Azure Sentinel PowerShell cmdlets

A few days ago, Microsoft released an official PowerShell module for Azure Sentinel. As of today, it includes 24 different cmdlets.

  • Incident management:
    • Get-AzSentinelIncident
    • New-AzSentinelIncident
    • Get-AzSentinelIncidentComment
    • New-AzSentinelIncidentComment
    • New-AzSentinelIncidentOwner
    • Remove-AzSentinelIncident
    • Update-AzSentinelIncident

    Alert Rule Management:

    • Get-AzSentinelAlertRule
    • Get-AzSentinelAlertRuleAction
    • Get-AzSentinelAlertRuleTemplate
    • New-AzSentinelAlertRule
    • New-AzSentinelAlertRuleAction
    • Remove-AzSentinelAlertRule
    • Remove-AzSentinelAlertRuleAction
    • Update-AzSentinelAlertRule
    • Update-AzSentinelAlertRuleAction

    Bookmark Management

    • Get-AzSentinelBookmark
    • New-AzSentinelBookmark
    • Remove-AzSentinelBookmark
    • Update-AzSentinelBookmark

    Connector Management

    • Get-AzSentinelDataConnector
    • New-AzSentinelDataConnector
    • Remove-AzSentinelDataConnector
    • Update-AzSentinelDataConnector

You can download the PowerShell module directly from the PowerShell Gallery – PowerShell Gallery | Az.SecurityInsights 0.1.0

I published all the PowerShell commands parameter sets on my Github account – Kaidja/AzSentinelPowerShell: Azure Sentinel PowerShell cmdlets (github.com)

I also uploaded all the native cmdlet examples here РAzSentinelPowerShell/MS Examples at main · Kaidja/AzSentinelPowerShell (github.com)

Have fun!

Kaido Järvemets

Configuration Manager and Azure Sentinel
Azure Sentinel incident management using PowerShell
Need more information?
Need more information?
  • This field is for validation purposes and should be left unchanged.