Azure Sentinel PowerShell cmdlets
A few days ago, Microsoft released an official PowerShell module for Azure Sentinel. As of today, it includes 24 different cmdlets.
- Incident management:
- Get-AzSentinelIncident
- New-AzSentinelIncident
- Get-AzSentinelIncidentComment
- New-AzSentinelIncidentComment
- New-AzSentinelIncidentOwner
- Remove-AzSentinelIncident
- Update-AzSentinelIncident
Alert Rule Management:
- Get-AzSentinelAlertRule
- Get-AzSentinelAlertRuleAction
- Get-AzSentinelAlertRuleTemplate
- New-AzSentinelAlertRule
- New-AzSentinelAlertRuleAction
- Remove-AzSentinelAlertRule
- Remove-AzSentinelAlertRuleAction
- Update-AzSentinelAlertRule
- Update-AzSentinelAlertRuleAction
Bookmark Management
- Get-AzSentinelBookmark
- New-AzSentinelBookmark
- Remove-AzSentinelBookmark
- Update-AzSentinelBookmark
Connector Management
- Get-AzSentinelDataConnector
- New-AzSentinelDataConnector
- Remove-AzSentinelDataConnector
- Update-AzSentinelDataConnector
You can download the PowerShell module directly from the PowerShell Gallery – PowerShell Gallery | Az.SecurityInsights 0.1.0
I published all the PowerShell commands parameter sets on my Github account – Kaidja/AzSentinelPowerShell: Azure Sentinel PowerShell cmdlets (github.com)
I also uploaded all the native cmdlet examples here – AzSentinelPowerShell/MS Examples at main · Kaidja/AzSentinelPowerShell (github.com)
Have fun!
Kaido Järvemets
Need more information?
Need more information?