@@ -22,9 +22,9 @@ function Get-AzSentinelAlertRuleAction-ListByAlertRule
22
22
$ActionId = " cd9f21e2-1718-4b8b-871e-b8d59c65f317"
23
23
$ActionId2 = " ccef9243-4f96-4ec5-8042-9df44e2df452"
24
24
$LogicAppResourceId = " /subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
25
- $TriggerUri = " https://prod-13.westus .logic.azure.com:443/workflows/826a95b1b84c4ffbaf3af3dd88fe96b5 /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=pK23xWl4uJT4RWs7zopxiP0Z7CpIfCDZEanL-mEyy1E "
25
+ $TriggerUri = " https://prod-08.eastus .logic.azure.com:443/workflows/854f1fc04f50415f83a359463dd60e8b /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=D7IHsTelJf8XFdhefU6mFRYjnHaa0oHkY_xWC_wW_Vs "
26
26
$LogicAppResourceId2 = " /subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Get-MDATPInvestigationPackage"
27
- $TriggerUri2 = " https://prod-16.westus .logic.azure.com:443/workflows/18c75599cf3742c998d14af0f89cf3b1 /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=rREdJWoN3PNCmhqwMz0KRy8apQDt8DQbZZuvlm1l4Oo "
27
+ $TriggerUri2 = " https://prod-11.eastus .logic.azure.com:443/workflows/9f824303d57e4f00bea47052e4318d1b /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=2cGZz7eu3Y437r3LRHpkSFUTmD0X15XXP7uiW5_aLaA "
28
28
29
29
# Create Alert Rule
30
30
$alertRule = New-AzSentinelAlertRule - ResourceGroupName (Get-TestResourceGroupName ) - WorkspaceName (Get-TestWorkspaceName ) - AlertRuleId $AlertRuleId - Scheduled - Enabled - DisplayName " PoshModuleTest" - Severity Low - Query " SecurityAlert | take 1" - QueryFrequency (New-TimeSpan - Hours 5 ) - QueryPeriod (New-TimeSpan - Hours 5 ) - TriggerThreshold 10
@@ -51,7 +51,7 @@ function Get-AzSentinelAlertRuleAction-GetAction
51
51
$AlertRuleId = " 77def5f7-ab37-4aaf-8711-904d1ab55787"
52
52
$ActionId = " 27dda575-93f0-4925-92b3-039ef4d89cad"
53
53
$LogicAppResourceId = " /subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
54
- $TriggerUri = " https://prod-13.westus .logic.azure.com:443/workflows/826a95b1b84c4ffbaf3af3dd88fe96b5 /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=pK23xWl4uJT4RWs7zopxiP0Z7CpIfCDZEanL-mEyy1E "
54
+ $TriggerUri = " https://prod-08.eastus .logic.azure.com:443/workflows/854f1fc04f50415f83a359463dd60e8b /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=D7IHsTelJf8XFdhefU6mFRYjnHaa0oHkY_xWC_wW_Vs "
55
55
56
56
# Create Alert Rule
57
57
$alertRule = New-AzSentinelAlertRule - ResourceGroupName (Get-TestResourceGroupName ) - WorkspaceName (Get-TestWorkspaceName ) - AlertRuleId $AlertRuleId - Scheduled - Enabled - DisplayName " PoshModuleTest" - Severity Low - Query " SecurityAlert | take 1" - QueryFrequency (New-TimeSpan - Hours 5 ) - QueryPeriod (New-TimeSpan - Hours 5 ) - TriggerThreshold 10
@@ -76,7 +76,7 @@ function New-AzSentinelAlertRuleAction-Create
76
76
$AlertRuleId = " 26501c9d-8f07-419d-8bcb-f9aac8ec1a7f"
77
77
$ActionId = " 10d54e5f-8c03-42fc-b1d9-1bd881535af0"
78
78
$LogicAppResourceId = " /subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
79
- $TriggerUri = " https://prod-13.westus .logic.azure.com:443/workflows/826a95b1b84c4ffbaf3af3dd88fe96b5 /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=pK23xWl4uJT4RWs7zopxiP0Z7CpIfCDZEanL-mEyy1E "
79
+ $TriggerUri = " https://prod-08.eastus .logic.azure.com:443/workflows/854f1fc04f50415f83a359463dd60e8b /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=D7IHsTelJf8XFdhefU6mFRYjnHaa0oHkY_xWC_wW_Vs "
80
80
81
81
# Create Alert Rule
82
82
$alertRule = New-AzSentinelAlertRule - ResourceGroupName (Get-TestResourceGroupName ) - WorkspaceName (Get-TestWorkspaceName ) - AlertRuleId $AlertRuleId - Scheduled - Enabled - DisplayName " PoshModuleTest" - Severity Low - Query " SecurityAlert | take 1" - QueryFrequency (New-TimeSpan - Hours 5 ) - QueryPeriod (New-TimeSpan - Hours 5 ) - TriggerThreshold 10
@@ -99,9 +99,9 @@ function Update-AzSentinelAlertRuleAction-Update
99
99
$AlertRuleId = " 1584e7a3-802c-435b-9178-5720a44be2f3"
100
100
$ActionId = " 91c2ea2f-f40c-4bef-ab3b-43c09e4a9699"
101
101
$LogicAppResourceId = " /subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Block-AADUser"
102
- $TriggerUri = " https://prod-13.westus .logic.azure.com:443/workflows/826a95b1b84c4ffbaf3af3dd88fe96b5 /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=pK23xWl4uJT4RWs7zopxiP0Z7CpIfCDZEanL-mEyy1E "
102
+ $TriggerUri = " https://prod-08.eastus .logic.azure.com:443/workflows/854f1fc04f50415f83a359463dd60e8b /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=D7IHsTelJf8XFdhefU6mFRYjnHaa0oHkY_xWC_wW_Vs "
103
103
$LogicAppResourceId2 = " /subscriptions/1c61ccbf-70b3-45a3-a1fb-848ce46d70a6/resourceGroups/ndicola-azsposh/providers/Microsoft.Logic/workflows/Get-MDATPInvestigationPackage"
104
- $TriggerUri2 = " https://prod-16.westus .logic.azure.com:443/workflows/18c75599cf3742c998d14af0f89cf3b1 /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=rREdJWoN3PNCmhqwMz0KRy8apQDt8DQbZZuvlm1l4Oo "
104
+ $TriggerUri2 = " https://prod-11.eastus .logic.azure.com:443/workflows/9f824303d57e4f00bea47052e4318d1b /triggers/When_a_response_to_an_Azure_Sentinel_alert_is_triggered/paths/invoke?api-version=2018-07-01-preview&sp=%2Ftriggers%2FWhen_a_response_to_an_Azure_Sentinel_alert_is_triggered%2Frun&sv=1.0&sig=2cGZz7eu3Y437r3LRHpkSFUTmD0X15XXP7uiW5_aLaA "
105
105
106
106
# Create Alert Rule
107
107
$alertRule = New-AzSentinelAlertRule - ResourceGroupName (Get-TestResourceGroupName ) - WorkspaceName (Get-TestWorkspaceName ) - AlertRuleId $AlertRuleId - Scheduled - Enabled - DisplayName " PoshModuleTest" - Severity Low - Query " SecurityAlert | take 1" - QueryFrequency (New-TimeSpan - Hours 5 ) - QueryPeriod (New-TimeSpan - Hours 5 ) - TriggerThreshold 10
0 commit comments