├── AzSentinelCMDLets.xlsx ├── Azure Sentinel Analytics Rules with Data Sources.xlsx ├── Azure Sentinel incident management using PowerShell.pdf ├── Azure Sentinel management using PowerShell.pdf ├── EBook Examples ├── Analytics Rule Management │ ├── Add a new automated response for the Analytics rule.ps1 │ ├── Count Analytics rules template types.ps1 │ ├── Count all the Analytics rule templates.ps1 │ ├── Create a new custom Analytics Rule.ps1 │ ├── Create new Analytics Rules based on a Template.ps1 │ ├── Disable enabled Analytics rule.ps1 │ ├── Export All Analytics Rule Templates to a CSV File.ps1 │ ├── Export All Analytics Rules to JSON.ps1 │ ├── Export-AllSentinelAnalyticsRulesWithDataConnectors.ps1 │ ├── Filter Analytics rules based on the CreatedDateUtc property.ps1 │ ├── Get Analytics rule action detailed information.ps1 │ ├── Get Analytics rule action.ps1 │ ├── List all Analytics rule templates.ps1 │ ├── List all Analytics rules and group by Severity.ps1 │ ├── List all Analytics rules and sort rules based on the severity.ps1 │ ├── List all Analytics rules where Data Sources contains SecurityEvents.ps1 │ ├── List all Low Severity based Analytics rules.ps1 │ ├── List all enabled Analytics Rules.ps1 │ └── Remove automated response from the Analytics rule.ps1 ├── Bookmark Management │ ├── Get Bookmark.ps1 │ ├── New Bookmark.ps1 │ ├── Remove Bookmark.ps1 │ └── Update Bookmark.ps1 ├── Data Connectors │ ├── Enable Azure Security Center Data Connector.ps1 │ └── Get Data Connectors.ps1 └── Incident Management │ ├── Add a comment to an incident.ps1 │ ├── Create an incident.ps1 │ ├── Get a specific incident.ps1 │ ├── Get all incidents and convert CreatedTimeUTC property to local DateTime.ps1 │ ├── Get all incidents and order by CreatedTimeUTC property.ps1 │ ├── Getting started.ps1 │ ├── List all incidents.ps1 │ ├── Read incident comments.ps1 │ ├── Remove incident.ps1 │ └── Update incident details.ps1 ├── MS Examples ├── Get-AzSentinelAlertRule.txt ├── Get-AzSentinelAlertRuleAction.txt ├── Get-AzSentinelAlertRuleTemplate.txt ├── Get-AzSentinelBookmark.txt ├── Get-AzSentinelDataConnector.txt ├── Get-AzSentinelIncident.txt ├── Get-AzSentinelIncidentComment.txt ├── New-AzSentinelAlertRule.txt ├── New-AzSentinelAlertRuleAction.txt ├── New-AzSentinelBookmark.txt ├── New-AzSentinelDataConnector.txt ├── New-AzSentinelIncident.txt ├── New-AzSentinelIncidentComment.txt ├── New-AzSentinelIncidentOwner.txt ├── Remove-AzSentinelAlertRule.txt ├── Remove-AzSentinelAlertRuleAction.txt ├── Remove-AzSentinelBookmark.txt ├── Remove-AzSentinelDataConnector.txt ├── Remove-AzSentinelIncident.txt ├── Update-AzSentinelAlertRule.txt ├── Update-AzSentinelAlertRuleAction.txt ├── Update-AzSentinelBookmark.txt ├── Update-AzSentinelDataConnector.txt └── Update-AzSentinelIncident.txt └── README.md /AzSentinelCMDLets.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/AzSentinelCMDLets.xlsx -------------------------------------------------------------------------------- /Azure Sentinel Analytics Rules with Data Sources.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/Azure Sentinel Analytics Rules with Data Sources.xlsx -------------------------------------------------------------------------------- /Azure Sentinel incident management using PowerShell.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/Azure Sentinel incident management using PowerShell.pdf -------------------------------------------------------------------------------- /Azure Sentinel management using PowerShell.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/Azure Sentinel management using PowerShell.pdf -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Add a new automated response for the Analytics rule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Add a new automated response for the Analytics rule.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Count Analytics rules template types.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Count Analytics rules template types.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Count all the Analytics rule templates.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Count all the Analytics rule templates.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Create a new custom Analytics Rule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Create a new custom Analytics Rule.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Create new Analytics Rules based on a Template.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Create new Analytics Rules based on a Template.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Disable enabled Analytics rule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Disable enabled Analytics rule.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Export All Analytics Rule Templates to a CSV File.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Export All Analytics Rule Templates to a CSV File.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Export All Analytics Rules to JSON.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Export All Analytics Rules to JSON.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Export-AllSentinelAnalyticsRulesWithDataConnectors.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Export-AllSentinelAnalyticsRulesWithDataConnectors.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Filter Analytics rules based on the CreatedDateUtc property.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Filter Analytics rules based on the CreatedDateUtc property.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Get Analytics rule action detailed information.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Get Analytics rule action detailed information.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Get Analytics rule action.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Get Analytics rule action.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/List all Analytics rule templates.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/List all Analytics rule templates.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/List all Analytics rules and group by Severity.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/List all Analytics rules and group by Severity.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/List all Analytics rules and sort rules based on the severity.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/List all Analytics rules and sort rules based on the severity.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/List all Analytics rules where Data Sources contains SecurityEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/List all Analytics rules where Data Sources contains SecurityEvents.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/List all Low Severity based Analytics rules.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/List all Low Severity based Analytics rules.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/List all enabled Analytics Rules.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/List all enabled Analytics Rules.ps1 -------------------------------------------------------------------------------- /EBook Examples/Analytics Rule Management/Remove automated response from the Analytics rule.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Analytics Rule Management/Remove automated response from the Analytics rule.ps1 -------------------------------------------------------------------------------- /EBook Examples/Bookmark Management/Get Bookmark.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Bookmark Management/Get Bookmark.ps1 -------------------------------------------------------------------------------- /EBook Examples/Bookmark Management/New Bookmark.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Bookmark Management/New Bookmark.ps1 -------------------------------------------------------------------------------- /EBook Examples/Bookmark Management/Remove Bookmark.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Bookmark Management/Remove Bookmark.ps1 -------------------------------------------------------------------------------- /EBook Examples/Bookmark Management/Update Bookmark.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Bookmark Management/Update Bookmark.ps1 -------------------------------------------------------------------------------- /EBook Examples/Data Connectors/Enable Azure Security Center Data Connector.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Data Connectors/Enable Azure Security Center Data Connector.ps1 -------------------------------------------------------------------------------- /EBook Examples/Data Connectors/Get Data Connectors.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Data Connectors/Get Data Connectors.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Add a comment to an incident.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Add a comment to an incident.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Create an incident.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Create an incident.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Get a specific incident.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Get a specific incident.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Get all incidents and convert CreatedTimeUTC property to local DateTime.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Get all incidents and convert CreatedTimeUTC property to local DateTime.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Get all incidents and order by CreatedTimeUTC property.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Get all incidents and order by CreatedTimeUTC property.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Getting started.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Getting started.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/List all incidents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/List all incidents.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Read incident comments.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Read incident comments.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Remove incident.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Remove incident.ps1 -------------------------------------------------------------------------------- /EBook Examples/Incident Management/Update incident details.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/EBook Examples/Incident Management/Update incident details.ps1 -------------------------------------------------------------------------------- /MS Examples/Get-AzSentinelAlertRule.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Get-AzSentinelAlertRule.txt -------------------------------------------------------------------------------- /MS Examples/Get-AzSentinelAlertRuleAction.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Get-AzSentinelAlertRuleAction.txt -------------------------------------------------------------------------------- /MS Examples/Get-AzSentinelAlertRuleTemplate.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Get-AzSentinelAlertRuleTemplate.txt -------------------------------------------------------------------------------- /MS Examples/Get-AzSentinelBookmark.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Get-AzSentinelBookmark.txt -------------------------------------------------------------------------------- /MS Examples/Get-AzSentinelDataConnector.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Get-AzSentinelDataConnector.txt -------------------------------------------------------------------------------- /MS Examples/Get-AzSentinelIncident.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Get-AzSentinelIncident.txt -------------------------------------------------------------------------------- /MS Examples/Get-AzSentinelIncidentComment.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Get-AzSentinelIncidentComment.txt -------------------------------------------------------------------------------- /MS Examples/New-AzSentinelAlertRule.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/New-AzSentinelAlertRule.txt -------------------------------------------------------------------------------- /MS Examples/New-AzSentinelAlertRuleAction.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/New-AzSentinelAlertRuleAction.txt -------------------------------------------------------------------------------- /MS Examples/New-AzSentinelBookmark.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/New-AzSentinelBookmark.txt -------------------------------------------------------------------------------- /MS Examples/New-AzSentinelDataConnector.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/New-AzSentinelDataConnector.txt -------------------------------------------------------------------------------- /MS Examples/New-AzSentinelIncident.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/New-AzSentinelIncident.txt -------------------------------------------------------------------------------- /MS Examples/New-AzSentinelIncidentComment.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/New-AzSentinelIncidentComment.txt -------------------------------------------------------------------------------- /MS Examples/New-AzSentinelIncidentOwner.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/New-AzSentinelIncidentOwner.txt -------------------------------------------------------------------------------- /MS Examples/Remove-AzSentinelAlertRule.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Remove-AzSentinelAlertRule.txt -------------------------------------------------------------------------------- /MS Examples/Remove-AzSentinelAlertRuleAction.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Remove-AzSentinelAlertRuleAction.txt -------------------------------------------------------------------------------- /MS Examples/Remove-AzSentinelBookmark.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Remove-AzSentinelBookmark.txt -------------------------------------------------------------------------------- /MS Examples/Remove-AzSentinelDataConnector.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Remove-AzSentinelDataConnector.txt -------------------------------------------------------------------------------- /MS Examples/Remove-AzSentinelIncident.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Remove-AzSentinelIncident.txt -------------------------------------------------------------------------------- /MS Examples/Update-AzSentinelAlertRule.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Update-AzSentinelAlertRule.txt -------------------------------------------------------------------------------- /MS Examples/Update-AzSentinelAlertRuleAction.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Update-AzSentinelAlertRuleAction.txt -------------------------------------------------------------------------------- /MS Examples/Update-AzSentinelBookmark.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Update-AzSentinelBookmark.txt -------------------------------------------------------------------------------- /MS Examples/Update-AzSentinelDataConnector.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Update-AzSentinelDataConnector.txt -------------------------------------------------------------------------------- /MS Examples/Update-AzSentinelIncident.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/MS Examples/Update-AzSentinelIncident.txt -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Kaidja/AzSentinelPowerShell/HEAD/README.md --------------------------------------------------------------------------------