Version 0.6.6 is available in PowerShell Gallery with bunch of bugfixes and new features.
Support for multiple rules
From this version you can manage all type of Analytics rules from one template. The import and New-AzsentinelAlertRule functions are also optimized to import new rules much faster.
The layout of JSON file is updated to add support for the following Analytics rules:
- Scheduled
- Fusion
- MLBehaviorAnalytics
- MicrosoftSecurityIncidentCreation
JSON schema:
As you can see you can define all the rule types in the same template file. For each rule type you can find the properties on the following link. Below an example of a setting file containing all types of Analytic rules
You can also use the New-AzSentinelAlertrule function to create this kind of rules. You have now the switch “-Kind” that you can use to create other type of analytic rules.The default value is Scheduled rule. Below some examples:
Add-AzSentinelIncidentComment
New function to add comment to Azure Sentinel incidnent
Get-AzSentinelAlertRuleTemplates
Thanks to ramirezversion, This function return all the the Analytics rule templates
List of other fixes:
Issue/PR ID | Fix by |
#91 Update-AzSentinelIncident deletes various incident properties #89 | https://github.com/jholtmann |
#87 Fixed an issue that caused enabled in alert groupingConfiguration to be set to true everytime due to an error in the code | https://github.com/ThijsLecomte |
#78 Handle nextLink for Playbooks | https://github.com/stehod |