New-AzSentinelDataConnector
Creates or updates the data connector.
Syntax
New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Alerts <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-AWSRoleArn <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Log <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-AWSRoleArn <String>
-DetinationTable <String>
-Kind <DataConnectorKind>
-Log <String>
-SQSURL <String[]>
[-Id <String>]
[-SubscriptionId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-ASCSubscriptionId <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Alerts <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-CommonDataServiceActivity <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-AvailabilityIsPreview <Boolean>
-Kind <DataConnectorKind>
-UiConfigConnectivityCriterion <ConnectivityCriteria[]>
-UiConfigDataType <LastDataReceivedDataType[]>
-UiConfigDescriptionMarkdown <String>
-UiConfigGraphQueriesTableName <String>
-UiConfigGraphQuery <GraphQueries[]>
-UiConfigInstructionStep <InstructionSteps[]>
-UiConfigPublisher <String>
-UiConfigSampleQuery <SampleQueries[]>
-UiConfigTitle <String>
[-Id <String>]
[-SubscriptionId <String>]
[-AvailabilityStatus <Int32>]
[-PermissionCustom <PermissionsCustomsItem[]>]
[-PermissionResourceProvider <PermissionsResourceProviderItem[]>]
[-UiConfigCustomImage <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Alerts <String>]
[-DiscoveryLog <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Alerts <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-BingSafetyPhishingURL <String>]
[-BingSafetyPhishingUrlLookbackPeriod <String>]
[-MicrosoftEmergingThreatFeed <String>]
[-MicrosoftEmergingThreatFeedLookbackPeriod <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Incident <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Exchange <String>]
[-SharePoint <String>]
[-Teams <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Alerts <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Alerts <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-Kind <DataConnectorKind>
[-Id <String>]
[-SubscriptionId <String>]
[-Indicator <String>]
[-TenantId <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelDataConnector
-ResourceGroupName <String>
-WorkspaceName <String>
-APIRootURL <String>
-CollectionId <String>
-FriendlyName <String>
-Kind <DataConnectorKind>
-PollingFrequency <PollingFrequency>
-WorkspaceId <String>
[-Id <String>]
[-SubscriptionId <String>]
[-Password <String>]
[-TaxiiLookbackPeriod <String>]
[-TenantId <String>]
[-UserName <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-Confirm]
[-WhatIf]
[<CommonParameters>] Description
Creates or updates the data connector.
Examples
Example 1: Enable a data connector.
New-AzSentinelDataConnector -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind 'MicrosoftThreatIntelligence' -BingSafetyPhishingURL Enabled -BingSafetyPhishingUrlLookbackPeriod All -MicrosoftEmergingThreatFeed Enabled -MicrosoftEmergingThreatFeedLookbackPeriod AllThis command enables the Threat Intelligence data connector
Parameters
-Alerts
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-APIRootURL
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-ASCSubscriptionId
ASC Subscription Id.
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-AsJob
Run the command as a job
Type: SwitchParameter Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-AvailabilityIsPreview
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: Boolean Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-AvailabilityStatus
[Parameter(ParameterSetName = 'APIPolling')]
Type: Int32 Position: Named Default value: 1 Required: False Accept pipeline input: False Accept wildcard characters: False
-AWSRoleArn
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-BingSafetyPhishingURL
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-BingSafetyPhishingUrlLookbackPeriod
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-CollectionId
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-CommonDataServiceActivity
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter Aliases: cf Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: PSObject Aliases: AzureRMContext, AzureCredential Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-DetinationTable
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-DiscoveryLog
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-Exchange
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-FriendlyName
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-Id
The Id of the Data Connector.
Type: String Position: Named Default value: (New-Guid).Guid Required: False Accept pipeline input: False Accept wildcard characters: False
-Incident
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-Indicator
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-Kind
Kind of the the data connection
Type: DataConnectorKind Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-Log
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-MicrosoftEmergingThreatFeed
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-MicrosoftEmergingThreatFeedLookbackPeriod
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-NoWait
Run the command asynchronously
Type: SwitchParameter Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-Password
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-PermissionCustom
[Parameter(ParameterSetName = 'APIPolling')]
To construct, see NOTES section for PERMISSIONCUSTOM properties and create a hash table.
Type: PermissionsCustomsItem [ ] Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-PermissionResourceProvider
[Parameter(ParameterSetName = 'APIPolling')]
To construct, see NOTES section for PERMISSIONRESOURCEPROVIDER properties and create a hash table.
-PollingFrequency
Type: PollingFrequency Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-ResourceGroupName
The Resource Group Name.
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-SharePoint
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-SQSURL
Type: String [ ] Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-SubscriptionId
Gets subscription credentials which uniquely identify Microsoft Azure subscription.
The subscription ID forms part of the URI for every service call.
Type: String Position: Named Default value: (Get-AzContext).Subscription.Id Required: False Accept pipeline input: False Accept wildcard characters: False
-TaxiiLookbackPeriod
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-Teams
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-TenantId
The TenantId.
Type: String Position: Named Default value: (Get-AzContext).Tenant.Id Required: False Accept pipeline input: False Accept wildcard characters: False
-UiConfigConnectivityCriterion
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGCONNECTIVITYCRITERION properties and create a hash table.
Type: ConnectivityCriteria [ ] Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UiConfigCustomImage
[Parameter(ParameterSetName = 'APIPolling')]
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-UiConfigDataType
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGDATATYPE properties and create a hash table.
Type: LastDataReceivedDataType [ ] Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UiConfigDescriptionMarkdown
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UiConfigGraphQueriesTableName
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UiConfigGraphQuery
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGGRAPHQUERY properties and create a hash table.
Type: GraphQueries [ ] Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UiConfigInstructionStep
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGINSTRUCTIONSTEP properties and create a hash table.
Type: InstructionSteps [ ] Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UiConfigPublisher
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UiConfigSampleQuery
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
To construct, see NOTES section for UICONFIGSAMPLEQUERY properties and create a hash table.
Type: SampleQueries [ ] Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UiConfigTitle
[Parameter(ParameterSetName = 'APIPolling', Mandatory)]
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-UserName
Type: String Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Type: SwitchParameter Aliases: wi Position: Named Default value: None Required: False Accept pipeline input: False Accept wildcard characters: False
-WorkspaceId
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
-WorkspaceName
The name of the workspace.
Type: String Position: Named Default value: None Required: True Accept pipeline input: False Accept wildcard characters: False
Outputs
DataConnector
Notes
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
PERMISSIONCUSTOM <PermissionsCustomsItem[]>: [Parameter(ParameterSetName = 'APIPolling')]
[Description <String>]: Customs permissions description[Name <String>]: Customs permissions name
PERMISSIONRESOURCEPROVIDER <PermissionsResourceProviderItem[]>: [Parameter(ParameterSetName = 'APIPolling')]
[PermissionsDisplayText <String>]: Permission description text[Provider <ProviderName?>]: Provider name[ProviderDisplayName <String>]: Permission provider display name[RequiredPermissionAction <Boolean?>]: action permission[RequiredPermissionDelete <Boolean?>]: delete permission[RequiredPermissionRead <Boolean?>]: read permission[RequiredPermissionWrite <Boolean?>]: write permission[Scope <PermissionProviderScope?>]: Permission provider scope
UICONFIGCONNECTIVITYCRITERION <ConnectivityCriteria[]>: [Parameter(ParameterSetName = 'APIPolling', Mandatory)]
[Type <ConnectivityType?>]: type of connectivity[Value <String[]>]: Queries for checking connectivity
UICONFIGDATATYPE <LastDataReceivedDataType[]>: [Parameter(ParameterSetName = 'APIPolling', Mandatory)]
[LastDataReceivedQuery <String>]: Query for indicate last data received[Name <String>]: Name of the data type to show in the graph. can be use with {{graphQueriesTableName}} placeholder
UICONFIGGRAPHQUERY <GraphQueries[]>: [Parameter(ParameterSetName = 'APIPolling', Mandatory)]
[BaseQuery <String>]: The base query for the graph[Legend <String>]: The legend for the graph[MetricName <String>]: the metric that the query is checking
UICONFIGINSTRUCTIONSTEP <InstructionSteps[]>: [Parameter(ParameterSetName = 'APIPolling', Mandatory)]
[Description <String>]: Instruction step description[Instruction <IConnectorInstructionModelBase[]>]: Instruction step details
Type <SettingType>: The kind of the setting[Parameter <IAny>]: The parameters for the setting
[Title <String>]: Instruction step title
UICONFIGSAMPLEQUERY <SampleQueries[]>: [Parameter(ParameterSetName = 'APIPolling', Mandatory)]
[Description <String>]: The sample query description[Query <String>]: the sample query
