bookmark. +Update the bookmark. ## EXAMPLES @@ -141,7 +141,7 @@ Accept wildcard characters: False The severity of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity +Type: System.String Parameter Sets: (All) Aliases: @@ -169,7 +169,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -359,7 +358,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IBookmark ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelBookmarkRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelBookmarkRelation.md index c498f9622ced..9b3ff752b9fb 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelBookmarkRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelBookmarkRelation.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelBookmarkRelation ## SYNOPSIS -Creates the bookmark relation. +Update the bookmark relation. ## SYNTAX @@ -19,6 +19,12 @@ Update-AzSentinelBookmarkRelation -BookmarkId -RelationName -R [-Confirm] [-WhatIf] [] ``` +### UpdateViaIdentityBookmarkExpanded +``` +Update-AzSentinelBookmarkRelation -BookmarkInputObject -RelationName + [-RelatedResourceId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + ### UpdateViaIdentityExpanded ``` Update-AzSentinelBookmarkRelation -InputObject [-RelatedResourceId ] @@ -26,7 +32,7 @@ Update-AzSentinelBookmarkRelation -InputObject [-Rel ``` ## DESCRIPTION -Creates the bookmark relation. +Update the bookmark relation. ## EXAMPLES @@ -54,6 +60,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -BookmarkInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityBookmarkExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -72,7 +93,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -106,7 +126,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaIdentityBookmarkExpanded Aliases: Required: True @@ -202,7 +222,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelDataConnector.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelDataConnector.md index 64287e5bcf03..78fb9c4107f5 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelDataConnector.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelDataConnector.md @@ -123,9 +123,9 @@ Update-AzSentinelDataConnector -Id -ResourceGroupName -Workspa ``` Update-AzSentinelDataConnector -Id -ResourceGroupName -WorkspaceName -APIRootURL -ThreatIntelligenceTaxii [-SubscriptionId ] [-CollectionId ] - [-FriendlyName ] [-Password ] [-PollingFrequency ] - [-TaxiiLookbackPeriod ] [-TenantId ] [-UserName ] [-WorkspaceId ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] + [-FriendlyName ] [-Password ] [-PollingFrequency ] [-TaxiiLookbackPeriod ] + [-TenantId ] [-UserName ] [-WorkspaceId ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-Confirm] [-WhatIf] [] ``` ### UpdateViaIdentityAADAATP @@ -237,7 +237,7 @@ Update-AzSentinelDataConnector -InputObject -ThreatI ### UpdateViaIdentityThreatIntelligenceTaxii ``` Update-AzSentinelDataConnector -InputObject -ThreatIntelligenceTaxii - [-CollectionId ] [-FriendlyName ] [-Password ] [-PollingFrequency ] + [-CollectionId ] [-FriendlyName ] [-Password ] [-PollingFrequency ] [-TaxiiLookbackPeriod ] [-TenantId ] [-UserName ] [-WorkspaceId ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` @@ -654,8 +654,7 @@ Accept wildcard characters: False ### -InputObject [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI', Mandatory, ValueFromPipeline)] Identity Parameter - -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. + To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -820,10 +819,10 @@ Accept wildcard characters: False ``` ### -PermissionCustom -To construct, see NOTES section for PERMISSIONCUSTOM properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsCustomsItem[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsCustomsItem[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -835,10 +834,10 @@ Accept wildcard characters: False ``` ### -PermissionResourceProvider -To construct, see NOTES section for PERMISSIONRESOURCEPROVIDER properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsResourceProviderItem[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -853,7 +852,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency +Type: System.String Parameter Sets: UpdateThreatIntelligenceTaxii, UpdateViaIdentityThreatIntelligenceTaxii Aliases: @@ -1004,10 +1003,10 @@ Accept wildcard characters: False ``` ### -UiConfigConnectivityCriterion -To construct, see NOTES section for UICONFIGCONNECTIVITYCRITERION properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ConnectivityCriteria[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ConnectivityCriteria[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1034,10 +1033,10 @@ Accept wildcard characters: False ``` ### -UiConfigDataType -To construct, see NOTES section for UICONFIGDATATYPE properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.LastDataReceivedDataType[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.LastDataReceivedDataType[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1079,10 +1078,10 @@ Accept wildcard characters: False ``` ### -UiConfigGraphQuery -To construct, see NOTES section for UICONFIGGRAPHQUERY properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.GraphQueries[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.GraphQueries[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1094,10 +1093,10 @@ Accept wildcard characters: False ``` ### -UiConfigInstructionStep -To construct, see NOTES section for UICONFIGINSTRUCTIONSTEP properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.InstructionSteps[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.InstructionSteps[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1124,10 +1123,10 @@ Accept wildcard characters: False ``` ### -UiConfigSampleQuery -To construct, see NOTES section for UICONFIGSAMPLEQUERY properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.SampleQueries[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.SampleQueries[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1239,7 +1238,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnector ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelEntityQuery.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelEntityQuery.md index 0bb4de8459b4..49be0778628a 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelEntityQuery.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelEntityQuery.md @@ -14,9 +14,9 @@ Updates the entity query. ### UpdateActivity (Default) ``` -Update-AzSentinelEntityQuery -EntityQueryId -ResourceGroupName -WorkspaceName +Update-AzSentinelEntityQuery -Id -ResourceGroupName -WorkspaceName [-SubscriptionId ] [-Content ] [-Description ] [-Disabled] [-Enabled] - [-EntitiesFilter ] [-InputEntityType ] + [-EntitiesFilter ] [-InputEntityType ] [-QueryDefinitionQuery ] [-RequiredInputFieldsSet ] [-TemplateName ] [-Title ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` @@ -25,7 +25,7 @@ Update-AzSentinelEntityQuery -EntityQueryId -ResourceGroupName ``` Update-AzSentinelEntityQuery -InputObject [-Content ] [-Description ] [-Disabled] [-Enabled] - [-EntitiesFilter ] [-InputEntityType ] + [-EntitiesFilter ] [-InputEntityType ] [-QueryDefinitionQuery ] [-RequiredInputFieldsSet ] [-TemplateName ] [-Title ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` @@ -135,10 +135,10 @@ Accept wildcard characters: False ``` ### -EntitiesFilter -To construct, see NOTES section for ENTITIESFILTER properties and create a hash table. + ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityEntityQueriesPropertiesEntitiesFilter +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ActivityEntityQueriesPropertiesEntitiesFilter Parameter Sets: (All) Aliases: @@ -149,13 +149,13 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -EntityQueryId +### -Id The Id of the Entity Query. ```yaml Type: System.String Parameter Sets: UpdateActivity -Aliases: +Aliases: EntityQueryId Required: True Position: Named @@ -168,7 +168,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType +Type: System.String Parameter Sets: (All) Aliases: @@ -357,7 +357,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.CustomEntityQuery ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncident.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncident.md index 9f1b02a6be39..a73fba60502f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncident.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncident.md @@ -8,35 +8,34 @@ schema: 2.0.0 # Update-AzSentinelIncident ## SYNOPSIS -Creates or updates the incident. +Update the incident. ## SYNTAX ### UpdateExpanded (Default) ``` Update-AzSentinelIncident -Id -ResourceGroupName -WorkspaceName - [-SubscriptionId ] [-Classification ] [-ClassificationComment ] - [-ClassificationReason ] [-Description ] - [-FirstActivityTimeUtc ] [-Label ] [-LastActivityTimeUtc ] - [-OwnerAssignedTo ] [-OwnerEmail ] [-OwnerObjectId ] - [-OwnerUserPrincipalName ] [-ProviderIncidentId ] [-ProviderName ] - [-Severity ] [-Status ] [-Title ] [-DefaultProfile ] - [-Confirm] [-WhatIf] [] + [-SubscriptionId ] [-Classification ] [-ClassificationComment ] + [-ClassificationReason ] [-Description ] [-FirstActivityTimeUtc ] + [-Label ] [-LastActivityTimeUtc ] [-OwnerAssignedTo ] + [-OwnerEmail ] [-OwnerObjectId ] [-OwnerUserPrincipalName ] + [-ProviderIncidentId ] [-ProviderName ] [-Severity ] [-Status ] + [-Title ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` ### UpdateViaIdentityExpanded ``` -Update-AzSentinelIncident -InputObject [-Classification ] - [-ClassificationComment ] [-ClassificationReason ] - [-Description ] [-FirstActivityTimeUtc ] [-Label ] - [-LastActivityTimeUtc ] [-OwnerAssignedTo ] [-OwnerEmail ] - [-OwnerObjectId ] [-OwnerUserPrincipalName ] [-ProviderIncidentId ] - [-ProviderName ] [-Severity ] [-Status ] [-Title ] - [-DefaultProfile ] [-Confirm] [-WhatIf] [] +Update-AzSentinelIncident -InputObject [-Classification ] + [-ClassificationComment ] [-ClassificationReason ] [-Description ] + [-FirstActivityTimeUtc ] [-Label ] [-LastActivityTimeUtc ] + [-OwnerAssignedTo ] [-OwnerEmail ] [-OwnerObjectId ] + [-OwnerUserPrincipalName ] [-ProviderIncidentId ] [-ProviderName ] + [-Severity ] [-Status ] [-Title ] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] ``` ## DESCRIPTION -Creates or updates the incident. +Update the incident. ## EXAMPLES @@ -53,7 +52,7 @@ This command updates an incident by assigning an owner. The reason the incident was closed ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification +Type: System.String Parameter Sets: (All) Aliases: @@ -83,7 +82,7 @@ Accept wildcard characters: False The classification reason the incident was closed with ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason +Type: System.String Parameter Sets: (All) Aliases: @@ -157,7 +156,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -173,10 +171,9 @@ Accept wildcard characters: False ### -Label List of labels relevant to this incident -To construct, see NOTES section for LABEL properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentLabel[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel[] Parameter Sets: (All) Aliases: @@ -312,7 +309,7 @@ Accept wildcard characters: False The severity of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity +Type: System.String Parameter Sets: (All) Aliases: @@ -327,7 +324,7 @@ Accept wildcard characters: False The status of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus +Type: System.String Parameter Sets: (All) Aliases: @@ -423,7 +420,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncident ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncidentComment.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncidentComment.md index 4a0a856097f8..f997d8ce69d8 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncidentComment.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncidentComment.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelIncidentComment ## SYNOPSIS -Creates or updates the incident comment. +Update the incident comment. ## SYNTAX @@ -25,8 +25,14 @@ Update-AzSentinelIncidentComment -InputObject [-Mess [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` +### UpdateViaIdentityIncidentExpanded +``` +Update-AzSentinelIncidentComment -Id -IncidentInputObject + [-Message ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION -Creates or updates the incident comment. +Update the incident comment. ## EXAMPLES @@ -60,7 +66,7 @@ Incident comment ID ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaIdentityIncidentExpanded Aliases: IncidentCommentId Required: True @@ -85,9 +91,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityIncidentExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -202,7 +222,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentComment ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncidentRelation.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncidentRelation.md index 937c45e01c43..8d8fed1f9164 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncidentRelation.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelIncidentRelation.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelIncidentRelation ## SYNOPSIS -Creates or updates the incident relation. +Update the incident relation. ## SYNTAX @@ -25,8 +25,14 @@ Update-AzSentinelIncidentRelation -InputObject [-Rel [-DefaultProfile ] [-Confirm] [-WhatIf] [] ``` +### UpdateViaIdentityIncidentExpanded +``` +Update-AzSentinelIncidentRelation -IncidentInputObject -RelationName + [-RelatedResourceId ] [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + ## DESCRIPTION -Creates or updates the incident relation. +Update the incident relation. ## EXAMPLES @@ -71,9 +77,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityIncidentExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -107,7 +127,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaIdentityIncidentExpanded Aliases: Required: True @@ -203,7 +223,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelOnboardingState.md new file mode 100644 index 000000000000..41e4e85791e0 --- /dev/null +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelOnboardingState.md @@ -0,0 +1,195 @@ +--- +external help file: +Module Name: Az.SecurityInsights +online version: https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelonboardingstate +schema: 2.0.0 +--- + +# Update-AzSentinelOnboardingState + +## SYNOPSIS +Update Sentinel onboarding state + +## SYNTAX + +### UpdateExpanded (Default) +``` +Update-AzSentinelOnboardingState -Name -ResourceGroupName -WorkspaceName + [-SubscriptionId ] [-CustomerManagedKey] [-DefaultProfile ] [-Confirm] [-WhatIf] + [] +``` + +### UpdateViaIdentityExpanded +``` +Update-AzSentinelOnboardingState -InputObject [-CustomerManagedKey] + [-DefaultProfile ] [-Confirm] [-WhatIf] [] +``` + +## DESCRIPTION +Update Sentinel onboarding state + +## EXAMPLES + +### Example 1: Update Sentinel onboarding state +```powershell +Update-AzSentinelOnboardingState -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Name "default" +``` + +This command updates the onboarding state of Sentinel. + +## PARAMETERS + +### -CustomerManagedKey +Flag that indicates the status of the CMK setting + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The DefaultProfile parameter is not functional. +Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. + +```yaml +Type: System.Management.Automation.PSObject +Parameter Sets: (All) +Aliases: AzureRMContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +The Sentinel onboarding state name. +Supports - default + +```yaml +Type: System.String +Parameter Sets: UpdateExpanded +Aliases: SentinelOnboardingStateName + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +The name of the resource group. +The name is case insensitive. + +```yaml +Type: System.String +Parameter Sets: UpdateExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SubscriptionId +The ID of the target subscription. + +```yaml +Type: System.String +Parameter Sets: UpdateExpanded +Aliases: + +Required: False +Position: Named +Default value: (Get-AzContext).Subscription.Id +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceName +The name of the workspace. + +```yaml +Type: System.String +Parameter Sets: UpdateExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + +## OUTPUTS + +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISentinelOnboardingState + +## NOTES + +## RELATED LINKS + diff --git a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelSetting.md b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelSetting.md index 6e1acbe44b09..a6b312491c77 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelSetting.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/docs/Update-AzSentinelSetting.md @@ -21,7 +21,7 @@ Update-AzSentinelSetting -ResourceGroupName -WorkspaceName -En ### UpdateExpandedUeba ``` -Update-AzSentinelSetting -ResourceGroupName -WorkspaceName -DataSource +Update-AzSentinelSetting -ResourceGroupName -WorkspaceName -DataSource -SettingsName [-SubscriptionId ] [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` @@ -34,7 +34,7 @@ Update-AzSentinelSetting -InputObject -Enabled -DataSource +Update-AzSentinelSetting -InputObject -DataSource [-DefaultProfile ] [-AsJob] [-NoWait] [-Confirm] [-WhatIf] [] ``` @@ -71,7 +71,7 @@ Accept wildcard characters: False ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.UebaDataSources[] +Type: System.String[] Parameter Sets: UpdateExpandedUeba, UpdateViaIdentityExpandedUeba Aliases: @@ -245,7 +245,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Settings +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Settings ## NOTES diff --git a/src/SecurityInsights/SecurityInsights.Autorest/examples/Get-AzSentinelEntity.md b/src/SecurityInsights/SecurityInsights.Autorest/examples/Get-AzSentinelEntity.md index 2a46261b0721..62be07b70b68 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/examples/Get-AzSentinelEntity.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/examples/Get-AzSentinelEntity.md @@ -28,8 +28,8 @@ This command gets an Entity. ### Example 3: Get a Entity by object Id ```powershell - $Entitys = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" - $Entitys[0] | Get-AzSentinelEntity + $Entities = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" + $Entities[0] | Get-AzSentinelEntity ``` ```output FriendlyName : WIN2019 diff --git a/src/SecurityInsights/SecurityInsights.Autorest/examples/Get-AzSentinelEntityInsight.md b/src/SecurityInsights/SecurityInsights.Autorest/examples/Get-AzSentinelEntityInsight.md index 2644a1248a4d..d07ac4553e71 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/examples/Get-AzSentinelEntityInsight.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/examples/Get-AzSentinelEntityInsight.md @@ -18,7 +18,7 @@ This command gets insights for an Entity for a given time range. ```powershell $startTime = (Get-Date).AddDays(-7).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z" $endTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z" - $Entity = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "8d036a2d-f37d-e936-6cca-4e172687cb79" + $Entity = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "00001111-aaaa-2222-bbbb-3333cccc4444" $Entity | Get-AzSentinelEntityInsight -EndTime $endTime -StartTime $startTime ``` ```output diff --git a/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelAlertRule.md index 9f96df72e7fc..3ca60ff1ecf5 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelAlertRule.md @@ -32,7 +32,7 @@ This command creates an Alert Rule of the MicrosoftSecurityIncidentCreation kind ### Example 5: Create a Scheduled Alert Rule ```powershell -New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Exection Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventId == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10 +New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Execution Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventID == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10 ``` This command creates an Alert Rule of the Scheduled kind. Please note that that query (parameter -Query) needs to be on a single line as as string. diff --git a/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelAutomationRule.md index 4a94125b5efc..50f59819bdf3 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelAutomationRule.md @@ -1,7 +1,7 @@ ### Example 1: Create an Automation Rule using Run Playbook ```powershell $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myResourceGroup" -Name "Reset-AADPassword" - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = ($LogicAppResourceId.Id) @@ -13,7 +13,7 @@ This command creates an Automation Rule that has an Action of Run Playbook. ### Example 2: Creates an Automation Rule that has an Action of changing the severity ```powershell - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleModifyPropertiesAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleModifyPropertiesAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "ModifyProperties" $automationRuleAction.ActionConfigurationSeverity = "Low" diff --git a/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelIncidentTeam.md b/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelIncidentTeam.md index 7086cc39ac5d..cc31db8bfd83 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelIncidentTeam.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/examples/New-AzSentinelIncidentTeam.md @@ -7,7 +7,7 @@ Description : Name : Incident : NewIncident3 PrimaryChannelUrl : https://teams.microsoft.com/l/team/19:vYoGjeGlZmTEDmu0gTbrk9T_eDS4pKIkEU7UuM1IyZk1%40thread.tacv2/conversations?groupId=3c637cc5-caf1-46c7-93ac-069c6 - 4b05395&tenantId=8f21ced5-2eff-4f8d-aff1-4dbb4cee8e3d + 4b05395&tenantId=00001111-aaaa-2222-bbbb-3333cccc4444 TeamCreationTimeUtc : 2/4/2022 3:02:03 PM TeamId : 3c637cc5-caf1-46c7-93ac-069c64b05395 ``` diff --git a/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelAlertRuleAction.md index 16a4b1984b2d..7d87fcbffd4e 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelAlertRuleAction.md @@ -5,4 +5,4 @@ $LogicAppTriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "myLog Update-AzSentinelAlertRuleAction -ResourceGroupName "mySentinelResourceGroupName" -workspaceName "myWorkspaceName" -RuleId "48bbf86d-540b-4a7b-9fee-2bd7d810dbed" -LogicAppResourceId ($LogicAppResourceId.Id) -TriggerUri ($LogicAppTriggerUri.Value) -Id ((New-Guid).Guid) ``` -This command updates an alert rule action +This command updates an alert rule action \ No newline at end of file diff --git a/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelAutomationRule.md index 6ed5714047f5..6f9ba04317d0 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelAutomationRule.md @@ -1,7 +1,7 @@ ### Example 1: Updates an automation rule ```powershell $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myResourceGroup" -Name "Reset-AADPassword" - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = ($LogicAppResourceId.Id) diff --git a/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelOnboardingState.md new file mode 100644 index 000000000000..da0130527c1a --- /dev/null +++ b/src/SecurityInsights/SecurityInsights.Autorest/examples/Update-AzSentinelOnboardingState.md @@ -0,0 +1,6 @@ +### Example 1: Update Sentinel onboarding state +```powershell +Update-AzSentinelOnboardingState -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Name "default" +``` + +This command updates the onboarding state of Sentinel. \ No newline at end of file diff --git a/src/SecurityInsights/SecurityInsights.Autorest/generate-info.json b/src/SecurityInsights/SecurityInsights.Autorest/generate-info.json index e92507ccece0..f3e1e2ab1f94 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/generate-info.json +++ b/src/SecurityInsights/SecurityInsights.Autorest/generate-info.json @@ -1,3 +1,3 @@ { - "generate_Id": "d08ff4b5-9844-4e5a-9bda-11e01ec89215" + "generate_Id": "c4f99f0d-5aec-4d01-96cc-b028f40fbd48" } diff --git a/src/SecurityInsights/SecurityInsights.Autorest/resources/README.md b/src/SecurityInsights/SecurityInsights.Autorest/resources/README.md new file mode 100644 index 000000000000..937f07f8fec2 --- /dev/null +++ b/src/SecurityInsights/SecurityInsights.Autorest/resources/README.md @@ -0,0 +1,11 @@ +# Resources +This directory can contain any additional resources for module that are not required at runtime. This directory **does not** get packaged with the module. If you have assets for custom implementation, place them into the `..\custom` folder. + +## Info +- Modifiable: yes +- Generated: no +- Committed: yes +- Packaged: no + +## Purpose +Use this folder to put anything you want to keep around as part of the repository for the module, but is not something that is required for the module. For example, development files, packaged builds, or additional information. This is only intended to be used in repositories where the module's output directory is cleaned, but tangential resources for the module want to remain intact. \ No newline at end of file diff --git a/src/SecurityInsights/SecurityInsights.Autorest/test/New-AzSentinelAutomationRule.Tests.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/test/New-AzSentinelAutomationRule.Tests.ps1 index 41d8cba192cd..5e8e8b995852 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/test/New-AzSentinelAutomationRule.Tests.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/test/New-AzSentinelAutomationRule.Tests.ps1 @@ -16,7 +16,7 @@ if(($null -eq $TestName) -or ($TestName -contains 'New-AzSentinelAutomationRule' Describe 'New-AzSentinelAutomationRule' { It 'CreateExpanded' { - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = $env.Playbook2LogicAppResourceId diff --git a/src/SecurityInsights/SecurityInsights.Autorest/test/Update-AzSentinelAutomationRule.Tests.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/test/Update-AzSentinelAutomationRule.Tests.ps1 index cc178161a47f..40e764795f82 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/test/Update-AzSentinelAutomationRule.Tests.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/test/Update-AzSentinelAutomationRule.Tests.ps1 @@ -16,7 +16,7 @@ if(($null -eq $TestName) -or ($TestName -contains 'Update-AzSentinelAutomationRu Describe 'Update-AzSentinelAutomationRule' { It 'UpdateExpanded' { - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = $env.Playbook4LogicAppResourceId @@ -27,7 +27,7 @@ Describe 'Update-AzSentinelAutomationRule' { } It 'UpdateViaIdentityExpanded' { - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = $env.Playbook4LogicAppResourceId diff --git a/src/SecurityInsights/SecurityInsights.Autorest/test/Get-AzSentinelSourceControlRepository.Tests.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/test/Update-AzSentinelOnboardingState.Tests.ps1 similarity index 58% rename from src/SecurityInsights/SecurityInsights.Autorest/test/Get-AzSentinelSourceControlRepository.Tests.ps1 rename to src/SecurityInsights/SecurityInsights.Autorest/test/Update-AzSentinelOnboardingState.Tests.ps1 index 855ce433ef3a..555cb37cd12c 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/test/Get-AzSentinelSourceControlRepository.Tests.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/test/Update-AzSentinelOnboardingState.Tests.ps1 @@ -1,11 +1,11 @@ -if(($null -eq $TestName) -or ($TestName -contains 'Get-AzSentinelSourceControlRepository')) +if(($null -eq $TestName) -or ($TestName -contains 'Update-AzSentinelOnboardingState')) { $loadEnvPath = Join-Path $PSScriptRoot 'loadEnv.ps1' if (-Not (Test-Path -Path $loadEnvPath)) { $loadEnvPath = Join-Path $PSScriptRoot '..\loadEnv.ps1' } . ($loadEnvPath) - $TestRecordingFile = Join-Path $PSScriptRoot 'Get-AzSentinelSourceControlRepository.Recording.json' + $TestRecordingFile = Join-Path $PSScriptRoot 'Update-AzSentinelOnboardingState.Recording.json' $currentPath = $PSScriptRoot while(-not $mockingPath) { $mockingPath = Get-ChildItem -Path $currentPath -Recurse -Include 'HttpPipelineMocking.ps1' -File @@ -14,8 +14,12 @@ if(($null -eq $TestName) -or ($TestName -contains 'Get-AzSentinelSourceControlRe . ($mockingPath | Select-Object -First 1).FullName } -Describe 'Get-AzSentinelSourceControlRepository' { - It 'List' -skip { +Describe 'Update-AzSentinelOnboardingState' { + It 'UpdateExpanded' -skip { + { throw [System.NotImplementedException] } | Should -Not -Throw + } + + It 'UpdateViaIdentityExpanded' -skip { { throw [System.NotImplementedException] } | Should -Not -Throw } } diff --git a/src/SecurityInsights/SecurityInsights.Autorest/test/common.ps1 b/src/SecurityInsights/SecurityInsights.Autorest/test/common.ps1 index 4134b350dddb..5989caffa98f 100644 --- a/src/SecurityInsights/SecurityInsights.Autorest/test/common.ps1 +++ b/src/SecurityInsights/SecurityInsights.Autorest/test/common.ps1 @@ -126,12 +126,12 @@ Function Write-OMSLogfile { Function SendToLogA ($eventsTableName, $EventsTableFile, $CustomerId, $SharedKey ) { $eventsData = Import-Csv $EventsTableFile - + #Test Size; Log A limit is 30MB $tempdata = @() $tempDataSize = 0 - if ((($eventsData | Convertto-json -depth 20).Length) -gt 25MB) { + if ((($eventsData | ConvertTo-Json -depth 20).Length) -gt 25MB) { Write-Host "Upload is over 25MB, needs to be split" foreach ($record in $eventsData) { $tempdata += $record @@ -144,10 +144,10 @@ Function SendToLogA ($eventsTableName, $EventsTableFile, $CustomerId, $SharedKey $tempDataSize = 0 } } - Write-Host "Sending left over data = $Tempdatasize" + Write-Host "Sending left over data = $TempDataSize" $postLAStatus = Write-OMSLogfile -dateTime (Get-Date) -type $eventsTableName -logdata $tempdata -CustomerID $CustomerId -SharedKey $SharedKey } - Else { + else { $postLAStatus = Write-OMSLogfile -dateTime (Get-Date) -type $eventsTableName -logdata $eventsData -CustomerID $CustomerId -SharedKey $SharedKey } return $postLAStatus diff --git a/src/SecurityInsights/SecurityInsights.sln b/src/SecurityInsights/SecurityInsights.sln index cbb42bc2b1e6..8071851a1b3e 100644 --- a/src/SecurityInsights/SecurityInsights.sln +++ b/src/SecurityInsights/SecurityInsights.sln @@ -1,4 +1,4 @@ - + Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio Version 17 VisualStudioVersion = 17.0.31903.59 @@ -19,49 +19,119 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Authenticators", "..\Accoun EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecurityInsights", "SecurityInsights\SecurityInsights.csproj", "{F74A1659-4994-47CB-A786-DF83675AD4DF}" EndProject -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Az.SecurityInsights", "..\..\generated\SecurityInsights\SecurityInsights.Autorest\Az.SecurityInsights.csproj", "{1E59DA7A-D72B-4EF1-ADA7-6CC8E70463A9}" +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "SecurityInsights.Autorest", "SecurityInsights.Autorest", "{1F2C7E28-510C-0414-601C-25083DE2C7DC}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Az.SecurityInsights", "..\..\generated\SecurityInsights\SecurityInsights.Autorest\Az.SecurityInsights.csproj", "{40E61C34-9242-465E-A2A7-E4F3900E0825}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 Release|Any CPU = Release|Any CPU - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE + Release|x64 = Release|x64 + Release|x86 = Release|x86 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Debug|Any CPU.Build.0 = Debug|Any CPU + {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Debug|x64.ActiveCfg = Debug|Any CPU + {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Debug|x64.Build.0 = Debug|Any CPU + {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Debug|x86.ActiveCfg = Debug|Any CPU + {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Debug|x86.Build.0 = Debug|Any CPU {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Release|Any CPU.ActiveCfg = Release|Any CPU {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Release|Any CPU.Build.0 = Release|Any CPU + {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Release|x64.ActiveCfg = Release|Any CPU + {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Release|x64.Build.0 = Release|Any CPU + {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Release|x86.ActiveCfg = Release|Any CPU + {190A5E6D-42A5-48BB-AE09-0A40734AAA30}.Release|x86.Build.0 = Release|Any CPU {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Debug|Any CPU.Build.0 = Debug|Any CPU + {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Debug|x64.ActiveCfg = Debug|Any CPU + {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Debug|x64.Build.0 = Debug|Any CPU + {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Debug|x86.ActiveCfg = Debug|Any CPU + {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Debug|x86.Build.0 = Debug|Any CPU {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Release|Any CPU.ActiveCfg = Release|Any CPU {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Release|Any CPU.Build.0 = Release|Any CPU + {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Release|x64.ActiveCfg = Release|Any CPU + {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Release|x64.Build.0 = Release|Any CPU + {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Release|x86.ActiveCfg = Release|Any CPU + {4F3C1902-A213-424D-8BBD-9D1216BEBC31}.Release|x86.Build.0 = Release|Any CPU {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Debug|Any CPU.Build.0 = Debug|Any CPU + {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Debug|x64.ActiveCfg = Debug|Any CPU + {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Debug|x64.Build.0 = Debug|Any CPU + {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Debug|x86.ActiveCfg = Debug|Any CPU + {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Debug|x86.Build.0 = Debug|Any CPU {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Release|Any CPU.ActiveCfg = Release|Any CPU {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Release|Any CPU.Build.0 = Release|Any CPU + {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Release|x64.ActiveCfg = Release|Any CPU + {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Release|x64.Build.0 = Release|Any CPU + {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Release|x86.ActiveCfg = Release|Any CPU + {C9A586D1-F031-4EC2-B03F-979247AE3B18}.Release|x86.Build.0 = Release|Any CPU {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Debug|Any CPU.Build.0 = Debug|Any CPU + {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Debug|x64.ActiveCfg = Debug|Any CPU + {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Debug|x64.Build.0 = Debug|Any CPU + {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Debug|x86.ActiveCfg = Debug|Any CPU + {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Debug|x86.Build.0 = Debug|Any CPU {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Release|Any CPU.ActiveCfg = Release|Any CPU {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Release|Any CPU.Build.0 = Release|Any CPU + {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Release|x64.ActiveCfg = Release|Any CPU + {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Release|x64.Build.0 = Release|Any CPU + {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Release|x86.ActiveCfg = Release|Any CPU + {8DD4BC41-DC30-4267-ACBA-93FBD67044D9}.Release|x86.Build.0 = Release|Any CPU {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Debug|Any CPU.Build.0 = Debug|Any CPU + {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Debug|x64.ActiveCfg = Debug|Any CPU + {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Debug|x64.Build.0 = Debug|Any CPU + {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Debug|x86.ActiveCfg = Debug|Any CPU + {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Debug|x86.Build.0 = Debug|Any CPU {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Release|Any CPU.ActiveCfg = Release|Any CPU {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Release|Any CPU.Build.0 = Release|Any CPU + {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Release|x64.ActiveCfg = Release|Any CPU + {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Release|x64.Build.0 = Release|Any CPU + {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Release|x86.ActiveCfg = Release|Any CPU + {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C}.Release|x86.Build.0 = Release|Any CPU {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Debug|Any CPU.Build.0 = Debug|Any CPU + {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Debug|x64.ActiveCfg = Debug|Any CPU + {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Debug|x64.Build.0 = Debug|Any CPU + {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Debug|x86.ActiveCfg = Debug|Any CPU + {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Debug|x86.Build.0 = Debug|Any CPU {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Release|Any CPU.ActiveCfg = Release|Any CPU {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Release|Any CPU.Build.0 = Release|Any CPU + {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Release|x64.ActiveCfg = Release|Any CPU + {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Release|x64.Build.0 = Release|Any CPU + {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Release|x86.ActiveCfg = Release|Any CPU + {453F081C-D5FD-418E-95AF-231F1BAE1E8C}.Release|x86.Build.0 = Release|Any CPU {F74A1659-4994-47CB-A786-DF83675AD4DF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {F74A1659-4994-47CB-A786-DF83675AD4DF}.Debug|Any CPU.Build.0 = Debug|Any CPU + {F74A1659-4994-47CB-A786-DF83675AD4DF}.Debug|x64.ActiveCfg = Debug|Any CPU + {F74A1659-4994-47CB-A786-DF83675AD4DF}.Debug|x64.Build.0 = Debug|Any CPU + {F74A1659-4994-47CB-A786-DF83675AD4DF}.Debug|x86.ActiveCfg = Debug|Any CPU + {F74A1659-4994-47CB-A786-DF83675AD4DF}.Debug|x86.Build.0 = Debug|Any CPU {F74A1659-4994-47CB-A786-DF83675AD4DF}.Release|Any CPU.ActiveCfg = Release|Any CPU {F74A1659-4994-47CB-A786-DF83675AD4DF}.Release|Any CPU.Build.0 = Release|Any CPU - {1E59DA7A-D72B-4EF1-ADA7-6CC8E70463A9}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {1E59DA7A-D72B-4EF1-ADA7-6CC8E70463A9}.Debug|Any CPU.Build.0 = Debug|Any CPU - {1E59DA7A-D72B-4EF1-ADA7-6CC8E70463A9}.Release|Any CPU.ActiveCfg = Release|Any CPU - {1E59DA7A-D72B-4EF1-ADA7-6CC8E70463A9}.Release|Any CPU.Build.0 = Release|Any CPU + {F74A1659-4994-47CB-A786-DF83675AD4DF}.Release|x64.ActiveCfg = Release|Any CPU + {F74A1659-4994-47CB-A786-DF83675AD4DF}.Release|x64.Build.0 = Release|Any CPU + {F74A1659-4994-47CB-A786-DF83675AD4DF}.Release|x86.ActiveCfg = Release|Any CPU + {F74A1659-4994-47CB-A786-DF83675AD4DF}.Release|x86.Build.0 = Release|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Debug|Any CPU.Build.0 = Debug|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Debug|x64.ActiveCfg = Debug|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Debug|x64.Build.0 = Debug|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Debug|x86.ActiveCfg = Debug|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Debug|x86.Build.0 = Debug|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Release|Any CPU.ActiveCfg = Release|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Release|Any CPU.Build.0 = Release|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Release|x64.ActiveCfg = Release|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Release|x64.Build.0 = Release|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Release|x86.ActiveCfg = Release|Any CPU + {40E61C34-9242-465E-A2A7-E4F3900E0825}.Release|x86.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE EndGlobalSection GlobalSection(NestedProjects) = preSolution {190A5E6D-42A5-48BB-AE09-0A40734AAA30} = {F3681287-CEBF-4540-A820-B4B174AFF47F} @@ -70,5 +140,6 @@ Global {8DD4BC41-DC30-4267-ACBA-93FBD67044D9} = {F3681287-CEBF-4540-A820-B4B174AFF47F} {0FEAB705-FEE4-4B66-A6E1-F3FF3BA6B04C} = {F3681287-CEBF-4540-A820-B4B174AFF47F} {453F081C-D5FD-418E-95AF-231F1BAE1E8C} = {F3681287-CEBF-4540-A820-B4B174AFF47F} + {40E61C34-9242-465E-A2A7-E4F3900E0825} = {1F2C7E28-510C-0414-601C-25083DE2C7DC} EndGlobalSection EndGlobal diff --git a/src/SecurityInsights/SecurityInsights/Az.SecurityInsights.psd1 b/src/SecurityInsights/SecurityInsights/Az.SecurityInsights.psd1 index acc2acdd5fda..0e9da4aa1d67 100644 --- a/src/SecurityInsights/SecurityInsights/Az.SecurityInsights.psd1 +++ b/src/SecurityInsights/SecurityInsights/Az.SecurityInsights.psd1 @@ -3,7 +3,7 @@ # # Generated by: Microsoft Corporation # -# Generated on: 1/9/2025 +# Generated on: 8/26/2025 # @{ @@ -51,19 +51,19 @@ DotNetFrameworkVersion = '4.7.2' # ProcessorArchitecture = '' # Modules that must be imported into the global environment prior to importing this module -RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '4.0.1'; }) +RequiredModules = @(@{ModuleName = 'Az.Accounts'; ModuleVersion = '5.2.0'; }) # Assemblies that must be loaded prior to importing this module RequiredAssemblies = 'SecurityInsights.Autorest/bin/Az.SecurityInsights.private.dll' # Script files (.ps1) that are run in the caller's environment prior to importing this module. -# ScriptsToProcess = @() +ScriptsToProcess = @() # Type files (.ps1xml) to be loaded when importing this module -# TypesToProcess = @() +TypesToProcess = @() # Format files (.ps1xml) to be loaded when importing this module -FormatsToProcess = 'SecurityInsights.Autorest\Az.SecurityInsights.format.ps1xml' +FormatsToProcess = 'SecurityInsights.Autorest/Az.SecurityInsights.format.ps1xml' # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess NestedModules = @('SecurityInsights.Autorest/Az.SecurityInsights.psm1') @@ -103,7 +103,8 @@ FunctionsToExport = 'Get-AzSentinelAlertRule', 'Get-AzSentinelAlertRuleAction', 'Update-AzSentinelBookmarkRelation', 'Update-AzSentinelDataConnector', 'Update-AzSentinelEntityQuery', 'Update-AzSentinelIncident', 'Update-AzSentinelIncidentComment', - 'Update-AzSentinelIncidentRelation', 'Update-AzSentinelSetting' + 'Update-AzSentinelIncidentRelation', + 'Update-AzSentinelOnboardingState', 'Update-AzSentinelSetting' # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = @() @@ -129,7 +130,7 @@ PrivateData = @{ PSData = @{ # Tags applied to this module. These help with module discovery in online galleries. - Tags = 'Azure','ResourceManager','ARM','PSModule','SecurityInsights' + Tags = 'Azure', 'ResourceManager', 'ARM', 'PSModule', 'SecurityInsights' # A URL to the license for this module. LicenseUri = 'https://aka.ms/azps-license' @@ -154,7 +155,7 @@ PrivateData = @{ } # End of PSData hashtable - } # End of PrivateData hashtable +} # End of PrivateData hashtable # HelpInfo URI of this module # HelpInfoURI = '' diff --git a/src/SecurityInsights/SecurityInsights/help/Az.SecurityInsights.md b/src/SecurityInsights/SecurityInsights/help/Az.SecurityInsights.md index 06d4a51886a8..38e30cbd9bb2 100644 --- a/src/SecurityInsights/SecurityInsights/help/Az.SecurityInsights.md +++ b/src/SecurityInsights/SecurityInsights/help/Az.SecurityInsights.md @@ -96,16 +96,16 @@ Query threat intelligence indicators as per filtering criteria. Creates the alert rule. ### [New-AzSentinelAlertRuleAction](New-AzSentinelAlertRuleAction.md) -Creates or updates the action of alert rule. +Create the action of alert rule. ### [New-AzSentinelAutomationRule](New-AzSentinelAutomationRule.md) -Creates or updates the automation rule. +Create the automation rule. ### [New-AzSentinelBookmark](New-AzSentinelBookmark.md) -Creates or updates the bookmark. +Create the bookmark. ### [New-AzSentinelBookmarkRelation](New-AzSentinelBookmarkRelation.md) -Creates the bookmark relation. +Create the bookmark relation. ### [New-AzSentinelDataConnector](New-AzSentinelDataConnector.md) Creates or updates the data connector. @@ -114,16 +114,16 @@ Creates or updates the data connector. Creates or updates the entity query. ### [New-AzSentinelIncident](New-AzSentinelIncident.md) -Creates or updates the incident. +Create the incident. ### [New-AzSentinelIncidentComment](New-AzSentinelIncidentComment.md) -Creates or updates the incident comment. +Create the incident comment. ### [New-AzSentinelIncidentRelation](New-AzSentinelIncidentRelation.md) -Creates or updates the incident relation. +Create the incident relation. ### [New-AzSentinelIncidentTeam](New-AzSentinelIncidentTeam.md) -Creates a Microsoft team to investigate the incident by sharing information and insights between participants. +Create a Microsoft team to investigate the incident by sharing information and insights between participants. ### [New-AzSentinelOnboardingState](New-AzSentinelOnboardingState.md) Create Sentinel onboarding state @@ -168,16 +168,16 @@ Get requirements state for a data connector type. Updates the alert rule. ### [Update-AzSentinelAlertRuleAction](Update-AzSentinelAlertRuleAction.md) -Creates or updates the action of alert rule. +Update the action of alert rule. ### [Update-AzSentinelAutomationRule](Update-AzSentinelAutomationRule.md) -Creates or updates the automation rule. +Update the automation rule. ### [Update-AzSentinelBookmark](Update-AzSentinelBookmark.md) -Creates or updates the bookmark. +Update the bookmark. ### [Update-AzSentinelBookmarkRelation](Update-AzSentinelBookmarkRelation.md) -Creates the bookmark relation. +Update the bookmark relation. ### [Update-AzSentinelDataConnector](Update-AzSentinelDataConnector.md) Updates the data connector. @@ -186,13 +186,16 @@ Updates the data connector. Updates the entity query. ### [Update-AzSentinelIncident](Update-AzSentinelIncident.md) -Creates or updates the incident. +Update the incident. ### [Update-AzSentinelIncidentComment](Update-AzSentinelIncidentComment.md) -Creates or updates the incident comment. +Update the incident comment. ### [Update-AzSentinelIncidentRelation](Update-AzSentinelIncidentRelation.md) -Creates or updates the incident relation. +Update the incident relation. + +### [Update-AzSentinelOnboardingState](Update-AzSentinelOnboardingState.md) +Update Sentinel onboarding state ### [Update-AzSentinelSetting](Update-AzSentinelSetting.md) Updates setting. diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRule.md index af2674bfa601..0dc0db5349da 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRule.md @@ -113,7 +113,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -197,7 +196,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAlertRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRuleAction.md index 16940f6357d2..516869ff0942 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRuleAction.md @@ -18,6 +18,12 @@ Get-AzSentinelAlertRuleAction -ResourceGroupName -RuleId [-Sub -WorkspaceName [-DefaultProfile ] [] ``` +### GetViaIdentityAlertRule +``` +Get-AzSentinelAlertRuleAction -Id -AlertRuleInputObject + [-DefaultProfile ] [] +``` + ### Get ``` Get-AzSentinelAlertRuleAction -Id -ResourceGroupName -RuleId @@ -55,6 +61,21 @@ This command lists all Actions for a given Alert Rule. ## PARAMETERS +### -AlertRuleInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityAlertRule +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -76,7 +97,7 @@ Action ID ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: GetViaIdentityAlertRule, Get Aliases: ActionId Required: True @@ -88,7 +109,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -172,7 +192,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IActionResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRuleTemplate.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRuleTemplate.md index 27389fa1a21d..bf94d2ebb231 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRuleTemplate.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAlertRuleTemplate.md @@ -114,7 +114,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -183,7 +182,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRuleTemplate +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAlertRuleTemplate ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAutomationRule.md index 286b17cb69ba..3007819b8fbf 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelAutomationRule.md @@ -104,7 +104,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -173,7 +172,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelBookmark.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelBookmark.md index bc82f56c9bb4..9773c5340984 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelBookmark.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelBookmark.md @@ -102,7 +102,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -171,7 +170,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IBookmark ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelBookmarkRelation.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelBookmarkRelation.md index 7345781b1d35..2212d2ff9293 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelBookmarkRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelBookmarkRelation.md @@ -26,6 +26,12 @@ Get-AzSentinelBookmarkRelation -BookmarkId -RelationName -Reso [] ``` +### GetViaIdentityBookmark +``` +Get-AzSentinelBookmarkRelation -RelationName -BookmarkInputObject + [-DefaultProfile ] [] +``` + ### GetViaIdentity ``` Get-AzSentinelBookmarkRelation -InputObject [-DefaultProfile ] @@ -94,6 +100,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -BookmarkInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityBookmark +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -128,7 +149,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -163,7 +183,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: Get, GetViaIdentityBookmark Aliases: Required: True @@ -261,7 +281,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelDataConnector.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelDataConnector.md index 5e7308be00e7..3b699b861ab6 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelDataConnector.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelDataConnector.md @@ -101,7 +101,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -170,7 +169,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IDataConnector ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEnrichment.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEnrichment.md index c6da5c04cb15..e9b89dfa6612 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEnrichment.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEnrichment.md @@ -24,18 +24,6 @@ Get-AzSentinelEnrichment -ResourceGroupName [-SubscriptionId [-DefaultProfile ] [] ``` -### GetViaIdentity1 -``` -Get-AzSentinelEnrichment -InputObject -Domain [-DefaultProfile ] - [] -``` - -### GetViaIdentity -``` -Get-AzSentinelEnrichment -InputObject -IPAddress - [-DefaultProfile ] [] -``` - ## DESCRIPTION Get geodata for a single IP address @@ -106,7 +94,7 @@ Domain name to be enriched ```yaml Type: System.String -Parameter Sets: Get1, GetViaIdentity1 +Parameter Sets: Get1 Aliases: Required: True @@ -116,28 +104,12 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -InputObject -Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. - -```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity -Parameter Sets: GetViaIdentity1, GetViaIdentity -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -IPAddress IP address (v4 or v6) to be enriched ```yaml Type: System.String -Parameter Sets: Get, GetViaIdentity +Parameter Sets: Get Aliases: Required: True @@ -153,7 +125,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: Get, Get1 +Parameter Sets: (All) Aliases: Required: True @@ -168,7 +140,7 @@ The ID of the target subscription. ```yaml Type: System.String[] -Parameter Sets: Get, Get1 +Parameter Sets: (All) Aliases: Required: False @@ -183,13 +155,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentDomainWhois +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEnrichmentDomainWhois -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentIPGeodata +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEnrichmentIPGeodata ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntity.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntity.md index 22169e4d07a0..717a2b8c2625 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntity.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntity.md @@ -127,7 +127,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -196,7 +195,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntity +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntity ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityActivity.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityActivity.md index c088865e2370..b60741120a48 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityActivity.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityActivity.md @@ -12,9 +12,15 @@ Get Insights and Activities for an entity. ## SYNTAX +### Queries (Default) ``` -Get-AzSentinelEntityActivity -EntityId -ResourceGroupName -WorkspaceName - [-SubscriptionId ] [-DefaultProfile ] +Get-AzSentinelEntityActivity -EntityId -ResourceGroupName [-SubscriptionId ] + -WorkspaceName [-DefaultProfile ] [] +``` + +### QueriesViaIdentity +``` +Get-AzSentinelEntityActivity -InputObject [-DefaultProfile ] [] ``` @@ -50,7 +56,7 @@ $Entity = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspa $Entity | Get-AzSentinelEntityActivity ``` -This command gets insights and activities for an Entity by object +This command gets insights and activies for an Entity by object ## PARAMETERS @@ -75,7 +81,7 @@ entity ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: Queries Aliases: Required: True @@ -85,13 +91,28 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -InputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: QueriesViaIdentity +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -ResourceGroupName The name of the resource group. The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: Queries Aliases: Required: True @@ -106,7 +127,7 @@ The ID of the target subscription. ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: Queries Aliases: Required: False @@ -121,7 +142,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: Queries Aliases: Required: True @@ -136,9 +157,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQueryItem +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IGetQueriesResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityInsight.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityInsight.md index d41f79e4c90a..6b14042b292b 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityInsight.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityInsight.md @@ -12,13 +12,21 @@ Execute Insights for an entity. ## SYNTAX +### GetExpanded (Default) ``` -Get-AzSentinelEntityInsight -EntityId -ResourceGroupName -WorkspaceName - [-SubscriptionId ] -EndTime -StartTime [-AddDefaultExtendedTimeRange] +Get-AzSentinelEntityInsight -EntityId -ResourceGroupName [-SubscriptionId ] + -WorkspaceName -EndTime -StartTime [-AddDefaultExtendedTimeRange] [-InsightQueryId ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` +### GetViaIdentityExpanded +``` +Get-AzSentinelEntityInsight -InputObject -EndTime -StartTime + [-AddDefaultExtendedTimeRange] [-InsightQueryId ] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + ## DESCRIPTION Execute Insights for an entity. @@ -113,7 +121,7 @@ entity ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: GetExpanded Aliases: Required: True @@ -123,6 +131,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -InputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InsightQueryId List of Insights Query Id. If empty, default value is all insights of this entity @@ -145,7 +168,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: GetExpanded Aliases: Required: True @@ -175,7 +198,7 @@ The ID of the target subscription. ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: GetExpanded Aliases: Required: False @@ -190,7 +213,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: GetExpanded Aliases: Required: True @@ -236,9 +259,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityGetInsightsResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityGetInsightsResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityQuery.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityQuery.md index ce4799d75e68..8ccef4bde2bf 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityQuery.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityQuery.md @@ -132,7 +132,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -216,7 +215,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQuery +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityQuery ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityQueryTemplate.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityQueryTemplate.md index b1ca0d91f8ae..176f3b269580 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityQueryTemplate.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityQueryTemplate.md @@ -121,7 +121,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -205,7 +204,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQueryTemplate +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityQueryTemplate ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityRelation.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityRelation.md index a0de3b3f327d..4dc44951de75 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityRelation.md @@ -26,6 +26,12 @@ Get-AzSentinelEntityRelation -EntityId -RelationName -Resource [] ``` +### GetViaIdentityEntity +``` +Get-AzSentinelEntityRelation -RelationName -EntityInputObject + [-DefaultProfile ] [] +``` + ### GetViaIdentity ``` Get-AzSentinelEntityRelation -InputObject [-DefaultProfile ] @@ -92,6 +98,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -EntityInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityEntity +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -Filter Filters the results, based on a Boolean condition. Optional. @@ -110,7 +131,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -145,7 +165,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: Get, GetViaIdentityEntity Aliases: Required: True @@ -243,7 +263,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityTimeline.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityTimeline.md index 753a063e6421..aab72b70c038 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityTimeline.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelEntityTimeline.md @@ -14,7 +14,7 @@ Timeline for an entity. ``` Get-AzSentinelEntityTimeline -EntityId -ResourceGroupName -WorkspaceName - [-SubscriptionId ] -EndTime -StartTime [-Kind ] + [-SubscriptionId ] -EndTime -StartTime [-Kind ] [-NumberOfBucket ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -96,7 +96,7 @@ Accept wildcard characters: False Array of timeline Item kinds. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityTimelineKind[] +Type: System.String[] Parameter Sets: (All) Aliases: @@ -221,7 +221,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityTimelineResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityTimelineResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncident.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncident.md index 61424267e4b7..20534a851ffd 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncident.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncident.md @@ -121,7 +121,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -239,7 +238,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncident ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentAlert.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentAlert.md index e89933487834..1d817d5528f5 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentAlert.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentAlert.md @@ -159,7 +159,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISecurityAlert +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentAlertList ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentBookmark.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentBookmark.md index 4b4d440027d0..89366599acfe 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentBookmark.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentBookmark.md @@ -158,7 +158,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IHuntingBookmark +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentBookmarkList ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentComment.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentComment.md index 212e7ce1a347..8f94311efc4f 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentComment.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentComment.md @@ -19,6 +19,12 @@ Get-AzSentinelIncidentComment -IncidentId -ResourceGroupName [ [-DefaultProfile ] [] ``` +### GetViaIdentityIncident +``` +Get-AzSentinelIncidentComment -Id -IncidentInputObject + [-DefaultProfile ] [] +``` + ### Get ``` Get-AzSentinelIncidentComment -Id -IncidentId -ResourceGroupName @@ -108,7 +114,7 @@ Incident comment ID ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: GetViaIdentityIncident, Get Aliases: IncidentCommentId Required: True @@ -133,9 +139,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityIncident +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -253,7 +273,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentComment ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentEntity.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentEntity.md index aa4c4077a68d..d964de4c1da0 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentEntity.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentEntity.md @@ -153,7 +153,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentEntitiesResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentEntitiesResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentRelation.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentRelation.md index 52056508ffc8..82cc77aae982 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelIncidentRelation.md @@ -26,6 +26,12 @@ Get-AzSentinelIncidentRelation -IncidentId -RelationName -Reso [] ``` +### GetViaIdentityIncident +``` +Get-AzSentinelIncidentRelation -RelationName -IncidentInputObject + [-DefaultProfile ] [] +``` + ### GetViaIdentity ``` Get-AzSentinelIncidentRelation -InputObject [-DefaultProfile ] @@ -134,9 +140,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: GetViaIdentityIncident +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -171,7 +191,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Get +Parameter Sets: Get, GetViaIdentityIncident Aliases: Required: True @@ -269,7 +289,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelMetadata.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelMetadata.md index ac2c4c4b0ea7..a9baa0be66be 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelMetadata.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelMetadata.md @@ -85,7 +85,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -217,7 +216,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IMetadataModel ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelOnboardingState.md index 8cd23d482ef4..4fc007504bdf 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelOnboardingState.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelOnboardingState.md @@ -79,7 +79,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -164,7 +163,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISentinelOnboardingState +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISentinelOnboardingState + +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISentinelOnboardingStatesList ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelSetting.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelSetting.md index 2a02b63a1bb0..ce5e3aed746a 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelSetting.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelSetting.md @@ -110,7 +110,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -195,7 +194,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISettings +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISettingList + +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISettings ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelThreatIntelligenceIndicator.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelThreatIntelligenceIndicator.md index 63b5c8e19456..0c5940ba8c7b 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelThreatIntelligenceIndicator.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelThreatIntelligenceIndicator.md @@ -118,7 +118,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -251,7 +250,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IThreatIntelligenceInformation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelThreatIntelligenceIndicatorMetric.md b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelThreatIntelligenceIndicatorMetric.md index da3123e669ed..1d77ce7060d8 100644 --- a/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelThreatIntelligenceIndicatorMetric.md +++ b/src/SecurityInsights/SecurityInsights/help/Get-AzSentinelThreatIntelligenceIndicatorMetric.md @@ -108,7 +108,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceMetrics +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IThreatIntelligenceMetricsList ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Invoke-AzSentinelThreatIntelligenceIndicatorQuery.md b/src/SecurityInsights/SecurityInsights/help/Invoke-AzSentinelThreatIntelligenceIndicatorQuery.md index d74caa4864d7..2b5a39317238 100644 --- a/src/SecurityInsights/SecurityInsights/help/Invoke-AzSentinelThreatIntelligenceIndicatorQuery.md +++ b/src/SecurityInsights/SecurityInsights/help/Invoke-AzSentinelThreatIntelligenceIndicatorQuery.md @@ -12,15 +12,40 @@ Query threat intelligence indicators as per filtering criteria. ## SYNTAX +### QueryExpanded (Default) ``` -Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName -WorkspaceName - [-SubscriptionId ] [-Id ] [-IncludeDisabled] [-Keyword ] [-MaxConfidence ] +Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName [-SubscriptionId ] + -WorkspaceName [-Id ] [-IncludeDisabled] [-Keyword ] [-MaxConfidence ] [-MaxValidUntil ] [-MinConfidence ] [-MinValidUntil ] [-PageSize ] [-PatternType ] [-SkipToken ] [-SortBy ] [-Source ] [-ThreatType ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` +### QueryViaJsonString +``` +Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName [-SubscriptionId ] + -WorkspaceName -JsonString [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### QueryViaJsonFilePath +``` +Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName [-SubscriptionId ] + -WorkspaceName -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### QueryViaIdentityExpanded +``` +Invoke-AzSentinelThreatIntelligenceIndicatorQuery -InputObject [-Id ] + [-IncludeDisabled] [-Keyword ] [-MaxConfidence ] [-MaxValidUntil ] + [-MinConfidence ] [-MinValidUntil ] [-PageSize ] [-PatternType ] + [-SkipToken ] [-SortBy ] [-Source ] + [-ThreatType ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + ## DESCRIPTION Query threat intelligence indicators as per filtering criteria. @@ -62,7 +87,7 @@ Ids of threat intelligence indicators ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -77,7 +102,7 @@ Parameter to include/exclude disabled indicators. ```yaml Type: System.Management.Automation.SwitchParameter -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -87,12 +112,57 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -InputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: QueryViaIdentityExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -JsonFilePath +Path of Json file supplied to the Query operation + +```yaml +Type: System.String +Parameter Sets: QueryViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Query operation + +```yaml +Type: System.String +Parameter Sets: QueryViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Keyword Keywords for searching threat intelligence indicators ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -107,7 +177,7 @@ Maximum confidence. ```yaml Type: System.Int32 -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -122,7 +192,7 @@ End time for ValidUntil filter. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -137,7 +207,7 @@ Minimum confidence. ```yaml Type: System.Int32 -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -152,7 +222,7 @@ Start time for ValidUntil filter. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -167,7 +237,7 @@ Page size ```yaml Type: System.Int32 -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -182,7 +252,7 @@ Pattern types ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -198,7 +268,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaJsonString, QueryViaJsonFilePath Aliases: Required: True @@ -213,7 +283,7 @@ Skip token. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -225,11 +295,10 @@ Accept wildcard characters: False ### -SortBy Columns to sort by and sorting order -To construct, see NOTES section for SORTBY properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceSortingCriteria[] -Parameter Sets: (All) +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IThreatIntelligenceSortingCriteria[] +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -244,7 +313,7 @@ Sources of threat intelligence indicators ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -259,7 +328,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaJsonString, QueryViaJsonFilePath Aliases: Required: False @@ -274,7 +343,7 @@ Threat types of threat intelligence indicators ```yaml Type: System.String[] -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaIdentityExpanded Aliases: Required: False @@ -289,7 +358,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: QueryExpanded, QueryViaJsonString, QueryViaJsonFilePath Aliases: Required: True @@ -335,9 +404,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceInformation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IThreatIntelligenceInformation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAlertRule.md index 26898ec49b01..0d1e73d3f10c 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAlertRule.md @@ -15,46 +15,45 @@ Creates the alert rule. ### FusionMLTI (Default) ``` New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-RuleId ] -Kind -AlertRuleTemplate [-Enabled] [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-RuleId ] -Kind -AlertRuleTemplate [-Enabled] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### NRT ``` New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-RuleId ] -Kind [-Enabled] -Query -DisplayName - -Severity [-AlertRuleTemplateName ] [-Description ] - [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] [-CreateIncident] - [-GroupingConfigurationEnabled] [-ReOpenClosedIncident] [-LookbackDuration ] - [-MatchingMethod ] [-GroupByAlertDetail ] [-GroupByCustomDetail ] - [-GroupByEntity ] [-EntityMapping ] [-AlertDescriptionFormat ] - [-AlertDisplayNameFormat ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] - [] + [-RuleId ] -Kind [-Enabled] -Query -DisplayName -Severity + [-AlertRuleTemplateName ] [-Description ] [-SuppressionDuration ] + [-SuppressionEnabled] [-Tactic ] [-CreateIncident] [-GroupingConfigurationEnabled] + [-ReOpenClosedIncident] [-LookbackDuration ] [-MatchingMethod ] + [-GroupByAlertDetail ] [-GroupByCustomDetail ] [-GroupByEntity ] + [-EntityMapping ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] + [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### Scheduled ``` New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-RuleId ] -Kind [-Enabled] -Query -DisplayName - -Severity -QueryFrequency -QueryPeriod - -TriggerOperator -TriggerThreshold [-AlertRuleTemplateName ] - [-Description ] [-SuppressionDuration ] [-SuppressionEnabled] [-Tactic ] - [-CreateIncident] [-GroupingConfigurationEnabled] [-ReOpenClosedIncident] [-LookbackDuration ] - [-MatchingMethod ] [-GroupByAlertDetail ] [-GroupByCustomDetail ] - [-GroupByEntity ] [-EntityMapping ] [-AlertDescriptionFormat ] - [-AlertDisplayNameFormat ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] - [-EventGroupingSettingAggregationKind ] [-DefaultProfile ] [-AsJob] - [-NoWait] [-WhatIf] [-Confirm] [] + [-RuleId ] -Kind [-Enabled] -Query -DisplayName -Severity + -QueryFrequency -QueryPeriod -TriggerOperator -TriggerThreshold + [-AlertRuleTemplateName ] [-Description ] [-SuppressionDuration ] + [-SuppressionEnabled] [-Tactic ] [-CreateIncident] [-GroupingConfigurationEnabled] + [-ReOpenClosedIncident] [-LookbackDuration ] [-MatchingMethod ] + [-GroupByAlertDetail ] [-GroupByCustomDetail ] [-GroupByEntity ] + [-EntityMapping ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] + [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] + [-EventGroupingSettingAggregationKind ] [-DefaultProfile ] [-AsJob] [-NoWait] + [-WhatIf] [-Confirm] [] ``` ### MicrosoftSecurityIncidentCreation ``` New-AzSentinelAlertRule -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-RuleId ] -Kind [-Enabled] [-AlertRuleTemplateName ] [-Description ] - -ProductFilter [-DisplayNamesFilter ] - [-DisplayNamesExcludeFilter ] [-SeveritiesFilter ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-RuleId ] -Kind [-Enabled] [-AlertRuleTemplateName ] [-Description ] + -ProductFilter [-DisplayNamesFilter ] [-DisplayNamesExcludeFilter ] + [-SeveritiesFilter ] [-DefaultProfile ] [-AsJob] [-NoWait] + [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -96,7 +95,7 @@ This command creates an Alert Rule of the MicrosoftSecurityIncidentCreation kind ### Example 5: Create a Scheduled Alert Rule ```powershell -New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Execution Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventID == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10 -TriggerOperator "GreaterThan" +New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Execution Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventID == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10 ``` This command creates an Alert Rule of the Scheduled kind. @@ -312,10 +311,9 @@ Accept wildcard characters: False ### -EntityMapping 'Account', 'Host', 'IP', 'Malware', 'File', 'Process', 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail' -To construct, see NOTES section for ENTITYMAPPING properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.EntityMapping[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.EntityMapping[] Parameter Sets: NRT, Scheduled Aliases: @@ -329,7 +327,7 @@ Accept wildcard characters: False ### -EventGroupingSettingAggregationKind ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind +Type: System.String Parameter Sets: Scheduled Aliases: @@ -343,7 +341,7 @@ Accept wildcard characters: False ### -GroupByAlertDetail ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail[] +Type: System.String[] Parameter Sets: NRT, Scheduled Aliases: @@ -371,7 +369,7 @@ Accept wildcard characters: False ### -GroupByEntity ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType[] +Type: System.String[] Parameter Sets: NRT, Scheduled Aliases: @@ -400,7 +398,7 @@ Accept wildcard characters: False Kind of the the data connection ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind +Type: System.String Parameter Sets: (All) Aliases: @@ -457,7 +455,7 @@ Accept wildcard characters: False ### -ProductFilter ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName +Type: System.String Parameter Sets: MicrosoftSecurityIncidentCreation Aliases: @@ -559,7 +557,7 @@ Accept wildcard characters: False High, Medium, Low, Informational ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity[] +Type: System.String[] Parameter Sets: MicrosoftSecurityIncidentCreation Aliases: @@ -573,7 +571,7 @@ Accept wildcard characters: False ### -Severity ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity +Type: System.String Parameter Sets: NRT, Scheduled Aliases: @@ -629,7 +627,6 @@ Accept wildcard characters: False ``` ### -Tactic -[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic] InitialAccess, Execution, Persistence, PrivilegeEscalation, DefenseEvasion, CredentialAccess, Discovery, LateralMovement, Collection, Exfiltration, CommandAndControl, Impact, PreAttack ```yaml @@ -647,7 +644,7 @@ Accept wildcard characters: False ### -TriggerOperator ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator +Type: System.String Parameter Sets: Scheduled Aliases: @@ -725,7 +722,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AlertRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAlertRuleAction.md index 5e89090d8043..8bbfeac4990b 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAlertRuleAction.md @@ -8,18 +8,40 @@ schema: 2.0.0 # New-AzSentinelAlertRuleAction ## SYNOPSIS -Creates or updates the action of alert rule. +Create the action of alert rule. ## SYNTAX +### CreateExpanded (Default) ``` -New-AzSentinelAlertRuleAction -ResourceGroupName -RuleId -WorkspaceName - [-Id ] [-SubscriptionId ] [-LogicAppResourceId ] [-TriggerUri ] +New-AzSentinelAlertRuleAction [-Id ] -ResourceGroupName -RuleId + [-SubscriptionId ] -WorkspaceName [-LogicAppResourceId ] [-TriggerUri ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` +### CreateViaJsonString +``` +New-AzSentinelAlertRuleAction [-Id ] -ResourceGroupName -RuleId + [-SubscriptionId ] -WorkspaceName -JsonString [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaJsonFilePath +``` +New-AzSentinelAlertRuleAction [-Id ] -ResourceGroupName -RuleId + [-SubscriptionId ] -WorkspaceName -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaIdentityAlertRuleExpanded +``` +New-AzSentinelAlertRuleAction [-Id ] -AlertRuleInputObject + [-LogicAppResourceId ] [-TriggerUri ] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + ## DESCRIPTION -Creates or updates the action of alert rule. +Create the action of alert rule. ## EXAMPLES @@ -34,6 +56,21 @@ This command adds an existing Logic App Playbook to an existing analytics rule ## PARAMETERS +### -AlertRuleInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: CreateViaIdentityAlertRuleExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -65,12 +102,42 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -LogicAppResourceId Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaIdentityAlertRuleExpanded Aliases: Required: False @@ -86,7 +153,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -101,7 +168,7 @@ Alert rule ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -116,7 +183,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: False @@ -131,7 +198,7 @@ Logic App Callback URL for this specific workflow. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaIdentityAlertRuleExpanded Aliases: Required: False @@ -146,7 +213,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -192,9 +259,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IActionResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAutomationRule.md index a73ff1201264..3e9945334701 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelAutomationRule.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelAutomationRule ## SYNOPSIS -Creates or updates the automation rule. +Create the automation rule. ## SYNTAX @@ -21,22 +21,29 @@ New-AzSentinelAutomationRule -ResourceGroupName -WorkspaceName [-Confirm] [] ``` -### Create +### CreateViaJsonFilePath ``` New-AzSentinelAutomationRule -ResourceGroupName -WorkspaceName [-Id ] - [-SubscriptionId ] -AutomationRule [-DefaultProfile ] + [-SubscriptionId ] -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaJsonString +``` +New-AzSentinelAutomationRule -ResourceGroupName -WorkspaceName [-Id ] + [-SubscriptionId ] -JsonString [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Creates or updates the automation rule. +Create the automation rule. ## EXAMPLES ### Example 1: Create an Automation Rule using Run Playbook ```powershell $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myResourceGroup" -Name "Reset-AADPassword" - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = ($LogicAppResourceId.Id) @@ -48,7 +55,7 @@ This command creates an Automation Rule that has an Action of Run Playbook. ### Example 2: Creates an Automation Rule that has an Action of changing the severity ```powershell -$automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleModifyPropertiesAction]::new() +$automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleModifyPropertiesAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "ModifyProperties" $automationRuleAction.ActionConfigurationSeverity = "Low" @@ -61,10 +68,9 @@ This command creates an Automation Rule that has an Action of changing the sever ### -Action The actions to execute when the automation rule is triggered -To construct, see NOTES section for ACTION properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleAction[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction[] Parameter Sets: CreateExpanded Aliases: @@ -75,22 +81,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -AutomationRule -Represents an automation rule. -To construct, see NOTES section for AUTOMATIONRULE properties and create a hash table. - -```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule -Parameter Sets: Create -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -137,6 +127,36 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Order The order of execution of the automation rule @@ -187,7 +207,7 @@ Accept wildcard characters: False The conditions to evaluate to determine if the automation rule should be triggered on a given object ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleCondition[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition[] Parameter Sets: CreateExpanded Aliases: @@ -279,11 +299,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelBookmark.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelBookmark.md index 864be56487a3..33430d373f41 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelBookmark.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelBookmark.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelBookmark ## SYNOPSIS -Creates or updates the bookmark. +Create the bookmark. ## SYNTAX @@ -16,21 +16,28 @@ Creates or updates the bookmark. ``` New-AzSentinelBookmark -ResourceGroupName -WorkspaceName [-Id ] [-SubscriptionId ] [-DisplayName ] [-EventTime ] [-IncidentInfoIncidentId ] - [-IncidentInfoRelationName ] [-IncidentInfoSeverity ] [-IncidentInfoTitle ] + [-IncidentInfoRelationName ] [-IncidentInfoSeverity ] [-IncidentInfoTitle ] [-Label ] [-Note ] [-Query ] [-QueryEndTime ] [-QueryResult ] [-QueryStartTime ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` -### Create +### CreateViaJsonFilePath ``` New-AzSentinelBookmark -ResourceGroupName -WorkspaceName [-Id ] - [-SubscriptionId ] -Bookmark [-DefaultProfile ] + [-SubscriptionId ] -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaJsonString +``` +New-AzSentinelBookmark -ResourceGroupName -WorkspaceName [-Id ] + [-SubscriptionId ] -JsonString [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Creates or updates the bookmark. +Create the bookmark. ## EXAMPLES @@ -53,22 +60,6 @@ This command creates a Bookmark. ## PARAMETERS -### -Bookmark -Represents a bookmark in Azure Security Insights. -To construct, see NOTES section for BOOKMARK properties and create a hash table. - -```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark -Parameter Sets: Create -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -164,7 +155,7 @@ Accept wildcard characters: False The severity of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -190,6 +181,36 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Label List of labels relevant to this bookmark @@ -362,11 +383,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IBookmark ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelBookmarkRelation.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelBookmarkRelation.md index c7ecb3bfcd32..668a516ab8f8 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelBookmarkRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelBookmarkRelation.md @@ -8,26 +8,40 @@ schema: 2.0.0 # New-AzSentinelBookmarkRelation ## SYNOPSIS -Creates the bookmark relation. +Create the bookmark relation. ## SYNTAX ### CreateExpanded (Default) ``` -New-AzSentinelBookmarkRelation -BookmarkId -ResourceGroupName -WorkspaceName - [-RelationName ] [-SubscriptionId ] [-RelatedResourceId ] [-DefaultProfile ] +New-AzSentinelBookmarkRelation -BookmarkId [-RelationName ] -ResourceGroupName + [-SubscriptionId ] -WorkspaceName [-RelatedResourceId ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` -### Create +### CreateViaJsonString ``` -New-AzSentinelBookmarkRelation -BookmarkId -ResourceGroupName -WorkspaceName - [-RelationName ] [-SubscriptionId ] -Relation [-DefaultProfile ] +New-AzSentinelBookmarkRelation -BookmarkId [-RelationName ] -ResourceGroupName + [-SubscriptionId ] -WorkspaceName -JsonString [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` +### CreateViaJsonFilePath +``` +New-AzSentinelBookmarkRelation -BookmarkId [-RelationName ] -ResourceGroupName + [-SubscriptionId ] -WorkspaceName -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaIdentityBookmarkExpanded +``` +New-AzSentinelBookmarkRelation [-RelationName ] -BookmarkInputObject + [-RelatedResourceId ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + ## DESCRIPTION -Creates the bookmark relation. +Create the bookmark relation. ## EXAMPLES @@ -46,7 +60,7 @@ Bookmark ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -56,6 +70,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -BookmarkInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: CreateViaIdentityBookmarkExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -72,34 +101,48 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -RelatedResourceId -The resource ID of the related resource +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml Type: System.String -Parameter Sets: CreateExpanded +Parameter Sets: CreateViaJsonFilePath Aliases: -Required: False +Required: True Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False ``` -### -Relation -Represents a relation between two resources -To construct, see NOTES section for RELATION properties and create a hash table. +### -JsonString +Json string supplied to the Create operation ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation -Parameter Sets: Create +Type: System.String +Parameter Sets: CreateViaJsonString Aliases: Required: True Position: Named Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RelatedResourceId +The resource ID of the related resource + +```yaml +Type: System.String +Parameter Sets: CreateExpanded, CreateViaIdentityBookmarkExpanded +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False Accept wildcard characters: False ``` @@ -124,7 +167,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -139,7 +182,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: False @@ -154,7 +197,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -200,11 +243,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelDataConnector.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelDataConnector.md index 00be524ab8c4..220450a05fb1 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelDataConnector.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelDataConnector.md @@ -15,14 +15,14 @@ Creates or updates the data connector. ### AADAATP (Default) ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-Alerts ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-Id ] -Kind [-TenantId ] [-Alerts ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### Dynamics365 ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-CommonDataServiceActivity ] + [-Id ] -Kind [-TenantId ] [-CommonDataServiceActivity ] [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] ``` @@ -30,7 +30,7 @@ New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName ### MicrosoftCloudAppSecurity ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-Alerts ] [-DiscoveryLog ] + [-Id ] -Kind [-TenantId ] [-Alerts ] [-DiscoveryLog ] [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] ``` @@ -38,14 +38,14 @@ New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName ### MicrosoftDefenderAdvancedThreatProtection ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-Alerts ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-Id ] -Kind [-TenantId ] [-Alerts ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### MicrosoftThreatIntelligence ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-BingSafetyPhishingURL ] + [-Id ] -Kind [-TenantId ] [-BingSafetyPhishingURL ] [-BingSafetyPhishingUrlLookbackPeriod ] [-MicrosoftEmergingThreatFeed ] [-MicrosoftEmergingThreatFeedLookbackPeriod ] [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] @@ -54,15 +54,14 @@ New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName ### MicrosoftThreatProtection ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-Incident ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] - [] + [-Id ] -Kind [-TenantId ] [-Incident ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### Office365 ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-Exchange ] [-SharePoint ] + [-Id ] -Kind [-TenantId ] [-Exchange ] [-SharePoint ] [-Teams ] [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] ``` @@ -70,30 +69,29 @@ New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName ### OfficeATP ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-Alerts ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-Id ] -Kind [-TenantId ] [-Alerts ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### OfficeIRM ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-Alerts ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-Id ] -Kind [-TenantId ] [-Alerts ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### ThreatIntelligence ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] [-Indicator ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] - [] + [-Id ] -Kind [-TenantId ] [-Indicator ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### ThreatIntelligenceTaxii ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-TenantId ] -WorkspaceId -FriendlyName - -APIRootURL -CollectionId -PollingFrequency [-UserName ] + [-Id ] -Kind [-TenantId ] -WorkspaceId -FriendlyName + -APIRootURL -CollectionId -PollingFrequency [-UserName ] [-Password ] [-TaxiiLookbackPeriod ] [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] ``` @@ -101,30 +99,29 @@ New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName ### AzureSecurityCenter ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind [-Alerts ] -ASCSubscriptionId - [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] - [] + [-Id ] -Kind [-Alerts ] -ASCSubscriptionId [-DefaultProfile ] + [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] ``` ### AmazonWebServicesCloudTrail ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind -AWSRoleArn [-Log ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-Id ] -Kind -AWSRoleArn [-Log ] [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ### AmazonWebServicesS3 ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind -AWSRoleArn -Log -SQSURL - -DetinationTable [-DefaultProfile ] [-AsJob] [-NoWait] - [-WhatIf] [-Confirm] [] + [-Id ] -Kind -AWSRoleArn -Log -SQSURL -DetinationTable + [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] + [] ``` ### GenericUI ``` New-AzSentinelDataConnector -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind -UiConfigTitle -UiConfigPublisher + [-Id ] -Kind -UiConfigTitle -UiConfigPublisher -UiConfigDescriptionMarkdown -UiConfigGraphQueriesTableName -UiConfigGraphQuery -UiConfigSampleQuery -UiConfigDataType -UiConfigConnectivityCriterion @@ -424,7 +421,7 @@ Accept wildcard characters: False Kind of the the data connection ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind +Type: System.String Parameter Sets: (All) Aliases: @@ -520,10 +517,9 @@ Accept wildcard characters: False ### -PermissionCustom [Parameter(ParameterSetName = 'APIPolling')] -To construct, see NOTES section for PERMISSIONCUSTOM properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsCustomsItem[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsCustomsItem[] Parameter Sets: GenericUI Aliases: @@ -536,10 +532,9 @@ Accept wildcard characters: False ### -PermissionResourceProvider [Parameter(ParameterSetName = 'APIPolling')] -To construct, see NOTES section for PERMISSIONRESOURCEPROVIDER properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsResourceProviderItem[] Parameter Sets: GenericUI Aliases: @@ -553,7 +548,7 @@ Accept wildcard characters: False ### -PollingFrequency ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency +Type: System.String Parameter Sets: ThreatIntelligenceTaxii Aliases: @@ -668,10 +663,9 @@ Accept wildcard characters: False ### -UiConfigConnectivityCriterion [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGCONNECTIVITYCRITERION properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ConnectivityCriteria[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ConnectivityCriteria[] Parameter Sets: GenericUI Aliases: @@ -699,10 +693,9 @@ Accept wildcard characters: False ### -UiConfigDataType [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGDATATYPE properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.LastDataReceivedDataType[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.LastDataReceivedDataType[] Parameter Sets: GenericUI Aliases: @@ -745,10 +738,9 @@ Accept wildcard characters: False ### -UiConfigGraphQuery [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGGRAPHQUERY properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.GraphQueries[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.GraphQueries[] Parameter Sets: GenericUI Aliases: @@ -761,10 +753,9 @@ Accept wildcard characters: False ### -UiConfigInstructionStep [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGINSTRUCTIONSTEP properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.InstructionSteps[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.InstructionSteps[] Parameter Sets: GenericUI Aliases: @@ -792,10 +783,9 @@ Accept wildcard characters: False ### -UiConfigSampleQuery [Parameter(ParameterSetName = 'APIPolling', Mandatory)] -To construct, see NOTES section for UICONFIGSAMPLEQUERY properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.SampleQueries[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.SampleQueries[] Parameter Sets: GenericUI Aliases: @@ -902,7 +892,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnector ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelEntityQuery.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelEntityQuery.md index 07cf515b6500..20a907fb6071 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelEntityQuery.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelEntityQuery.md @@ -14,8 +14,8 @@ Creates or updates the entity query. ``` New-AzSentinelEntityQuery -ResourceGroupName -WorkspaceName [-SubscriptionId ] - [-Id ] -Kind -Title -Content -Description - -QueryDefinitionQuery -InputEntityType [-RequiredInputFieldsSet ] + [-Id ] -Kind -Title -Content -Description + -QueryDefinitionQuery -InputEntityType [-RequiredInputFieldsSet ] [-EntitiesFilter ] [-TemplateName ] [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] @@ -113,10 +113,9 @@ Accept wildcard characters: False ``` ### -EntitiesFilter -To construct, see NOTES section for ENTITIESFILTER properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityEntityQueriesPropertiesEntitiesFilter +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ActivityEntityQueriesPropertiesEntitiesFilter Parameter Sets: (All) Aliases: @@ -133,7 +132,7 @@ The Id of the Entity Query. ```yaml Type: System.String Parameter Sets: (All) -Aliases: +Aliases: EntityQueryId Required: False Position: Named @@ -145,7 +144,7 @@ Accept wildcard characters: False ### -InputEntityType ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType +Type: System.String Parameter Sets: (All) Aliases: @@ -160,7 +159,7 @@ Accept wildcard characters: False Kind of the the Entity Query ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityQueryKind +Type: System.String Parameter Sets: (All) Aliases: @@ -327,7 +326,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.CustomEntityQuery ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncident.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncident.md index 2d822e2974a7..4259ebe9db0a 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncident.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncident.md @@ -8,31 +8,38 @@ schema: 2.0.0 # New-AzSentinelIncident ## SYNOPSIS -Creates or updates the incident. +Create the incident. ## SYNTAX ### CreateExpanded (Default) ``` New-AzSentinelIncident -ResourceGroupName -WorkspaceName [-Id ] - [-SubscriptionId ] [-Classification ] [-ClassificationComment ] - [-ClassificationReason ] [-Description ] - [-FirstActivityTimeUtc ] [-Label ] [-LastActivityTimeUtc ] - [-OwnerAssignedTo ] [-OwnerEmail ] [-OwnerObjectId ] - [-OwnerUserPrincipalName ] [-ProviderIncidentId ] [-ProviderName ] - [-Severity ] [-Status ] [-Title ] [-DefaultProfile ] + [-SubscriptionId ] [-Classification ] [-ClassificationComment ] + [-ClassificationReason ] [-Description ] [-FirstActivityTimeUtc ] + [-Label ] [-LastActivityTimeUtc ] [-OwnerAssignedTo ] + [-OwnerEmail ] [-OwnerObjectId ] [-OwnerUserPrincipalName ] + [-ProviderIncidentId ] [-ProviderName ] [-Severity ] [-Status ] + [-Title ] [-DefaultProfile ] [-WhatIf] [-Confirm] + [] +``` + +### CreateViaJsonFilePath +``` +New-AzSentinelIncident -ResourceGroupName -WorkspaceName [-Id ] + [-SubscriptionId ] -JsonFilePath [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` -### Create +### CreateViaJsonString ``` New-AzSentinelIncident -ResourceGroupName -WorkspaceName [-Id ] - [-SubscriptionId ] -Incident [-DefaultProfile ] + [-SubscriptionId ] -JsonString [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Creates or updates the incident. +Create the incident. ## EXAMPLES @@ -60,7 +67,7 @@ This command creates an Incident. The reason the incident was closed ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -90,7 +97,7 @@ Accept wildcard characters: False The classification reason the incident was closed with ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -162,28 +169,41 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Incident -Represents an incident in Azure Security Insights. -To construct, see NOTES section for INCIDENT properties and create a hash table. +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident -Parameter Sets: Create +Type: System.String +Parameter Sets: CreateViaJsonFilePath Aliases: Required: True Position: Named Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False Accept wildcard characters: False ``` ### -Label List of labels relevant to this incident -To construct, see NOTES section for LABEL properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentLabel[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel[] Parameter Sets: CreateExpanded Aliases: @@ -319,7 +339,7 @@ Accept wildcard characters: False The severity of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -334,7 +354,7 @@ Accept wildcard characters: False The status of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus +Type: System.String Parameter Sets: CreateExpanded Aliases: @@ -426,11 +446,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncident ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentComment.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentComment.md index f14fa2b6f41f..94bb25738d45 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentComment.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentComment.md @@ -8,26 +8,40 @@ schema: 2.0.0 # New-AzSentinelIncidentComment ## SYNOPSIS -Creates or updates the incident comment. +Create the incident comment. ## SYNTAX ### CreateExpanded (Default) ``` -New-AzSentinelIncidentComment -IncidentId -ResourceGroupName -WorkspaceName - [-Id ] [-SubscriptionId ] [-Message ] [-DefaultProfile ] +New-AzSentinelIncidentComment [-Id ] -IncidentId -ResourceGroupName + [-SubscriptionId ] -WorkspaceName [-Message ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` -### Create +### CreateViaJsonString ``` -New-AzSentinelIncidentComment -IncidentId -ResourceGroupName -WorkspaceName - [-Id ] [-SubscriptionId ] -IncidentComment [-DefaultProfile ] +New-AzSentinelIncidentComment [-Id ] -IncidentId -ResourceGroupName + [-SubscriptionId ] -WorkspaceName -JsonString [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` +### CreateViaJsonFilePath +``` +New-AzSentinelIncidentComment [-Id ] -IncidentId -ResourceGroupName + [-SubscriptionId ] -WorkspaceName -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaIdentityIncidentExpanded +``` +New-AzSentinelIncidentComment [-Id ] -IncidentInputObject + [-Message ] [-DefaultProfile ] [-WhatIf] [-Confirm] + [] +``` + ## DESCRIPTION -Creates or updates the incident comment. +Create the incident comment. ## EXAMPLES @@ -71,13 +85,27 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -IncidentComment -Represents an incident comment -To construct, see NOTES section for INCIDENTCOMMENT properties and create a hash table. +### -IncidentId +Incident ID ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment -Parameter Sets: Create +Type: System.String +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: CreateViaIdentityIncidentExpanded Aliases: Required: True @@ -87,12 +115,27 @@ Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` -### -IncidentId -Incident ID +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString Aliases: Required: True @@ -107,7 +150,7 @@ The comment message ```yaml Type: System.String -Parameter Sets: CreateExpanded +Parameter Sets: CreateExpanded, CreateViaIdentityIncidentExpanded Aliases: Required: False @@ -123,7 +166,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -138,7 +181,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: False @@ -153,7 +196,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -199,11 +242,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentComment ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentRelation.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentRelation.md index 7dd39871e0ec..18d2fea3f849 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentRelation.md @@ -8,26 +8,40 @@ schema: 2.0.0 # New-AzSentinelIncidentRelation ## SYNOPSIS -Creates or updates the incident relation. +Create the incident relation. ## SYNTAX ### CreateExpanded (Default) ``` -New-AzSentinelIncidentRelation -IncidentId -ResourceGroupName -WorkspaceName - [-RelationName ] [-SubscriptionId ] [-RelatedResourceId ] [-DefaultProfile ] +New-AzSentinelIncidentRelation -IncidentId [-RelationName ] -ResourceGroupName + [-SubscriptionId ] -WorkspaceName [-RelatedResourceId ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` -### Create +### CreateViaJsonString ``` -New-AzSentinelIncidentRelation -IncidentId -ResourceGroupName -WorkspaceName - [-RelationName ] [-SubscriptionId ] -Relation [-DefaultProfile ] +New-AzSentinelIncidentRelation -IncidentId [-RelationName ] -ResourceGroupName + [-SubscriptionId ] -WorkspaceName -JsonString [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` +### CreateViaJsonFilePath +``` +New-AzSentinelIncidentRelation -IncidentId [-RelationName ] -ResourceGroupName + [-SubscriptionId ] -WorkspaceName -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaIdentityIncidentExpanded +``` +New-AzSentinelIncidentRelation [-RelationName ] -IncidentInputObject + [-RelatedResourceId ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + ## DESCRIPTION -Creates or updates the incident relation. +Create the incident relation. ## EXAMPLES @@ -69,7 +83,7 @@ Incident ID ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -79,34 +93,63 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -RelatedResourceId -The resource ID of the related resource +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: CreateViaIdentityIncidentExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml Type: System.String -Parameter Sets: CreateExpanded +Parameter Sets: CreateViaJsonFilePath Aliases: -Required: False +Required: True Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False ``` -### -Relation -Represents a relation between two resources -To construct, see NOTES section for RELATION properties and create a hash table. +### -JsonString +Json string supplied to the Create operation ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation -Parameter Sets: Create +Type: System.String +Parameter Sets: CreateViaJsonString Aliases: Required: True Position: Named Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -RelatedResourceId +The resource ID of the related resource + +```yaml +Type: System.String +Parameter Sets: CreateExpanded, CreateViaIdentityIncidentExpanded +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False Accept wildcard characters: False ``` @@ -131,7 +174,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -146,7 +189,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: False @@ -161,7 +204,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateExpanded, CreateViaJsonString, CreateViaJsonFilePath Aliases: Required: True @@ -207,11 +250,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentTeam.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentTeam.md index 312c575923ef..362bab01c9ce 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentTeam.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelIncidentTeam.md @@ -8,7 +8,7 @@ schema: 2.0.0 # New-AzSentinelIncidentTeam ## SYNOPSIS -Creates a Microsoft team to investigate the incident by sharing information and insights between participants. +Create a Microsoft team to investigate the incident by sharing information and insights between participants. ## SYNTAX @@ -20,15 +20,22 @@ New-AzSentinelIncidentTeam -IncidentId -ResourceGroupName -Wor [-Confirm] [] ``` -### Create +### CreateViaJsonFilePath ``` New-AzSentinelIncidentTeam -IncidentId -ResourceGroupName -WorkspaceName - [-SubscriptionId ] -TeamProperty [-DefaultProfile ] + [-SubscriptionId ] -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaJsonString +``` +New-AzSentinelIncidentTeam -IncidentId -ResourceGroupName -WorkspaceName + [-SubscriptionId ] -JsonString [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Creates a Microsoft team to investigate the incident by sharing information and insights between participants. +Create a Microsoft team to investigate the incident by sharing information and insights between participants. ## EXAMPLES @@ -97,6 +104,36 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Create operation + +```yaml +Type: System.String +Parameter Sets: CreateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -MemberId List of member IDs to add to the team @@ -173,22 +210,6 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -TeamProperty -Describes team properties -To construct, see NOTES section for TEAMPROPERTY properties and create a hash table. - -```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ITeamProperties -Parameter Sets: Create -Aliases: - -Required: True -Position: Named -Default value: None -Accept pipeline input: True (ByValue) -Accept wildcard characters: False -``` - ### -WorkspaceName The name of the workspace. @@ -240,11 +261,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ITeamProperties - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ITeamInformation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ITeamInformation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelOnboardingState.md index 8239539d940e..f6ba632c7b02 100644 --- a/src/SecurityInsights/SecurityInsights/help/New-AzSentinelOnboardingState.md +++ b/src/SecurityInsights/SecurityInsights/help/New-AzSentinelOnboardingState.md @@ -19,11 +19,18 @@ New-AzSentinelOnboardingState -Name -ResourceGroupName -Worksp [-WhatIf] [-Confirm] [] ``` -### Create +### CreateViaJsonFilePath ``` New-AzSentinelOnboardingState -Name -ResourceGroupName -WorkspaceName - [-SubscriptionId ] -SentinelOnboardingStateParameter - [-DefaultProfile ] [-WhatIf] [-Confirm] [] + [-SubscriptionId ] -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### CreateViaJsonString +``` +New-AzSentinelOnboardingState -Name -ResourceGroupName -WorkspaceName + [-SubscriptionId ] -JsonString [-DefaultProfile ] + [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -71,14 +78,13 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -Name -The Sentinel onboarding state name. -Supports - default +### -JsonFilePath +Path of Json file supplied to the Create operation ```yaml Type: System.String -Parameter Sets: (All) -Aliases: SentinelOnboardingStateName +Parameter Sets: CreateViaJsonFilePath +Aliases: Required: True Position: Named @@ -87,13 +93,12 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -ResourceGroupName -The name of the resource group. -The name is case insensitive. +### -JsonString +Json string supplied to the Create operation ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: CreateViaJsonString Aliases: Required: True @@ -103,19 +108,35 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -SentinelOnboardingStateParameter -Sentinel onboarding state -To construct, see NOTES section for SENTINELONBOARDINGSTATEPARAMETER properties and create a hash table. +### -Name +The Sentinel onboarding state name. +Supports - default ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISentinelOnboardingState -Parameter Sets: Create +Type: System.String +Parameter Sets: (All) +Aliases: SentinelOnboardingStateName + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +The name of the resource group. +The name is case insensitive. + +```yaml +Type: System.String +Parameter Sets: (All) Aliases: Required: True Position: Named Default value: None -Accept pipeline input: True (ByValue) +Accept pipeline input: False Accept wildcard characters: False ``` @@ -185,11 +206,9 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## INPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISentinelOnboardingState - ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISentinelOnboardingState +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISentinelOnboardingState ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAlertRule.md index 256ea3582fc4..6df4aa86692a 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAlertRule.md @@ -57,7 +57,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAlertRuleAction.md index 6dde6f0c27e0..fddc86b1a9e7 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAlertRuleAction.md @@ -19,6 +19,13 @@ Remove-AzSentinelAlertRuleAction -Id -ResourceGroupName -RuleI [-WhatIf] [-Confirm] [] ``` +### DeleteViaIdentityAlertRule +``` +Remove-AzSentinelAlertRuleAction -Id -AlertRuleInputObject + [-DefaultProfile ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + ### DeleteViaIdentity ``` Remove-AzSentinelAlertRuleAction -InputObject [-DefaultProfile ] @@ -39,6 +46,21 @@ This command removes an alert rule action. ## PARAMETERS +### -AlertRuleInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: DeleteViaIdentityAlertRule +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -60,7 +82,7 @@ Action ID ```yaml Type: System.String -Parameter Sets: Delete +Parameter Sets: Delete, DeleteViaIdentityAlertRule Aliases: ActionId Required: True @@ -72,7 +94,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAutomationRule.md index 9e1e3d27852f..68b94a32bfc9 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelAutomationRule.md @@ -72,7 +72,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelBookmark.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelBookmark.md index 67c346a2cac6..6526434d766c 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelBookmark.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelBookmark.md @@ -72,7 +72,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelBookmarkRelation.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelBookmarkRelation.md index b9c3826c0345..1ac4af1afc00 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelBookmarkRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelBookmarkRelation.md @@ -19,6 +19,13 @@ Remove-AzSentinelBookmarkRelation -BookmarkId -RelationName -R [-WhatIf] [-Confirm] [] ``` +### DeleteViaIdentityBookmark +``` +Remove-AzSentinelBookmarkRelation -RelationName -BookmarkInputObject + [-DefaultProfile ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + ### DeleteViaIdentity ``` Remove-AzSentinelBookmarkRelation -InputObject [-DefaultProfile ] @@ -54,6 +61,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -BookmarkInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: DeleteViaIdentityBookmark +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -72,7 +94,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -106,7 +127,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Delete +Parameter Sets: Delete, DeleteViaIdentityBookmark Aliases: Required: True diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelDataConnector.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelDataConnector.md index 28f3739ee199..5f4487127031 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelDataConnector.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelDataConnector.md @@ -72,7 +72,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelEntityQuery.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelEntityQuery.md index acffca502e39..0c8b89bfe678 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelEntityQuery.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelEntityQuery.md @@ -80,7 +80,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncident.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncident.md index e8e647de2462..c6d4d1f50b12 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncident.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncident.md @@ -79,7 +79,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncidentComment.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncidentComment.md index 22c2397d5c82..10cf4e54a615 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncidentComment.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncidentComment.md @@ -19,6 +19,13 @@ Remove-AzSentinelIncidentComment -Id -IncidentId -ResourceGrou [-WhatIf] [-Confirm] [] ``` +### DeleteViaIdentityIncident +``` +Remove-AzSentinelIncidentComment -Id -IncidentInputObject + [-DefaultProfile ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + ### DeleteViaIdentity ``` Remove-AzSentinelIncidentComment -InputObject [-DefaultProfile ] @@ -60,7 +67,7 @@ Incident comment ID ```yaml Type: System.String -Parameter Sets: Delete +Parameter Sets: Delete, DeleteViaIdentityIncident Aliases: IncidentCommentId Required: True @@ -85,9 +92,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: DeleteViaIdentityIncident +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncidentRelation.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncidentRelation.md index edeb6ab7699a..39cee9517712 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncidentRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelIncidentRelation.md @@ -19,6 +19,13 @@ Remove-AzSentinelIncidentRelation -IncidentId -RelationName -R [-WhatIf] [-Confirm] [] ``` +### DeleteViaIdentityIncident +``` +Remove-AzSentinelIncidentRelation -RelationName -IncidentInputObject + [-DefaultProfile ] [-PassThru] [-WhatIf] [-Confirm] + [] +``` + ### DeleteViaIdentity ``` Remove-AzSentinelIncidentRelation -InputObject [-DefaultProfile ] @@ -70,9 +77,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: DeleteViaIdentityIncident +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -106,7 +127,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: Delete +Parameter Sets: Delete, DeleteViaIdentityIncident Aliases: Required: True diff --git a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelOnboardingState.md index a23ab6eeec9e..0f736307f28c 100644 --- a/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelOnboardingState.md +++ b/src/SecurityInsights/SecurityInsights/help/Remove-AzSentinelOnboardingState.md @@ -57,7 +57,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity diff --git a/src/SecurityInsights/SecurityInsights/help/Test-AzSentinelDataConnectorCheckRequirement.md b/src/SecurityInsights/SecurityInsights/help/Test-AzSentinelDataConnectorCheckRequirement.md index ed6d3bdcc30e..eff04ab10e93 100644 --- a/src/SecurityInsights/SecurityInsights/help/Test-AzSentinelDataConnectorCheckRequirement.md +++ b/src/SecurityInsights/SecurityInsights/help/Test-AzSentinelDataConnectorCheckRequirement.md @@ -15,15 +15,15 @@ Get requirements state for a data connector type. ### AADTenant (Default) ``` Test-AzSentinelDataConnectorCheckRequirement -ResourceGroupName -WorkspaceName - [-SubscriptionId ] -Kind [-TenantId ] [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-SubscriptionId ] -Kind [-TenantId ] [-DefaultProfile ] [-AsJob] [-NoWait] + [-WhatIf] [-Confirm] [] ``` ### AzureSecurityCenter ``` Test-AzSentinelDataConnectorCheckRequirement -ResourceGroupName -WorkspaceName - [-SubscriptionId ] -Kind -ASCSubscriptionId [-DefaultProfile ] - [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-SubscriptionId ] -Kind -ASCSubscriptionId [-DefaultProfile ] [-AsJob] + [-NoWait] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -92,7 +92,7 @@ Accept wildcard characters: False Kind of the the data connection ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind +Type: System.String Parameter Sets: (All) Aliases: @@ -218,7 +218,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnectorsCheckRequirements +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnectorsCheckRequirements ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAlertRule.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAlertRule.md index 363938f869dd..df0d1a7d3d94 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAlertRule.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAlertRule.md @@ -17,14 +17,14 @@ Updates the alert rule. Update-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -RuleId [-SubscriptionId ] [-AlertRuleTemplateName ] [-Enabled] [-Disabled] [-Description ] [-Query ] [-DisplayName ] [-SuppressionDuration ] [-SuppressionEnabled] - [-Severity ] [-Tactic ] [-CreateIncident] [-GroupingConfigurationEnabled] + [-Severity ] [-Tactic ] [-CreateIncident] [-GroupingConfigurationEnabled] [-ReOpenClosedIncident] [-LookbackDuration ] [-MatchingMethod ] - [-GroupByAlertDetail ] [-GroupByCustomDetail ] [-GroupByEntity ] + [-GroupByAlertDetail ] [-GroupByCustomDetail ] [-GroupByEntity ] [-EntityMapping ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-QueryFrequency ] - [-QueryPeriod ] [-TriggerOperator ] [-TriggerThreshold ] - [-EventGroupingSettingAggregationKind ] [-DefaultProfile ] - [-Scheduled] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] + [-QueryPeriod ] [-TriggerOperator ] [-TriggerThreshold ] + [-EventGroupingSettingAggregationKind ] [-DefaultProfile ] [-Scheduled] [-AsJob] [-NoWait] + [-WhatIf] [-Confirm] [] ``` ### UpdateFusionMLTI @@ -39,10 +39,10 @@ Update-AzSentinelAlertRule -ResourceGroupName -WorkspaceName - ``` Update-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -RuleId [-SubscriptionId ] [-AlertRuleTemplateName ] [-Enabled] [-Disabled] [-Description ] - [-DisplayNamesFilter ] [-DisplayNamesExcludeFilter ] - [-ProductFilter ] [-SeveritiesFilter ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-MicrosoftSecurityIncidentCreation] - [-WhatIf] [-Confirm] [] + [-DisplayNamesFilter ] [-DisplayNamesExcludeFilter ] [-ProductFilter ] + [-SeveritiesFilter ] [-DefaultProfile ] [-AsJob] [-NoWait] + [-MicrosoftSecurityIncidentCreation] [-WhatIf] [-Confirm] + [] ``` ### UpdateNRT @@ -50,9 +50,9 @@ Update-AzSentinelAlertRule -ResourceGroupName -WorkspaceName - Update-AzSentinelAlertRule -ResourceGroupName -WorkspaceName -RuleId [-SubscriptionId ] [-AlertRuleTemplateName ] [-Enabled] [-Disabled] [-Description ] [-Query ] [-DisplayName ] [-SuppressionDuration ] [-SuppressionEnabled] - [-Severity ] [-Tactic ] [-CreateIncident] [-GroupingConfigurationEnabled] + [-Severity ] [-Tactic ] [-CreateIncident] [-GroupingConfigurationEnabled] [-ReOpenClosedIncident] [-LookbackDuration ] [-MatchingMethod ] - [-GroupByAlertDetail ] [-GroupByCustomDetail ] [-GroupByEntity ] + [-GroupByAlertDetail ] [-GroupByCustomDetail ] [-GroupByEntity ] [-EntityMapping ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-DefaultProfile ] [-AsJob] [-NoWait] [-NRT] [-WhatIf] [-Confirm] [] @@ -69,20 +69,19 @@ Update-AzSentinelAlertRule -InputObject [-AlertRuleT ``` Update-AzSentinelAlertRule -InputObject [-AlertRuleTemplateName ] [-Enabled] [-Disabled] [-Description ] [-DisplayNamesFilter ] - [-DisplayNamesExcludeFilter ] [-ProductFilter ] - [-SeveritiesFilter ] [-DefaultProfile ] [-AsJob] [-NoWait] - [-MicrosoftSecurityIncidentCreation] [-WhatIf] [-Confirm] - [] + [-DisplayNamesExcludeFilter ] [-ProductFilter ] [-SeveritiesFilter ] + [-DefaultProfile ] [-AsJob] [-NoWait] [-MicrosoftSecurityIncidentCreation] + [-WhatIf] [-Confirm] [] ``` ### UpdateViaIdentityNRT ``` Update-AzSentinelAlertRule -InputObject [-AlertRuleTemplateName ] [-Enabled] [-Disabled] [-Description ] [-Query ] [-DisplayName ] - [-SuppressionDuration ] [-SuppressionEnabled] [-Severity ] [-Tactic ] + [-SuppressionDuration ] [-SuppressionEnabled] [-Severity ] [-Tactic ] [-CreateIncident] [-GroupingConfigurationEnabled] [-ReOpenClosedIncident] [-LookbackDuration ] - [-MatchingMethod ] [-GroupByAlertDetail ] [-GroupByCustomDetail ] - [-GroupByEntity ] [-EntityMapping ] [-AlertDescriptionFormat ] + [-MatchingMethod ] [-GroupByAlertDetail ] [-GroupByCustomDetail ] + [-GroupByEntity ] [-EntityMapping ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] [-DefaultProfile ] [-AsJob] [-NoWait] [-NRT] [-WhatIf] [-Confirm] [] @@ -92,15 +91,14 @@ Update-AzSentinelAlertRule -InputObject [-AlertRuleT ``` Update-AzSentinelAlertRule -InputObject [-AlertRuleTemplateName ] [-Enabled] [-Disabled] [-Description ] [-Query ] [-DisplayName ] - [-SuppressionDuration ] [-SuppressionEnabled] [-Severity ] [-Tactic ] + [-SuppressionDuration ] [-SuppressionEnabled] [-Severity ] [-Tactic ] [-CreateIncident] [-GroupingConfigurationEnabled] [-ReOpenClosedIncident] [-LookbackDuration ] - [-MatchingMethod ] [-GroupByAlertDetail ] [-GroupByCustomDetail ] - [-GroupByEntity ] [-EntityMapping ] [-AlertDescriptionFormat ] + [-MatchingMethod ] [-GroupByAlertDetail ] [-GroupByCustomDetail ] + [-GroupByEntity ] [-EntityMapping ] [-AlertDescriptionFormat ] [-AlertDisplayNameFormat ] [-AlertSeverityColumnName ] [-AlertTacticsColumnName ] - [-QueryFrequency ] [-QueryPeriod ] [-TriggerOperator ] - [-TriggerThreshold ] [-EventGroupingSettingAggregationKind ] - [-DefaultProfile ] [-Scheduled] [-AsJob] [-NoWait] [-WhatIf] - [-Confirm] [] + [-QueryFrequency ] [-QueryPeriod ] [-TriggerOperator ] [-TriggerThreshold ] + [-EventGroupingSettingAggregationKind ] [-DefaultProfile ] [-Scheduled] [-AsJob] [-NoWait] + [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -317,10 +315,9 @@ Accept wildcard characters: False ### -EntityMapping 'Account', 'Host', 'IP', 'Malware', 'File', 'Process', 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail' -To construct, see NOTES section for ENTITYMAPPING properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.EntityMapping[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.EntityMapping[] Parameter Sets: UpdateScheduled, UpdateNRT, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -334,7 +331,7 @@ Accept wildcard characters: False ### -EventGroupingSettingAggregationKind ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind +Type: System.String Parameter Sets: UpdateScheduled, UpdateViaIdentityUpdateScheduled Aliases: @@ -362,7 +359,7 @@ Accept wildcard characters: False ### -GroupByAlertDetail ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail[] +Type: System.String[] Parameter Sets: UpdateScheduled, UpdateNRT, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -390,7 +387,7 @@ Accept wildcard characters: False ### -GroupByEntity ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType[] +Type: System.String[] Parameter Sets: UpdateScheduled, UpdateNRT, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -505,7 +502,7 @@ Accept wildcard characters: False ### -ProductFilter ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName +Type: System.String Parameter Sets: UpdateMicrosoftSecurityIncidentCreation, UpdateViaIdentityMicrosoftSecurityIncidentCreation Aliases: @@ -621,7 +618,7 @@ Accept wildcard characters: False High, Medium, Low, Informational ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity[] +Type: System.String[] Parameter Sets: UpdateMicrosoftSecurityIncidentCreation, UpdateViaIdentityMicrosoftSecurityIncidentCreation Aliases: @@ -635,7 +632,7 @@ Accept wildcard characters: False ### -Severity ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity +Type: System.String Parameter Sets: UpdateScheduled, UpdateNRT, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -693,7 +690,7 @@ Accept wildcard characters: False ### -Tactic ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic +Type: System.String[] Parameter Sets: UpdateScheduled, UpdateNRT, UpdateViaIdentityNRT, UpdateViaIdentityUpdateScheduled Aliases: @@ -707,7 +704,7 @@ Accept wildcard characters: False ### -TriggerOperator ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator +Type: System.String Parameter Sets: UpdateScheduled, UpdateViaIdentityUpdateScheduled Aliases: @@ -787,7 +784,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AlertRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAlertRuleAction.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAlertRuleAction.md index fe29719d7ea8..608cf2c36648 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAlertRuleAction.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAlertRuleAction.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelAlertRuleAction ## SYNOPSIS -Creates or updates the action of alert rule. +Update the action of alert rule. ## SYNTAX @@ -19,6 +19,27 @@ Update-AzSentinelAlertRuleAction -Id -ResourceGroupName -RuleI [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` +### UpdateViaJsonString +``` +Update-AzSentinelAlertRuleAction -Id -ResourceGroupName -RuleId + [-SubscriptionId ] -WorkspaceName -JsonString [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### UpdateViaJsonFilePath +``` +Update-AzSentinelAlertRuleAction -Id -ResourceGroupName -RuleId + [-SubscriptionId ] -WorkspaceName -JsonFilePath [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### UpdateViaIdentityAlertRuleExpanded +``` +Update-AzSentinelAlertRuleAction -Id -AlertRuleInputObject + [-LogicAppResourceId ] [-TriggerUri ] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + ### UpdateViaIdentityExpanded ``` Update-AzSentinelAlertRuleAction -InputObject [-LogicAppResourceId ] @@ -27,7 +48,7 @@ Update-AzSentinelAlertRuleAction -InputObject [-Logi ``` ## DESCRIPTION -Creates or updates the action of alert rule. +Update the action of alert rule. ## EXAMPLES @@ -42,6 +63,21 @@ This command updates an alert rule action ## PARAMETERS +### -AlertRuleInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityAlertRuleExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -63,7 +99,7 @@ Action ID ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonString, UpdateViaJsonFilePath, UpdateViaIdentityAlertRuleExpanded Aliases: ActionId Required: True @@ -75,7 +111,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -89,12 +124,42 @@ Accept pipeline input: True (ByValue) Accept wildcard characters: False ``` +### -JsonFilePath +Path of Json file supplied to the Update operation + +```yaml +Type: System.String +Parameter Sets: UpdateViaJsonFilePath +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -JsonString +Json string supplied to the Update operation + +```yaml +Type: System.String +Parameter Sets: UpdateViaJsonString +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -LogicAppResourceId Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: UpdateExpanded, UpdateViaIdentityAlertRuleExpanded, UpdateViaIdentityExpanded Aliases: Required: False @@ -110,7 +175,7 @@ The name is case insensitive. ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonString, UpdateViaJsonFilePath Aliases: Required: True @@ -125,7 +190,7 @@ Alert rule ID ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonString, UpdateViaJsonFilePath Aliases: Required: True @@ -140,7 +205,7 @@ The ID of the target subscription. ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonString, UpdateViaJsonFilePath Aliases: Required: False @@ -155,7 +220,7 @@ Logic App Callback URL for this specific workflow. ```yaml Type: System.String -Parameter Sets: (All) +Parameter Sets: UpdateExpanded, UpdateViaIdentityAlertRuleExpanded, UpdateViaIdentityExpanded Aliases: Required: False @@ -170,7 +235,7 @@ The name of the workspace. ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaJsonString, UpdateViaJsonFilePath Aliases: Required: True @@ -220,7 +285,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IActionResponse +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IActionResponse ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAutomationRule.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAutomationRule.md index eeefa0c75593..036de6954af4 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAutomationRule.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelAutomationRule.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelAutomationRule ## SYNOPSIS -Creates or updates the automation rule. +Update the automation rule. ## SYNTAX @@ -30,14 +30,14 @@ Update-AzSentinelAutomationRule -InputObject [-Actio ``` ## DESCRIPTION -Creates or updates the automation rule. +Update the automation rule. ## EXAMPLES ### Example 1: Updates an automation rule ```powershell $LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myResourceGroup" -Name "Reset-AADPassword" - $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AutomationRuleRunPlaybookAction]::new() + $automationRuleAction = [Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.AutomationRuleRunPlaybookAction]::new() $automationRuleAction.Order = 1 $automationRuleAction.ActionType = "RunPlaybook" $automationRuleAction.ActionConfigurationLogicAppResourceId = ($LogicAppResourceId.Id) @@ -51,10 +51,9 @@ This command updates an automation rule ### -Action The actions to execute when the automation rule is triggered -To construct, see NOTES section for ACTION properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleAction[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction[] Parameter Sets: (All) Aliases: @@ -113,7 +112,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -177,7 +175,7 @@ Accept wildcard characters: False The conditions to evaluate to determine if the automation rule should be triggered on a given object ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleCondition[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition[] Parameter Sets: (All) Aliases: @@ -273,7 +271,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRule ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelBookmark.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelBookmark.md index ce939e81a076..b04bea52b876 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelBookmark.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelBookmark.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelBookmark ## SYNOPSIS -Creates or updates the bookmark. +Update the bookmark. ## SYNTAX @@ -16,7 +16,7 @@ Creates or updates the bookmark. ``` Update-AzSentinelBookmark -Id -ResourceGroupName [-SubscriptionId ] -WorkspaceName [-DisplayName ] [-EventTime ] [-IncidentInfoIncidentId ] - [-IncidentInfoRelationName ] [-IncidentInfoSeverity ] [-IncidentInfoTitle ] + [-IncidentInfoRelationName ] [-IncidentInfoSeverity ] [-IncidentInfoTitle ] [-Label ] [-Note ] [-Query ] [-QueryEndTime ] [-QueryResult ] [-QueryStartTime ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] @@ -26,13 +26,13 @@ Update-AzSentinelBookmark -Id -ResourceGroupName [-Subscriptio ``` Update-AzSentinelBookmark -InputObject [-DisplayName ] [-EventTime ] [-IncidentInfoIncidentId ] [-IncidentInfoRelationName ] - [-IncidentInfoSeverity ] [-IncidentInfoTitle ] [-Label ] [-Note ] + [-IncidentInfoSeverity ] [-IncidentInfoTitle ] [-Label ] [-Note ] [-Query ] [-QueryEndTime ] [-QueryResult ] [-QueryStartTime ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Creates or updates the bookmark. +Update the bookmark. ## EXAMPLES @@ -142,7 +142,7 @@ Accept wildcard characters: False The severity of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity +Type: System.String Parameter Sets: (All) Aliases: @@ -170,7 +170,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -360,7 +359,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IBookmark ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelBookmarkRelation.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelBookmarkRelation.md index acf69d67d4e7..d22156bab0fe 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelBookmarkRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelBookmarkRelation.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelBookmarkRelation ## SYNOPSIS -Creates the bookmark relation. +Update the bookmark relation. ## SYNTAX @@ -19,6 +19,13 @@ Update-AzSentinelBookmarkRelation -BookmarkId -RelationName -R [-WhatIf] [-Confirm] [] ``` +### UpdateViaIdentityBookmarkExpanded +``` +Update-AzSentinelBookmarkRelation -RelationName -BookmarkInputObject + [-RelatedResourceId ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + ### UpdateViaIdentityExpanded ``` Update-AzSentinelBookmarkRelation -InputObject [-RelatedResourceId ] @@ -26,7 +33,7 @@ Update-AzSentinelBookmarkRelation -InputObject [-Rel ``` ## DESCRIPTION -Creates the bookmark relation. +Update the bookmark relation. ## EXAMPLES @@ -54,6 +61,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -BookmarkInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityBookmarkExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -DefaultProfile The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. @@ -72,7 +94,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -106,7 +127,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaIdentityBookmarkExpanded Aliases: Required: True @@ -202,7 +223,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelDataConnector.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelDataConnector.md index 65e762c00db5..4d6ed815f1dc 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelDataConnector.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelDataConnector.md @@ -117,9 +117,8 @@ Update-AzSentinelDataConnector -ResourceGroupName -WorkspaceName -WorkspaceName -Id [-SubscriptionId ] [-TenantId ] -APIRootURL [-WorkspaceId ] [-FriendlyName ] [-CollectionId ] [-UserName ] [-Password ] - [-TaxiiLookbackPeriod ] [-PollingFrequency ] [-DefaultProfile ] [-AsJob] - [-NoWait] [-ThreatIntelligenceTaxii] [-WhatIf] [-Confirm] - [] + [-TaxiiLookbackPeriod ] [-PollingFrequency ] [-DefaultProfile ] [-AsJob] [-NoWait] + [-ThreatIntelligenceTaxii] [-WhatIf] [-Confirm] [] ``` ### UpdateViaIdentityAmazonWebServicesCloudTrail @@ -220,9 +219,9 @@ Update-AzSentinelDataConnector -InputObject [-Tenant ``` Update-AzSentinelDataConnector -InputObject [-TenantId ] [-WorkspaceId ] [-FriendlyName ] [-CollectionId ] [-UserName ] - [-Password ] [-TaxiiLookbackPeriod ] [-PollingFrequency ] - [-DefaultProfile ] [-AsJob] [-NoWait] [-ThreatIntelligenceTaxii] - [-WhatIf] [-Confirm] [] + [-Password ] [-TaxiiLookbackPeriod ] [-PollingFrequency ] [-DefaultProfile ] + [-AsJob] [-NoWait] [-ThreatIntelligenceTaxii] [-WhatIf] [-Confirm] + [] ``` ### UpdateGenericUI @@ -642,8 +641,7 @@ Accept wildcard characters: False ### -InputObject [Parameter(ParameterSetName = 'UpdateViaIdentityGenericUI', Mandatory, ValueFromPipeline)] Identity Parameter - -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. + To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -799,10 +797,9 @@ Accept wildcard characters: False ``` ### -PermissionCustom -To construct, see NOTES section for PERMISSIONCUSTOM properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsCustomsItem[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsCustomsItem[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -814,10 +811,9 @@ Accept wildcard characters: False ``` ### -PermissionResourceProvider -To construct, see NOTES section for PERMISSIONRESOURCEPROVIDER properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.PermissionsResourceProviderItem[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -831,7 +827,7 @@ Accept wildcard characters: False ### -PollingFrequency ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency +Type: System.String Parameter Sets: UpdateThreatIntelligenceTaxii, UpdateViaIdentityThreatIntelligenceTaxii Aliases: @@ -976,10 +972,9 @@ Accept wildcard characters: False ``` ### -UiConfigConnectivityCriterion -To construct, see NOTES section for UICONFIGCONNECTIVITYCRITERION properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ConnectivityCriteria[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ConnectivityCriteria[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1005,10 +1000,9 @@ Accept wildcard characters: False ``` ### -UiConfigDataType -To construct, see NOTES section for UICONFIGDATATYPE properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.LastDataReceivedDataType[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.LastDataReceivedDataType[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1048,10 +1042,9 @@ Accept wildcard characters: False ``` ### -UiConfigGraphQuery -To construct, see NOTES section for UICONFIGGRAPHQUERY properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.GraphQueries[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.GraphQueries[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1063,10 +1056,9 @@ Accept wildcard characters: False ``` ### -UiConfigInstructionStep -To construct, see NOTES section for UICONFIGINSTRUCTIONSTEP properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.InstructionSteps[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.InstructionSteps[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1092,10 +1084,9 @@ Accept wildcard characters: False ``` ### -UiConfigSampleQuery -To construct, see NOTES section for UICONFIGSAMPLEQUERY properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.SampleQueries[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.SampleQueries[] Parameter Sets: UpdateGenericUI, UpdateViaIdentityGenericUI Aliases: @@ -1204,7 +1195,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.DataConnector ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelEntityQuery.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelEntityQuery.md index dd758ef7ed08..63531905bdcc 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelEntityQuery.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelEntityQuery.md @@ -14,9 +14,9 @@ Updates the entity query. ### UpdateActivity (Default) ``` -Update-AzSentinelEntityQuery -ResourceGroupName -WorkspaceName -EntityQueryId +Update-AzSentinelEntityQuery -ResourceGroupName -WorkspaceName -Id [-SubscriptionId ] [-Title ] [-Content ] [-Description ] - [-QueryDefinitionQuery ] [-InputEntityType ] [-RequiredInputFieldsSet ] + [-QueryDefinitionQuery ] [-InputEntityType ] [-RequiredInputFieldsSet ] [-EntitiesFilter ] [-TemplateName ] [-Enabled] [-Disabled] [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] @@ -25,7 +25,7 @@ Update-AzSentinelEntityQuery -ResourceGroupName -WorkspaceName ### UpdateViaIdentityActivity ``` Update-AzSentinelEntityQuery -InputObject [-Title ] [-Content ] - [-Description ] [-QueryDefinitionQuery ] [-InputEntityType ] + [-Description ] [-QueryDefinitionQuery ] [-InputEntityType ] [-RequiredInputFieldsSet ] [-EntitiesFilter ] [-TemplateName ] [-Enabled] [-Disabled] [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] @@ -132,10 +132,9 @@ Accept wildcard characters: False ``` ### -EntitiesFilter -To construct, see NOTES section for ENTITIESFILTER properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityEntityQueriesPropertiesEntitiesFilter +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ActivityEntityQueriesPropertiesEntitiesFilter Parameter Sets: (All) Aliases: @@ -146,13 +145,13 @@ Accept pipeline input: False Accept wildcard characters: False ``` -### -EntityQueryId +### -Id The Id of the Entity Query. ```yaml Type: System.String Parameter Sets: UpdateActivity -Aliases: +Aliases: EntityQueryId Required: True Position: Named @@ -164,7 +163,7 @@ Accept wildcard characters: False ### -InputEntityType ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType +Type: System.String Parameter Sets: (All) Aliases: @@ -349,7 +348,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.CustomEntityQuery ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncident.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncident.md index 67dba7296822..d8a06433be42 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncident.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncident.md @@ -8,35 +8,35 @@ schema: 2.0.0 # Update-AzSentinelIncident ## SYNOPSIS -Creates or updates the incident. +Update the incident. ## SYNTAX ### UpdateExpanded (Default) ``` Update-AzSentinelIncident -Id -ResourceGroupName [-SubscriptionId ] - -WorkspaceName [-Classification ] [-ClassificationComment ] - [-ClassificationReason ] [-Description ] - [-FirstActivityTimeUtc ] [-Label ] [-LastActivityTimeUtc ] - [-OwnerAssignedTo ] [-OwnerEmail ] [-OwnerObjectId ] - [-OwnerUserPrincipalName ] [-ProviderIncidentId ] [-ProviderName ] - [-Severity ] [-Status ] [-Title ] [-DefaultProfile ] - [-WhatIf] [-Confirm] [] + -WorkspaceName [-Classification ] [-ClassificationComment ] + [-ClassificationReason ] [-Description ] [-FirstActivityTimeUtc ] + [-Label ] [-LastActivityTimeUtc ] [-OwnerAssignedTo ] + [-OwnerEmail ] [-OwnerObjectId ] [-OwnerUserPrincipalName ] + [-ProviderIncidentId ] [-ProviderName ] [-Severity ] [-Status ] + [-Title ] [-DefaultProfile ] [-WhatIf] [-Confirm] + [] ``` ### UpdateViaIdentityExpanded ``` -Update-AzSentinelIncident -InputObject [-Classification ] - [-ClassificationComment ] [-ClassificationReason ] - [-Description ] [-FirstActivityTimeUtc ] [-Label ] - [-LastActivityTimeUtc ] [-OwnerAssignedTo ] [-OwnerEmail ] [-OwnerObjectId ] +Update-AzSentinelIncident -InputObject [-Classification ] + [-ClassificationComment ] [-ClassificationReason ] [-Description ] + [-FirstActivityTimeUtc ] [-Label ] [-LastActivityTimeUtc ] + [-OwnerAssignedTo ] [-OwnerEmail ] [-OwnerObjectId ] [-OwnerUserPrincipalName ] [-ProviderIncidentId ] [-ProviderName ] - [-Severity ] [-Status ] [-Title ] [-DefaultProfile ] + [-Severity ] [-Status ] [-Title ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION -Creates or updates the incident. +Update the incident. ## EXAMPLES @@ -53,7 +53,7 @@ This command updates an incident by assigning an owner. The reason the incident was closed ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification +Type: System.String Parameter Sets: (All) Aliases: @@ -83,7 +83,7 @@ Accept wildcard characters: False The classification reason the incident was closed with ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason +Type: System.String Parameter Sets: (All) Aliases: @@ -157,7 +157,6 @@ Accept wildcard characters: False ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -173,10 +172,9 @@ Accept wildcard characters: False ### -Label List of labels relevant to this incident -To construct, see NOTES section for LABEL properties and create a hash table. ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentLabel[] +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel[] Parameter Sets: (All) Aliases: @@ -312,7 +310,7 @@ Accept wildcard characters: False The severity of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity +Type: System.String Parameter Sets: (All) Aliases: @@ -327,7 +325,7 @@ Accept wildcard characters: False The status of the incident ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus +Type: System.String Parameter Sets: (All) Aliases: @@ -423,7 +421,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncident ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncidentComment.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncidentComment.md index daf300b0da4f..6db134367f53 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncidentComment.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncidentComment.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelIncidentComment ## SYNOPSIS -Creates or updates the incident comment. +Update the incident comment. ## SYNTAX @@ -19,6 +19,13 @@ Update-AzSentinelIncidentComment -Id -IncidentId -ResourceGrou [-WhatIf] [-Confirm] [] ``` +### UpdateViaIdentityIncidentExpanded +``` +Update-AzSentinelIncidentComment -Id -IncidentInputObject + [-Message ] [-DefaultProfile ] [-WhatIf] [-Confirm] + [] +``` + ### UpdateViaIdentityExpanded ``` Update-AzSentinelIncidentComment -InputObject [-Message ] @@ -26,7 +33,7 @@ Update-AzSentinelIncidentComment -InputObject [-Mess ``` ## DESCRIPTION -Creates or updates the incident comment. +Update the incident comment. ## EXAMPLES @@ -60,7 +67,7 @@ Incident comment ID ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaIdentityIncidentExpanded Aliases: IncidentCommentId Required: True @@ -85,9 +92,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityIncidentExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -202,7 +223,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentComment +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentComment ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncidentRelation.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncidentRelation.md index 4dfb53b6589e..15ed57db4099 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncidentRelation.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelIncidentRelation.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Update-AzSentinelIncidentRelation ## SYNOPSIS -Creates or updates the incident relation. +Update the incident relation. ## SYNTAX @@ -19,6 +19,13 @@ Update-AzSentinelIncidentRelation -IncidentId -RelationName -R [-WhatIf] [-Confirm] [] ``` +### UpdateViaIdentityIncidentExpanded +``` +Update-AzSentinelIncidentRelation -RelationName -IncidentInputObject + [-RelatedResourceId ] [-DefaultProfile ] [-WhatIf] + [-Confirm] [] +``` + ### UpdateViaIdentityExpanded ``` Update-AzSentinelIncidentRelation -InputObject [-RelatedResourceId ] @@ -26,7 +33,7 @@ Update-AzSentinelIncidentRelation -InputObject [-Rel ``` ## DESCRIPTION -Creates or updates the incident relation. +Update the incident relation. ## EXAMPLES @@ -71,9 +78,23 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -IncidentInputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityIncidentExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + ### -InputObject Identity Parameter -To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ```yaml Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity @@ -107,7 +128,7 @@ Relation Name ```yaml Type: System.String -Parameter Sets: UpdateExpanded +Parameter Sets: UpdateExpanded, UpdateViaIdentityIncidentExpanded Aliases: Required: True @@ -203,7 +224,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IRelation +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IRelation ## NOTES diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelOnboardingState.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelOnboardingState.md new file mode 100644 index 000000000000..83167c970a2d --- /dev/null +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelOnboardingState.md @@ -0,0 +1,194 @@ +--- +external help file: Az.SecurityInsights-help.xml +Module Name: Az.SecurityInsights +online version: https://learn.microsoft.com/powershell/module/az.securityinsights/update-azsentinelonboardingstate +schema: 2.0.0 +--- + +# Update-AzSentinelOnboardingState + +## SYNOPSIS +Update Sentinel onboarding state + +## SYNTAX + +### UpdateExpanded (Default) +``` +Update-AzSentinelOnboardingState -Name -ResourceGroupName [-SubscriptionId ] + -WorkspaceName [-CustomerManagedKey] [-DefaultProfile ] + [-WhatIf] [-Confirm] [] +``` + +### UpdateViaIdentityExpanded +``` +Update-AzSentinelOnboardingState -InputObject [-CustomerManagedKey] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +Update Sentinel onboarding state + +## EXAMPLES + +### Example 1: Update Sentinel onboarding state +```powershell +Update-AzSentinelOnboardingState -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Name "default" +``` + +This command updates the onboarding state of Sentinel. + +## PARAMETERS + +### -CustomerManagedKey +Flag that indicates the status of the CMK setting + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -DefaultProfile +The DefaultProfile parameter is not functional. +Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription. + +```yaml +Type: System.Management.Automation.PSObject +Parameter Sets: (All) +Aliases: AzureRMContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -InputObject +Identity Parameter + +```yaml +Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity +Parameter Sets: UpdateViaIdentityExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: True (ByValue) +Accept wildcard characters: False +``` + +### -Name +The Sentinel onboarding state name. +Supports - default + +```yaml +Type: System.String +Parameter Sets: UpdateExpanded +Aliases: SentinelOnboardingStateName + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +The name of the resource group. +The name is case insensitive. + +```yaml +Type: System.String +Parameter Sets: UpdateExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -SubscriptionId +The ID of the target subscription. + +```yaml +Type: System.String +Parameter Sets: UpdateExpanded +Aliases: + +Required: False +Position: Named +Default value: (Get-AzContext).Subscription.Id +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WorkspaceName +The name of the workspace. + +```yaml +Type: System.String +Parameter Sets: UpdateExpanded +Aliases: + +Required: True +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISecurityInsightsIdentity + +## OUTPUTS + +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ISentinelOnboardingState + +## NOTES + +## RELATED LINKS diff --git a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelSetting.md b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelSetting.md index 8ddcc4fffd8c..9e4a9d0b3026 100644 --- a/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelSetting.md +++ b/src/SecurityInsights/SecurityInsights/help/Update-AzSentinelSetting.md @@ -22,7 +22,7 @@ Update-AzSentinelSetting -ResourceGroupName -WorkspaceName [-S ### UpdateExpandedUeba ``` Update-AzSentinelSetting -ResourceGroupName -WorkspaceName [-SubscriptionId ] - -SettingsName -DataSource [-DefaultProfile ] [-AsJob] [-NoWait] + -SettingsName -DataSource [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] ``` @@ -35,7 +35,7 @@ Update-AzSentinelSetting -InputObject -Enabled -DataSource +Update-AzSentinelSetting -InputObject -DataSource [-DefaultProfile ] [-AsJob] [-NoWait] [-WhatIf] [-Confirm] [] ``` @@ -72,7 +72,7 @@ Accept wildcard characters: False ### -DataSource ```yaml -Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.UebaDataSources[] +Type: System.String[] Parameter Sets: UpdateExpandedUeba, UpdateViaIdentityExpandedUeba Aliases: @@ -246,7 +246,7 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Settings +### Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Settings ## NOTES diff --git a/tools/StaticAnalysis/Exceptions/Az.SecurityInsights/BreakingChangeIssues.csv b/tools/StaticAnalysis/Exceptions/Az.SecurityInsights/BreakingChangeIssues.csv new file mode 100644 index 000000000000..05f6cd7c1534 --- /dev/null +++ b/tools/StaticAnalysis/Exceptions/Az.SecurityInsights/BreakingChangeIssues.csv @@ -0,0 +1,169 @@ +"Module","ClassName","Target","Severity","ProblemId","Description","Remediation" +"Az.SecurityInsights","Get-AzSentinelAlertRule","Get-AzSentinelAlertRule","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind'." +"Az.SecurityInsights","Get-AzSentinelAlertRuleTemplate","Get-AzSentinelAlertRuleTemplate","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAlertRuleTemplate' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind'." +"Az.SecurityInsights","Get-AzSentinelAutomationRule","Get-AzSentinelAutomationRule","0","3000","The type of property 'Action' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction]'.","Change the type of property 'Action' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction'." +"Az.SecurityInsights","Get-AzSentinelAutomationRule","Get-AzSentinelAutomationRule","0","3000","The type of property 'TriggeringLogicCondition' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition]'.","Change the type of property 'TriggeringLogicCondition' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition'." +"Az.SecurityInsights","Get-AzSentinelBookmark","Get-AzSentinelBookmark","0","3000","The type of property 'IncidentInfoSeverity' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]' to 'System.String'.","Change the type of property 'IncidentInfoSeverity' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]'." +"Az.SecurityInsights","Get-AzSentinelBookmark","Get-AzSentinelBookmark","0","3000","The type of property 'Label' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'Label' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelDataConnector","Get-AzSentinelDataConnector","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IDataConnector' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","3000","The type of property 'AdminStreet' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentDomainWhoisDetails' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'AdminStreet' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","3000","The type of property 'Statuses' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentDomainWhoisDetails' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'Statuses' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","3000","The type of property 'RegistrantStreet' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentDomainWhoisDetails' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'RegistrantStreet' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","3000","The type of property 'BillingStreet' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentDomainWhoisDetails' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'BillingStreet' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","3000","The type of property 'NameServer' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentDomainWhoisDetails' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'NameServer' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","3000","The type of property 'TechStreet' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEnrichmentDomainWhoisDetails' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'TechStreet' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","2000","The cmdlet 'Get-AzSentinelEnrichment' no longer supports the parameter 'InputObject' and no alias was found for the original parameter name.","Add the parameter 'InputObject' back to the cmdlet 'Get-AzSentinelEnrichment', or add an alias to the original parameter name." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","1050","The parameter set 'GetViaIdentity1' for cmdlet 'Get-AzSentinelEnrichment' has been removed.","Add parameter set 'GetViaIdentity1' back to cmdlet 'Get-AzSentinelEnrichment'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","1050","The parameter set 'GetViaIdentity' for cmdlet 'Get-AzSentinelEnrichment' has been removed.","Add parameter set 'GetViaIdentity' back to cmdlet 'Get-AzSentinelEnrichment'." +"Az.SecurityInsights","Get-AzSentinelEnrichment","Get-AzSentinelEnrichment","0","1050","The parameter set '__AllParameterSets' for cmdlet 'Get-AzSentinelEnrichment' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'Get-AzSentinelEnrichment'." +"Az.SecurityInsights","Get-AzSentinelEntity","Get-AzSentinelEntity","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntity' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityKind'." +"Az.SecurityInsights","Get-AzSentinelEntityActivity","Get-AzSentinelEntityActivity","0","1020","The cmdlet 'Get-AzSentinelEntityActivity' no longer has output type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQueryItem'.","Make cmdlet 'Get-AzSentinelEntityActivity' return type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQueryItem'." +"Az.SecurityInsights","Get-AzSentinelEntityInsight","Get-AzSentinelEntityInsight","0","3000","The type of property 'Value' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityGetInsightsResponse' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityInsightItem' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityInsightItem]'.","Change the type of property 'Value' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityInsightItem'." +"Az.SecurityInsights","Get-AzSentinelEntityInsight","Get-AzSentinelEntityInsight","0","3000","The type of property 'MetaDataError' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityGetInsightsResponse' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IGetInsightsError' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IGetInsightsError]'.","Change the type of property 'MetaDataError' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IGetInsightsError'." +"Az.SecurityInsights","Get-AzSentinelEntityQuery","Get-AzSentinelEntityQuery","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityQuery' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityQueryKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityQueryKind'." +"Az.SecurityInsights","Get-AzSentinelEntityTimeline","Get-AzSentinelEntityTimeline","0","3000","The type of property 'Value' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityTimelineResponse' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityTimelineItem' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityTimelineItem]'.","Change the type of property 'Value' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntityTimelineItem'." +"Az.SecurityInsights","Get-AzSentinelEntityTimeline","Get-AzSentinelEntityTimeline","0","3000","The type of property 'MetaDataAggregation' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityTimelineResponse' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ITimelineAggregation' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ITimelineAggregation]'.","Change the type of property 'MetaDataAggregation' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ITimelineAggregation'." +"Az.SecurityInsights","Get-AzSentinelEntityTimeline","Get-AzSentinelEntityTimeline","0","3000","The type of property 'MetaDataError' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IEntityTimelineResponse' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ITimelineError' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ITimelineError]'.","Change the type of property 'MetaDataError' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.ITimelineError'." +"Az.SecurityInsights","Get-AzSentinelEntityTimeline","Get-AzSentinelEntityTimeline","0","2110","The element type for parameter 'Kind' has been changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityTimelineKind' to 'System.String'.","Change the element type for parameter 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityTimelineKind'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'Label' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel]'.","Change the type of property 'Label' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'AdditionalDataTactic' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'AdditionalDataTactic' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic[]'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'Classification' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification]' to 'System.String'.","Change the type of property 'Classification' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification]'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'ClassificationReason' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason]' to 'System.String'.","Change the type of property 'ClassificationReason' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason]'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'Severity' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]' to 'System.String'.","Change the type of property 'Severity' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'Status' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus]' to 'System.String'.","Change the type of property 'Status' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus]'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'OwnerType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.OwnerType]' to 'System.String'.","Change the type of property 'OwnerType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.OwnerType]'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'RelatedAnalyticRuleId' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'RelatedAnalyticRuleId' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelIncident","Get-AzSentinelIncident","0","3000","The type of property 'AdditionalDataAlertProductName' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'AdditionalDataAlertProductName' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelIncidentAlert","Get-AzSentinelIncidentAlert","0","1020","The cmdlet 'Get-AzSentinelIncidentAlert' no longer has output type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISecurityAlert'.","Make cmdlet 'Get-AzSentinelIncidentAlert' return type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISecurityAlert'." +"Az.SecurityInsights","Get-AzSentinelIncidentBookmark","Get-AzSentinelIncidentBookmark","0","1020","The cmdlet 'Get-AzSentinelIncidentBookmark' no longer has output type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IHuntingBookmark'.","Make cmdlet 'Get-AzSentinelIncidentBookmark' return type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IHuntingBookmark'." +"Az.SecurityInsights","Get-AzSentinelIncidentEntity","Get-AzSentinelIncidentEntity","0","3000","The type of property 'Entity' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentEntitiesResponse' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntity' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntity]'.","Change the type of property 'Entity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IEntity'." +"Az.SecurityInsights","Get-AzSentinelIncidentEntity","Get-AzSentinelIncidentEntity","0","3000","The type of property 'MetaData' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentEntitiesResponse' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentEntitiesResultsMetadata' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentEntitiesResultsMetadata]'.","Change the type of property 'MetaData' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentEntitiesResultsMetadata'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'DependencyCriterion' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IMetadataDependencies' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IMetadataDependencies]'.","Change the type of property 'DependencyCriterion' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IMetadataDependencies'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'DependencyKind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind]' to 'System.String'.","Change the type of property 'DependencyKind' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind]'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind]' to 'System.String'.","Change the type of property 'Kind' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Kind]'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'DependencyOperator' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Operator]' to 'System.String'.","Change the type of property 'DependencyOperator' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.Operator]'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'SourceKind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SourceKind]' to 'System.String'.","Change the type of property 'SourceKind' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SourceKind]'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'SupportTier' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SupportTier]' to 'System.String'.","Change the type of property 'SupportTier' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SupportTier]'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'Provider' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'Provider' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'CategoryVertical' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'CategoryVertical' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelMetadata","Get-AzSentinelMetadata","0","3000","The type of property 'CategoryDomain' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IMetadataModel' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'CategoryDomain' back to 'System.String[]'." +"Az.SecurityInsights","Get-AzSentinelSetting","Get-AzSentinelSetting","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ISettings' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SettingKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SettingKind'." +"Az.SecurityInsights","Get-AzSentinelThreatIntelligenceIndicatorMetric","Get-AzSentinelThreatIntelligenceIndicatorMetric","0","1020","The cmdlet 'Get-AzSentinelThreatIntelligenceIndicatorMetric' no longer has output type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceMetrics'.","Make cmdlet 'Get-AzSentinelThreatIntelligenceIndicatorMetric' return type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceMetrics'." +"Az.SecurityInsights","Invoke-AzSentinelThreatIntelligenceIndicatorQuery","Invoke-AzSentinelThreatIntelligenceIndicatorQuery","0","3000","The type of property 'SortOrder' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IThreatIntelligenceSortingCriteria' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.ThreatIntelligenceSortingCriteriaEnum]' to 'System.String'.","Change the type of property 'SortOrder' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.ThreatIntelligenceSortingCriteriaEnum]'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","3010","The property 'SystemData' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule' has been removed.","Add the property 'SystemData' back to type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","3000","The type of property 'SystemDataCreatedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataCreatedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","3000","The type of property 'SystemDataLastModifiedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataLastModifiedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","2020","The cmdlet 'New-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind' for parameter 'Kind'.","Change the type for parameter 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","2020","The cmdlet 'New-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity' for parameter 'Severity'.","Change the type for parameter 'Severity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","2020","The cmdlet 'New-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator' for parameter 'TriggerOperator'.","Change the type for parameter 'TriggerOperator' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","2110","The element type for parameter 'GroupByAlertDetail' has been changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail' to 'System.String'.","Change the element type for parameter 'GroupByAlertDetail' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","2110","The element type for parameter 'GroupByEntity' has been changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType' to 'System.String'.","Change the element type for parameter 'GroupByEntity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","3000","The type of property 'FieldMapping' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.EntityMapping' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IFieldMapping' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IFieldMapping]'.","Change the type of property 'FieldMapping' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IFieldMapping'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","3000","The type of property 'EntityType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.EntityMapping' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType]' to 'System.String'.","Change the type of property 'EntityType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType]'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","2020","The cmdlet 'New-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind' for parameter 'EventGroupingSettingAggregationKind'.","Change the type for parameter 'EventGroupingSettingAggregationKind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","2020","The cmdlet 'New-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName' for parameter 'ProductFilter'.","Change the type for parameter 'ProductFilter' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName'." +"Az.SecurityInsights","New-AzSentinelAlertRule","New-AzSentinelAlertRule","0","2110","The element type for parameter 'SeveritiesFilter' has been changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity' to 'System.String'.","Change the element type for parameter 'SeveritiesFilter' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity'." +"Az.SecurityInsights","New-AzSentinelAutomationRule","New-AzSentinelAutomationRule","0","3000","The type of property 'Action' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction]'.","Change the type of property 'Action' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction'." +"Az.SecurityInsights","New-AzSentinelAutomationRule","New-AzSentinelAutomationRule","0","3000","The type of property 'TriggeringLogicCondition' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition]'.","Change the type of property 'TriggeringLogicCondition' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition'." +"Az.SecurityInsights","New-AzSentinelAutomationRule","New-AzSentinelAutomationRule","0","2000","The cmdlet 'New-AzSentinelAutomationRule' no longer supports the parameter 'AutomationRule' and no alias was found for the original parameter name.","Add the parameter 'AutomationRule' back to the cmdlet 'New-AzSentinelAutomationRule', or add an alias to the original parameter name." +"Az.SecurityInsights","New-AzSentinelAutomationRule","New-AzSentinelAutomationRule","0","3000","The type of property 'ActionType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRuleAction' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AutomationRuleActionType' to 'System.String'.","Change the type of property 'ActionType' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AutomationRuleActionType'." +"Az.SecurityInsights","New-AzSentinelAutomationRule","New-AzSentinelAutomationRule","0","1050","The parameter set 'Create' for cmdlet 'New-AzSentinelAutomationRule' has been removed.","Add parameter set 'Create' back to cmdlet 'New-AzSentinelAutomationRule'." +"Az.SecurityInsights","New-AzSentinelBookmark","New-AzSentinelBookmark","0","3000","The type of property 'IncidentInfoSeverity' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]' to 'System.String'.","Change the type of property 'IncidentInfoSeverity' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]'." +"Az.SecurityInsights","New-AzSentinelBookmark","New-AzSentinelBookmark","0","3000","The type of property 'Label' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'Label' back to 'System.String[]'." +"Az.SecurityInsights","New-AzSentinelBookmark","New-AzSentinelBookmark","0","2000","The cmdlet 'New-AzSentinelBookmark' no longer supports the parameter 'Bookmark' and no alias was found for the original parameter name.","Add the parameter 'Bookmark' back to the cmdlet 'New-AzSentinelBookmark', or add an alias to the original parameter name." +"Az.SecurityInsights","New-AzSentinelBookmark","New-AzSentinelBookmark","0","2020","The cmdlet 'New-AzSentinelBookmark' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity' for parameter 'IncidentInfoSeverity'.","Change the type for parameter 'IncidentInfoSeverity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity'." +"Az.SecurityInsights","New-AzSentinelBookmark","New-AzSentinelBookmark","0","1050","The parameter set 'Create' for cmdlet 'New-AzSentinelBookmark' has been removed.","Add parameter set 'Create' back to cmdlet 'New-AzSentinelBookmark'." +"Az.SecurityInsights","New-AzSentinelBookmarkRelation","New-AzSentinelBookmarkRelation","0","2000","The cmdlet 'New-AzSentinelBookmarkRelation' no longer supports the parameter 'Relation' and no alias was found for the original parameter name.","Add the parameter 'Relation' back to the cmdlet 'New-AzSentinelBookmarkRelation', or add an alias to the original parameter name." +"Az.SecurityInsights","New-AzSentinelBookmarkRelation","New-AzSentinelBookmarkRelation","0","1050","The parameter set 'Create' for cmdlet 'New-AzSentinelBookmarkRelation' has been removed.","Add parameter set 'Create' back to cmdlet 'New-AzSentinelBookmarkRelation'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3010","The property 'SystemData' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector' has been removed.","Add the property 'SystemData' back to type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3000","The type of property 'SystemDataCreatedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataCreatedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3000","The type of property 'SystemDataLastModifiedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataLastModifiedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","2020","The cmdlet 'New-AzSentinelDataConnector' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind' for parameter 'Kind'.","Change the type for parameter 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","2020","The cmdlet 'New-AzSentinelDataConnector' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency' for parameter 'PollingFrequency'.","Change the type for parameter 'PollingFrequency' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3000","The type of property 'Type' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ConnectivityCriteria' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.ConnectivityType]' to 'System.String'.","Change the type of property 'Type' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.ConnectivityType]'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3000","The type of property 'Value' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ConnectivityCriteria' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'Value' back to 'System.String[]'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3000","The type of property 'Instruction' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.InstructionSteps' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IConnectorInstructionModelBase' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IInstructionStepsInstructionsItem]'.","Change the type of property 'Instruction' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IConnectorInstructionModelBase'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3010","The property 'RequiredPermission' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem' has been removed.","Add the property 'RequiredPermission' back to type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3000","The type of property 'Scope' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PermissionProviderScope]' to 'System.String'.","Change the type of property 'Scope' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PermissionProviderScope]'." +"Az.SecurityInsights","New-AzSentinelDataConnector","New-AzSentinelDataConnector","0","3000","The type of property 'Provider' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.PermissionsResourceProviderItem' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.ProviderName]' to 'System.String'.","Change the type of property 'Provider' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.ProviderName]'." +"Az.SecurityInsights","New-AzSentinelEntityQuery","New-AzSentinelEntityQuery","0","3010","The property 'SystemData' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery' has been removed.","Add the property 'SystemData' back to type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery'." +"Az.SecurityInsights","New-AzSentinelEntityQuery","New-AzSentinelEntityQuery","0","3000","The type of property 'SystemDataCreatedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataCreatedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","New-AzSentinelEntityQuery","New-AzSentinelEntityQuery","0","3000","The type of property 'SystemDataLastModifiedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataLastModifiedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","New-AzSentinelEntityQuery","New-AzSentinelEntityQuery","0","2020","The cmdlet 'New-AzSentinelEntityQuery' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityQueryKind' for parameter 'Kind'.","Change the type for parameter 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityQueryKind'." +"Az.SecurityInsights","New-AzSentinelEntityQuery","New-AzSentinelEntityQuery","0","2020","The cmdlet 'New-AzSentinelEntityQuery' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType' for parameter 'InputEntityType'.","Change the type for parameter 'InputEntityType' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType'." +"Az.SecurityInsights","New-AzSentinelEntityQuery","New-AzSentinelEntityQuery","0","3000","The type of property 'Item' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityEntityQueriesPropertiesEntitiesFilter' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'Item' back to 'System.String[]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'Label' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel]'.","Change the type of property 'Label' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'AdditionalDataTactic' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'AdditionalDataTactic' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic[]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'Classification' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification]' to 'System.String'.","Change the type of property 'Classification' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'ClassificationReason' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason]' to 'System.String'.","Change the type of property 'ClassificationReason' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'Severity' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]' to 'System.String'.","Change the type of property 'Severity' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'Status' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus]' to 'System.String'.","Change the type of property 'Status' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'OwnerType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.OwnerType]' to 'System.String'.","Change the type of property 'OwnerType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.OwnerType]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'RelatedAnalyticRuleId' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'RelatedAnalyticRuleId' back to 'System.String[]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'AdditionalDataAlertProductName' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'AdditionalDataAlertProductName' back to 'System.String[]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","2000","The cmdlet 'New-AzSentinelIncident' no longer supports the parameter 'Incident' and no alias was found for the original parameter name.","Add the parameter 'Incident' back to the cmdlet 'New-AzSentinelIncident', or add an alias to the original parameter name." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","2020","The cmdlet 'New-AzSentinelIncident' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification' for parameter 'Classification'.","Change the type for parameter 'Classification' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","2020","The cmdlet 'New-AzSentinelIncident' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason' for parameter 'ClassificationReason'.","Change the type for parameter 'ClassificationReason' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","3000","The type of property 'LabelType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncidentLabel' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentLabelType]' to 'System.String'.","Change the type of property 'LabelType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentLabelType]'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","2020","The cmdlet 'New-AzSentinelIncident' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity' for parameter 'Severity'.","Change the type for parameter 'Severity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","2020","The cmdlet 'New-AzSentinelIncident' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus' for parameter 'Status'.","Change the type for parameter 'Status' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus'." +"Az.SecurityInsights","New-AzSentinelIncident","New-AzSentinelIncident","0","1050","The parameter set 'Create' for cmdlet 'New-AzSentinelIncident' has been removed.","Add parameter set 'Create' back to cmdlet 'New-AzSentinelIncident'." +"Az.SecurityInsights","New-AzSentinelIncidentComment","New-AzSentinelIncidentComment","0","2000","The cmdlet 'New-AzSentinelIncidentComment' no longer supports the parameter 'IncidentComment' and no alias was found for the original parameter name.","Add the parameter 'IncidentComment' back to the cmdlet 'New-AzSentinelIncidentComment', or add an alias to the original parameter name." +"Az.SecurityInsights","New-AzSentinelIncidentComment","New-AzSentinelIncidentComment","0","1050","The parameter set 'Create' for cmdlet 'New-AzSentinelIncidentComment' has been removed.","Add parameter set 'Create' back to cmdlet 'New-AzSentinelIncidentComment'." +"Az.SecurityInsights","New-AzSentinelIncidentRelation","New-AzSentinelIncidentRelation","0","2000","The cmdlet 'New-AzSentinelIncidentRelation' no longer supports the parameter 'Relation' and no alias was found for the original parameter name.","Add the parameter 'Relation' back to the cmdlet 'New-AzSentinelIncidentRelation', or add an alias to the original parameter name." +"Az.SecurityInsights","New-AzSentinelIncidentRelation","New-AzSentinelIncidentRelation","0","1050","The parameter set 'Create' for cmdlet 'New-AzSentinelIncidentRelation' has been removed.","Add parameter set 'Create' back to cmdlet 'New-AzSentinelIncidentRelation'." +"Az.SecurityInsights","New-AzSentinelIncidentTeam","New-AzSentinelIncidentTeam","0","2000","The cmdlet 'New-AzSentinelIncidentTeam' no longer supports the parameter 'TeamProperty' and no alias was found for the original parameter name.","Add the parameter 'TeamProperty' back to the cmdlet 'New-AzSentinelIncidentTeam', or add an alias to the original parameter name." +"Az.SecurityInsights","New-AzSentinelIncidentTeam","New-AzSentinelIncidentTeam","0","1050","The parameter set 'Create' for cmdlet 'New-AzSentinelIncidentTeam' has been removed.","Add parameter set 'Create' back to cmdlet 'New-AzSentinelIncidentTeam'." +"Az.SecurityInsights","New-AzSentinelOnboardingState","New-AzSentinelOnboardingState","0","2000","The cmdlet 'New-AzSentinelOnboardingState' no longer supports the parameter 'SentinelOnboardingStateParameter' and no alias was found for the original parameter name.","Add the parameter 'SentinelOnboardingStateParameter' back to the cmdlet 'New-AzSentinelOnboardingState', or add an alias to the original parameter name." +"Az.SecurityInsights","New-AzSentinelOnboardingState","New-AzSentinelOnboardingState","0","1050","The parameter set 'Create' for cmdlet 'New-AzSentinelOnboardingState' has been removed.","Add parameter set 'Create' back to cmdlet 'New-AzSentinelOnboardingState'." +"Az.SecurityInsights","Test-AzSentinelDataConnectorCheckRequirement","Test-AzSentinelDataConnectorCheckRequirement","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnectorsCheckRequirements' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind'." +"Az.SecurityInsights","Test-AzSentinelDataConnectorCheckRequirement","Test-AzSentinelDataConnectorCheckRequirement","0","2020","The cmdlet 'Test-AzSentinelDataConnectorCheckRequirement' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind' for parameter 'Kind'.","Change the type for parameter 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","3010","The property 'SystemData' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule' has been removed.","Add the property 'SystemData' back to type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertRuleKind'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","3000","The type of property 'SystemDataCreatedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataCreatedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","3000","The type of property 'SystemDataLastModifiedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.AlertRule' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataLastModifiedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","2020","The cmdlet 'Update-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity' for parameter 'Severity'.","Change the type for parameter 'Severity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","2020","The cmdlet 'Update-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic' for parameter 'Tactic'.","Change the type for parameter 'Tactic' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","2110","The element type for parameter 'GroupByAlertDetail' has been changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail' to 'System.String'.","Change the element type for parameter 'GroupByAlertDetail' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertDetail'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","2110","The element type for parameter 'GroupByEntity' has been changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType' to 'System.String'.","Change the element type for parameter 'GroupByEntity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityMappingType'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","2020","The cmdlet 'Update-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator' for parameter 'TriggerOperator'.","Change the type for parameter 'TriggerOperator' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.TriggerOperator'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","2020","The cmdlet 'Update-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind' for parameter 'EventGroupingSettingAggregationKind'.","Change the type for parameter 'EventGroupingSettingAggregationKind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EventGroupingAggregationKind'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","2020","The cmdlet 'Update-AzSentinelAlertRule' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName' for parameter 'ProductFilter'.","Change the type for parameter 'ProductFilter' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.MicrosoftSecurityProductName'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","2110","The element type for parameter 'SeveritiesFilter' has been changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity' to 'System.String'.","Change the element type for parameter 'SeveritiesFilter' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AlertSeverity'." +"Az.SecurityInsights","Update-AzSentinelAlertRule","Update-AzSentinelAlertRule","0","1050","The parameter set '__AllParameterSets' for cmdlet 'Update-AzSentinelAlertRule' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'Update-AzSentinelAlertRule'." +"Az.SecurityInsights","Update-AzSentinelAlertRuleAction","Update-AzSentinelAlertRuleAction","0","1050","The parameter set '__AllParameterSets' for cmdlet 'Update-AzSentinelAlertRuleAction' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'Update-AzSentinelAlertRuleAction'." +"Az.SecurityInsights","Update-AzSentinelAutomationRule","Update-AzSentinelAutomationRule","0","3000","The type of property 'Action' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction]'.","Change the type of property 'Action' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleAction'." +"Az.SecurityInsights","Update-AzSentinelAutomationRule","Update-AzSentinelAutomationRule","0","3000","The type of property 'TriggeringLogicCondition' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IAutomationRule' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition]'.","Change the type of property 'TriggeringLogicCondition' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IAutomationRuleCondition'." +"Az.SecurityInsights","Update-AzSentinelBookmark","Update-AzSentinelBookmark","0","3000","The type of property 'IncidentInfoSeverity' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]' to 'System.String'.","Change the type of property 'IncidentInfoSeverity' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]'." +"Az.SecurityInsights","Update-AzSentinelBookmark","Update-AzSentinelBookmark","0","3000","The type of property 'Label' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'Label' back to 'System.String[]'." +"Az.SecurityInsights","Update-AzSentinelBookmark","Update-AzSentinelBookmark","0","2020","The cmdlet 'Update-AzSentinelBookmark' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity' for parameter 'IncidentInfoSeverity'.","Change the type for parameter 'IncidentInfoSeverity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity'." +"Az.SecurityInsights","Update-AzSentinelDataConnector","Update-AzSentinelDataConnector","0","3010","The property 'SystemData' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector' has been removed.","Add the property 'SystemData' back to type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector'." +"Az.SecurityInsights","Update-AzSentinelDataConnector","Update-AzSentinelDataConnector","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.DataConnectorKind'." +"Az.SecurityInsights","Update-AzSentinelDataConnector","Update-AzSentinelDataConnector","0","3000","The type of property 'SystemDataCreatedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataCreatedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","Update-AzSentinelDataConnector","Update-AzSentinelDataConnector","0","3000","The type of property 'SystemDataLastModifiedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.DataConnector' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataLastModifiedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","Update-AzSentinelDataConnector","Update-AzSentinelDataConnector","0","2020","The cmdlet 'Update-AzSentinelDataConnector' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency' for parameter 'PollingFrequency'.","Change the type for parameter 'PollingFrequency' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.PollingFrequency'." +"Az.SecurityInsights","Update-AzSentinelEntityQuery","Update-AzSentinelEntityQuery","0","3010","The property 'SystemData' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery' has been removed.","Add the property 'SystemData' back to type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery'." +"Az.SecurityInsights","Update-AzSentinelEntityQuery","Update-AzSentinelEntityQuery","0","3000","The type of property 'SystemDataCreatedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataCreatedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","Update-AzSentinelEntityQuery","Update-AzSentinelEntityQuery","0","3000","The type of property 'SystemDataLastModifiedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.CustomEntityQuery' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataLastModifiedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","Update-AzSentinelEntityQuery","Update-AzSentinelEntityQuery","0","2020","The cmdlet 'Update-AzSentinelEntityQuery' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType' for parameter 'InputEntityType'.","Change the type for parameter 'InputEntityType' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.EntityType'." +"Az.SecurityInsights","Update-AzSentinelEntityQuery","Update-AzSentinelEntityQuery","0","3000","The type of property 'Item' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ActivityEntityQueriesPropertiesEntitiesFilter' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'Item' back to 'System.String[]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'Label' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel' to 'System.Collections.Generic.List`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel]'.","Change the type of property 'Label' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.IIncidentLabel'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'AdditionalDataTactic' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'AdditionalDataTactic' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.AttackTactic[]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'Classification' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification]' to 'System.String'.","Change the type of property 'Classification' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'ClassificationReason' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason]' to 'System.String'.","Change the type of property 'ClassificationReason' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'Severity' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]' to 'System.String'.","Change the type of property 'Severity' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'Status' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus]' to 'System.String'.","Change the type of property 'Status' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'OwnerType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.OwnerType]' to 'System.String'.","Change the type of property 'OwnerType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.OwnerType]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'RelatedAnalyticRuleId' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'RelatedAnalyticRuleId' back to 'System.String[]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","3000","The type of property 'AdditionalDataAlertProductName' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IIncident' has changed from 'System.String[]' to 'System.Collections.Generic.List`1[System.String]'.","Change the type of property 'AdditionalDataAlertProductName' back to 'System.String[]'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","2020","The cmdlet 'Update-AzSentinelIncident' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification' for parameter 'Classification'.","Change the type for parameter 'Classification' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassification'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","2020","The cmdlet 'Update-AzSentinelIncident' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason' for parameter 'ClassificationReason'.","Change the type for parameter 'ClassificationReason' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentClassificationReason'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","2020","The cmdlet 'Update-AzSentinelIncident' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity' for parameter 'Severity'.","Change the type for parameter 'Severity' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity'." +"Az.SecurityInsights","Update-AzSentinelIncident","Update-AzSentinelIncident","0","2020","The cmdlet 'Update-AzSentinelIncident' no longer supports the type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus' for parameter 'Status'.","Change the type for parameter 'Status' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentStatus'." +"Az.SecurityInsights","Update-AzSentinelSetting","Update-AzSentinelSetting","0","3010","The property 'SystemData' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Settings' has been removed.","Add the property 'SystemData' back to type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Settings'." +"Az.SecurityInsights","Update-AzSentinelSetting","Update-AzSentinelSetting","0","3000","The type of property 'Kind' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Settings' has changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SettingKind' to 'System.String'.","Change the type of property 'Kind' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.SettingKind'." +"Az.SecurityInsights","Update-AzSentinelSetting","Update-AzSentinelSetting","0","3000","The type of property 'SystemDataCreatedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Settings' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataCreatedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","Update-AzSentinelSetting","Update-AzSentinelSetting","0","3000","The type of property 'SystemDataLastModifiedByType' of type 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.Settings' has changed from 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]' to 'System.String'.","Change the type of property 'SystemDataLastModifiedByType' back to 'System.Nullable`1[Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.CreatedByType]'." +"Az.SecurityInsights","Update-AzSentinelSetting","Update-AzSentinelSetting","0","2110","The element type for parameter 'DataSource' has been changed from 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.UebaDataSources' to 'System.String'.","Change the element type for parameter 'DataSource' back to 'Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.UebaDataSources'." \ No newline at end of file