New-AzSentinelDataConnector
Creates or updates the data connector.
Syntax
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-Alerts <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-CommonDataServiceActivity <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-Alerts <String>]
[-DiscoveryLog <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-Alerts <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-BingSafetyPhishingURL <String>]
[-BingSafetyPhishingUrlLookbackPeriod <String>]
[-MicrosoftEmergingThreatFeed <String>]
[-MicrosoftEmergingThreatFeedLookbackPeriod <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-Incident <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-Exchange <String>]
[-SharePoint <String>]
[-Teams <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-Alerts <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-Alerts <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
[-Indicator <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-TenantId <String>]
-WorkspaceId <String>
-FriendlyName <String>
-APIRootURL <String>
-CollectionId <String>
-PollingFrequency <PollingFrequency>
[-UserName <String>]
[-Password <String>]
[-TaxiiLookbackPeriod <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
[-Alerts <String>]
-ASCSubscriptionId <String>
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
-AWSRoleArn <String>
[-Log <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
-AWSRoleArn <String>
-Log <String>
-SQSURL <String[]>
-DetinationTable <String>
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String>]
-Kind <DataConnectorKind>
-UiConfigTitle <String>
-UiConfigPublisher <String>
-UiConfigDescriptionMarkdown <String>
-UiConfigGraphQueriesTableName <String>
-UiConfigGraphQuery <GraphQueries[]>
-UiConfigSampleQuery <SampleQueries[]>
-UiConfigDataType <LastDataReceivedDataType[]>
-UiConfigConnectivityCriterion <ConnectivityCriteria[]>
-AvailabilityIsPreview <Boolean>
-UiConfigInstructionStep <InstructionSteps[]>
[-UiConfigCustomImage <String>]
[-AvailabilityStatus <Int32>]
[-PermissionResourceProvider <PermissionsResourceProviderItem[]>]
[-PermissionCustom <PermissionsCustomsItem[]>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Creates or updates the data connector.
Examples
Example 1: Enable a data connector.
New-AzSentinelDataConnector -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind 'MicrosoftThreatIntelligence' -BingSafetyPhishingURL Enabled -BingSafetyPhishingUrlLookbackPeriod All -MicrosoftEmergingThreatFeed Enabled -MicrosoftEmergingThreatFeedLookbackPeriod All
This command enables the Threat Intelligence data connector
Parameters
-Alerts
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-APIRootURL
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-ASCSubscriptionId
ASC Subscription Id.
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-AsJob
Run the command as a job
Type: SwitchParameter
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-AvailabilityIsPreview
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: Boolean
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-AvailabilityStatus
[Parameter(ParameterSetName = 'APIPolling')]
Type: Int32
Position: Named
Default value: 1
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-AWSRoleArn
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-BingSafetyPhishingURL
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-BingSafetyPhishingUrlLookbackPeriod
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-CollectionId
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-CommonDataServiceActivity
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Aliases: cf
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: PSObject
Aliases: AzureRMContext, AzureCredential
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-DetinationTable
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-DiscoveryLog
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-Exchange
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-FriendlyName
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-Id
The Id of the Data Connector.
Type: String
Position: Named
Default value: (New-Guid).Guid
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-Incident
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-Indicator
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-Kind
Kind of the the data connection
Type: DataConnectorKind
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-Log
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-MicrosoftEmergingThreatFeed
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-MicrosoftEmergingThreatFeedLookbackPeriod
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-NoWait
Run the command asynchronously
Type: SwitchParameter
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-Password
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-PermissionCustom
[Parameter(ParameterSetName = 'APIPolling')]
To construct, see NOTES section for PERMISSIONCUSTOM properties and create a hash table.
Type: PermissionsCustomsItem [ ]
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-PermissionResourceProvider
[Parameter(ParameterSetName = 'APIPolling')]
To construct, see NOTES section for PERMISSIONRESOURCEPROVIDER properties and create a hash table.
-PollingFrequency
Type: PollingFrequency
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-ResourceGroupName
The Resource Group Name.
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-SharePoint
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-SQSURL
Type: String [ ]
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-SubscriptionId
Gets subscription credentials which uniquely identify Microsoft Azure subscription.
The subscription ID forms part of the URI for every service call.
Type: String
Position: Named
Default value: (Get-AzContext).Subscription.Id
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-TaxiiLookbackPeriod
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-Teams
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-TenantId
The TenantId.
Type: String
Position: Named
Default value: (Get-AzContext).Tenant.Id
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigConnectivityCriterion
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGCONNECTIVITYCRITERION properties and create a hash table.
Type: ConnectivityCriteria [ ]
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigCustomImage
[Parameter(ParameterSetName = 'APIPolling')]
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigDataType
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGDATATYPE properties and create a hash table.
Type: LastDataReceivedDataType [ ]
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigDescriptionMarkdown
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigGraphQueriesTableName
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigGraphQuery
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGGRAPHQUERY properties and create a hash table.
Type: GraphQueries [ ]
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigInstructionStep
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGINSTRUCTIONSTEP properties and create a hash table.
Type: InstructionSteps [ ]
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigPublisher
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigSampleQuery
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGSAMPLEQUERY properties and create a hash table.
Type: SampleQueries [ ]
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UiConfigTitle
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-UserName
Type: String
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Type: SwitchParameter
Aliases: wi
Position: Named
Default value: None
Required: False
Accept pipeline input: False
Accept wildcard characters: False
-WorkspaceId
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
-WorkspaceName
The name of the workspace.
Type: String
Position: Named
Default value: None
Required: True
Accept pipeline input: False
Accept wildcard characters: False
Outputs
DataConnector