tests.....

Author: dicolanl

src/Dns/Dns.sln

@@ -1,6 +1,6 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27703.2042
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30709.132
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Dns", "Dns\Dns.csproj", "{3CAE1B57-FFEC-4945-A6C5-6E5E8DEA4BA9}"
 EndProject
@@ -40,6 +40,10 @@ Global
 		{142D7B0B-388A-4CEB-A228-7F6D423C5C2E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{142D7B0B-388A-4CEB-A228-7F6D423C5C2E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{142D7B0B-388A-4CEB-A228-7F6D423C5C2E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6BD6B80A-06AF-4B5B-9230-69CCFC6C8D64}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6BD6B80A-06AF-4B5B-9230-69CCFC6C8D64}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6BD6B80A-06AF-4B5B-9230-69CCFC6C8D64}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6BD6B80A-06AF-4B5B-9230-69CCFC6C8D64}.Release|Any CPU.Build.0 = Release|Any CPU
 		{98CFD96B-A6BC-4F15-AE2C-603FC2B58981}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{98CFD96B-A6BC-4F15-AE2C-603FC2B58981}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{98CFD96B-A6BC-4F15-AE2C-603FC2B58981}.Release|Any CPU.ActiveCfg = Release|Any CPU

src/Media/Media.sln

@@ -1,7 +1,6 @@
-
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27703.2042
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30709.132
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Media", "Media\Media.csproj", "{A505E64B-6AA8-43AC-90E7-22A94FD38A0F}"
 EndProject
@@ -39,6 +38,10 @@ Global
 		{142D7B0B-388A-4CEB-A228-7F6D423C5C2E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{142D7B0B-388A-4CEB-A228-7F6D423C5C2E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{142D7B0B-388A-4CEB-A228-7F6D423C5C2E}.Release|Any CPU.Build.0 = Release|Any CPU
+		{6BD6B80A-06AF-4B5B-9230-69CCFC6C8D64}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{6BD6B80A-06AF-4B5B-9230-69CCFC6C8D64}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{6BD6B80A-06AF-4B5B-9230-69CCFC6C8D64}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{6BD6B80A-06AF-4B5B-9230-69CCFC6C8D64}.Release|Any CPU.Build.0 = Release|Any CPU
 		{FF81DC73-B8EC-4082-8841-4FBF2B16E7CE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{FF81DC73-B8EC-4082-8841-4FBF2B16E7CE}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{FF81DC73-B8EC-4082-8841-4FBF2B16E7CE}.Release|Any CPU.ActiveCfg = Release|Any CPU

src/SecurityInsights/SecurityInsights.Test/ScenarioTests/Actions/ActionsTests.cs renamed to src/SecurityInsights/SecurityInsights.Test/ScenarioTests/ActionsTests.cs

@@ -16,18 +16,20 @@
 .SYNOPSIS
 List Actions by Alert Rule
 #>
-function Get-AzSentineAlertRulelAction-ListByAlertRule
+function Get-AzSentinelAlertRuleAction-ListByAlertRule
 {
 
 	$LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
+	$TriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName (Get-TestResourceGroupName) -Name "Block-AADUser" -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
 	$LogicAppResourceId2 = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Get-MDATPInvestigationPackage"
+	$TriggerUri2 = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName (Get-TestResourceGroupName) -Name "Get-MDATPInvestigationPackage" -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
 
 	#Create Alert Rule
-	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Type Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuprressionDuration "PT5H" -SuprressionEnabled $false
+	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Kind Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuppressionDuration (New-TimeSpan -Hours 5) -SuppressionEnabled $false -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10
 	#Create Alert Rule Action
-	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -LogicAppResourceId $LogicAppResourceId
+	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name) -LogicAppResourceId $LogicAppResourceId -TriggerUri ($TriggerUri.value)
 	#Create Alert Rule Action
-	$action2 = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -LogicAppResourceId $LogicAppResourceId2
+	$action2 = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name) -LogicAppResourceId $LogicAppResourceId2 -TriggerUri ($TriggerUri2.value)
 
 	#Get Alert Rule Actions
     $actions = Get-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name)
@@ -46,11 +48,12 @@ function Get-AzSentinelAlertRuleAction-GetAction
 {
 
 	$LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
+	$TriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName (Get-TestResourceGroupName) -Name "Block-AADUser" -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
 
 	#Create Alert Rule
-	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Type Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuprressionDuration "PT5H" -SuprressionEnabled $false
+	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Kind Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuppressionDuration (New-TimeSpan -Hours 5) -SuppressionEnabled $false -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10
 	#Create Alert Rule Action
-	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -LogicAppResourceId $LogicAppResourceId
+	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name) -LogicAppResourceId $LogicAppResourceId -TriggerUri ($TriggerUri.value)
 
 	#Get Alert Rule Action
     $action = Get-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name) -ActionId ($action.Name)
@@ -68,11 +71,12 @@ Create Action
 function New-AzSentinelAlertRuleAction-Create
 {
     $LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
+	$TriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName (Get-TestResourceGroupName) -Name "Block-AADUser" -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
 
 	#Create Alert Rule
-	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Type Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuprressionDuration "PT5H" -SuprressionEnabled $false
+	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Kind Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuppressionDuration (New-TimeSpan -Hours 5) -SuppressionEnabled $false -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10
 	#Create Alert Rule Action
-	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -LogicAppResourceId $LogicAppResourceId
+	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name) -LogicAppResourceId $LogicAppResourceId -TriggerUri ($TriggerUri.value)
 
 	#Validate
 	Validate-Action $action
@@ -88,15 +92,17 @@ Update Action
 function Set-AzSentinelAlertRuleAction-Update
 {
 	$LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
+	$TriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName (Get-TestResourceGroupName) -Name "Block-AADUser" -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
 	$LogicAppResourceId2 = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Get-MDATPInvestigationPackage"
+	$TriggerUri2 = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName (Get-TestResourceGroupName) -Name "Get-MDATPInvestigationPackage" -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
 
 	#Create Alert Rule
-	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Type Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuprressionDuration "PT5H" -SuprressionEnabled $false
+	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Kind Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuppressionDuration (New-TimeSpan -Hours 5) -SuppressionEnabled $false -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10
 	#Create Alert Rule Action
-	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -LogicAppResourceId $LogicAppResourceId
+	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name) -LogicAppResourceId $LogicAppResourceId -TriggerUri ($TriggerUri.value)
 
 	#update action
-	$action = Set=AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -LogicAppResourceId $LogicAppResourceId2
+	$action = Set=AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name) -LogicAppResourceId $LogicAppResourceId2 -TriggerUri ($TriggerUri2.value)
 
 	# Validate
 	Validate-Action $action
@@ -112,11 +118,13 @@ Delete Action
 function Remove-AzSentinelAlertRuleAction-Delete
 {
 	$LogicAppResourceId = "/subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
+	$TriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName (Get-TestResourceGroupName) -Name "Block-AADUser" -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
 
 	#Create Alert Rule
-	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Type Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuprressionDuration "PT5H" -SuprressionEnabled $false
+	$alertRule = New-AzSentinelAlertRule -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -Kind Scheduled -Enabled $true -DisplayName "PoshModuleTest" -SuppressionDuration (New-TimeSpan -Hours 5) -SuppressionEnabled $false -Severity Low -Query "SecurityAlert | take 1" -QueryFrequency (New-TimeSpan -Hours 5) -QueryPeriod (New-TimeSpan -Hours 5) -TriggerThreshold 10
 	#Create Alert Rule Action
-	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -LogicAppResourceId $LogicAppResourceId
+	$action = New-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -AlertRuleId ($alertRule.Name) -LogicAppResourceId $LogicAppResourceId -TriggerUri ($TriggerUri.value)
+	#delete
 	Remove-AzSentinelAlertRuleAction -ResourceGroupName (Get-TestResourceGroupName) -WorkspaceName (Get-TestWorkspaceName) -ActionId ($action.Name)
 	# Validate
 	Validate-Action $action

src/SecurityInsights/SecurityInsights.Test/ScenarioTests/Actions/ActionsTests.ps1 renamed to src/SecurityInsights/SecurityInsights.Test/ScenarioTests/ActionsTests.ps1

@@ -46,6 +46,7 @@ public void RunPowerShellTest(ServiceManagement.Common.Models.XunitTracingInterc
             var mockName = sf.GetMethod().Name;
 
             _helper.TracingInterceptor = logger;
+
             var providers = new Dictionary<string, string>();
             var providersToIgnore = new Dictionary<string, string>();
             HttpMockServer.Matcher = new PermissiveRecordMatcherWithApiExclusion(true, providers, providersToIgnore);
@@ -61,10 +62,11 @@ public void RunPowerShellTest(ServiceManagement.Common.Models.XunitTracingInterc
                 _helper.SetupModules(
                     AzureModule.AzureResourceManager,
                     _helper.RMProfileModule,
+                    _helper.GetRMModulePath(@"AzureRM.LogicApp.psd1"),
+                    _helper.GetRMModulePath(@"AzureRM.Resources.psd1"),
                     _helper.GetRMModulePath(@"AzureRM.SecurityInsights.psd1"),
                     "ScenarioTests\\Common.ps1",
                     "ScenarioTests\\" + callingClassName + ".ps1",
-                    "AzureRM.Storage.ps1",
                     "AzureRM.Resources.ps1");
 
                 _helper.RunPowerShellTest(scripts);
@@ -75,8 +77,7 @@ protected void SetupManagementClients(MockContext context)
         {
             var resourcesClient = GetResourcesClient(context);
             var securityInsightsClient = GetSecurityInsightsClient(context);
-            var storageClient = GetStorageManagementClient(context);
-            _helper.SetupManagementClients(securityInsightsClient, resourcesClient, storageClient);
+            _helper.SetupManagementClients(securityInsightsClient, resourcesClient);
         }
 
         private static SecurityInsightsClient GetSecurityInsightsClient(MockContext context)
@@ -87,9 +88,5 @@ private static ResourceManagementClient GetResourcesClient(MockContext context)
         {
             return context.GetServiceClient<ResourceManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
         }
-        private static StorageManagementClient GetStorageManagementClient(MockContext context)
-        {
-            return context.GetServiceClient<StorageManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
-        }
     }
 }

src/SecurityInsights/SecurityInsights.Test/ScenarioTests/TestController.cs

@@ -21,7 +21,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <None Update="ScenarioTests\Actions\ActionsTests.ps1">
+    <None Update="ScenarioTests\ActionsTests.ps1">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
   </ItemGroup>

src/SecurityInsights/SecurityInsights.Test/SecurityInsights.Test.csproj

@@ -21,6 +21,7 @@
 using System;
 using Microsoft.Azure.Management.SecurityInsights.Models;
 using Microsoft.Azure.Commands.SecurityInsights.Models.Actions;
+using Microsoft.Azure.Management.SecurityInsights;
 
 namespace Microsoft.Azure.Commands.SecurityInsights.Cmdlets.Actions
 {
@@ -39,14 +40,14 @@ public class NewAlertRuleActions : SecurityInsightsCmdletBase
         [Parameter(ParameterSetName = ParameterSetNames.ActionId, Mandatory = true, HelpMessage = ParameterHelpMessages.AlertRuleId)]
         public string AlertRuleId { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.ActionId, Mandatory = true, HelpMessage = ParameterHelpMessages.ActionId)]
+        [Parameter(ParameterSetName = ParameterSetNames.ActionId, Mandatory = false, HelpMessage = ParameterHelpMessages.ActionId)]
         public string ActionId { get; set; }
 
         [Parameter(ParameterSetName = ParameterSetNames.ActionId, Mandatory = true, HelpMessage = ParameterHelpMessages.LogicAppResourceId)]
         [ValidateNotNullOrEmpty]
         public string LogicAppResourceId { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.ActionId, Mandatory = false, HelpMessage = ParameterHelpMessages.TriggerUri)] 
+        [Parameter(ParameterSetName = ParameterSetNames.ActionId, Mandatory = true, HelpMessage = ParameterHelpMessages.TriggerUri)] 
         public string TriggerUri { get; set; }
 
         public override void ExecuteCmdlet()
@@ -66,7 +67,7 @@ public override void ExecuteCmdlet()
 
             if (ShouldProcess(name, VerbsCommon.New))
             {
-                var outputaction = SecurityInsightsClient.AlertRules.CreateOrUpdateActionWithHttpMessagesAsync(ResourceGroupName, WorkspaceName, AlertRuleId, name, action).GetAwaiter().GetResult().Body;
+                var outputaction = SecurityInsightsClient.AlertRules.CreateOrUpdateAction(ResourceGroupName, WorkspaceName, AlertRuleId, name, action);
 
                 WriteObject(outputaction.ConvertToPSType(), enumerateCollection: false);
             }

src/SecurityInsights/SecurityInsights/Cmdlets/Actions/NewAlertRuleActions.cs

@@ -99,19 +99,19 @@ public class NewAlertRules : SecurityInsightsCmdletBase
         [ValidateNotNullOrEmpty]
         public bool SuppressionEnabled { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = false, HelpMessage = ParameterHelpMessages.Query)]
+        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = true, HelpMessage = ParameterHelpMessages.Query)]
         [ValidateNotNullOrEmpty]
         public string Query { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = false, HelpMessage = ParameterHelpMessages.QueryFrequency)]
+        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = true, HelpMessage = ParameterHelpMessages.QueryFrequency)]
         [ValidateNotNullOrEmpty]
         public TimeSpan? QueryFrequency { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = false, HelpMessage = ParameterHelpMessages.QueryPeriod)]
+        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = true, HelpMessage = ParameterHelpMessages.QueryPeriod)]
         [ValidateNotNullOrEmpty]
         public TimeSpan? QueryPeriod { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = false, HelpMessage = ParameterHelpMessages.Severity)]
+        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = true, HelpMessage = ParameterHelpMessages.Severity)]
         [ValidateSet("High", "Informational", "Low", "Medium")]
         [ValidateNotNullOrEmpty]
         public string Severity { get; set; }
@@ -125,7 +125,7 @@ public class NewAlertRules : SecurityInsightsCmdletBase
         [ValidateNotNullOrEmpty]
         public TriggerOperator TriggerOperator { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = false, HelpMessage = ParameterHelpMessages.TriggerThreshold)]
+        [Parameter(ParameterSetName = ParameterSetNames.ScheduledAlertRule, Mandatory = true, HelpMessage = ParameterHelpMessages.TriggerThreshold)]
         [ValidateNotNullOrEmpty]
         public int? TriggerThreshold { get; set; }