DscResources/Sentinel/Sentinel.schema.psm1
|
# (2024-11-21 01:32:35) Generated using Microsoft365DSC v1.24.1120.1 Configuration 'Sentinel' { param ( [Parameter(Mandatory = $true)] [System.String] $ApplicationId, [Parameter(Mandatory = $true)] [System.String] $TenantId, [Parameter(Mandatory = $true)] [System.String] $CertificateThumbprint ) Import-DscResource -ModuleName Microsoft365DSC foreach ($AlertRule in $ConfigurationData.NonNodeData.Sentinel.AlertRules) { $resourceTitle = 'SentinelAlertRule-{0}' -f $AlertRule.DisplayName $parameters = $AlertRule $parameters.ApplicationId = $ApplicationId $parameters.TenantId = $TenantId $parameters.CertificateThumbprint = $CertificateThumbprint if ($parameters.ContainsKey('UniqueId')) { $parameters.Remove('UniqueId') } if ($parameters.ContainsKey('EventGroupingSettings')) { $parameters.EventGroupingSettings = $parameters.EventGroupingSettings | ForEach-Object { if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleEventGroupingSettings' -Properties $_ -NoInvoke).Invoke($_) } } if ($parameters.ContainsKey('CustomDetails')) { $parameters.CustomDetails = $parameters.CustomDetails | ForEach-Object { if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleCustomDetails' -Properties $_ -NoInvoke).Invoke($_) } } if ($parameters.ContainsKey('EntityMappings')) { $parameters.EntityMappings = $parameters.EntityMappings | ForEach-Object { if ($_.ContainsKey('fieldMappings')) { $_.fieldMappings = $_.fieldMappings | ForEach-Object { if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleEntityMappingFieldMapping' -Properties $_ -NoInvoke).Invoke($_) } } if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleEntityMapping' -Properties $_ -NoInvoke).Invoke($_) } } if ($parameters.ContainsKey('AlertDetailsOverride')) { $parameters.AlertDetailsOverride = $parameters.AlertDetailsOverride | ForEach-Object { if ($_.ContainsKey('alertDynamicProperties')) { $_.alertDynamicProperties = $_.alertDynamicProperties | ForEach-Object { if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleAlertDetailsOverrideAlertDynamicProperty' -Properties $_ -NoInvoke).Invoke($_) } } if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleAlertDetailsOverride' -Properties $_ -NoInvoke).Invoke($_) } } if ($parameters.ContainsKey('IncidentConfiguration')) { $parameters.IncidentConfiguration = $parameters.IncidentConfiguration | ForEach-Object { if ($_.ContainsKey('groupingConfiguration')) { $_.groupingConfiguration = $_.groupingConfiguration | ForEach-Object { if ($_.ContainsKey('groupByAlertDetails')) { $_.groupByAlertDetails = $_.groupByAlertDetails | ForEach-Object { if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleIncidentConfigurationGroupingConfigurationAlertDetail' -Properties $_ -NoInvoke).Invoke($_) } } if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleIncidentConfigurationGroupingConfiguration' -Properties $_ -NoInvoke).Invoke($_) } } if ($_.ContainsKey('UniqueId')) { $_.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'MSFT_SentinelAlertRuleIncidentConfiguration' -Properties $_ -NoInvoke).Invoke($_) } } (Get-DscSplattedResource -ResourceName 'SentinelAlertRule' -ExecutionName $resourceTitle -Properties $parameters -NoInvoke).Invoke($parameters) } foreach ($Setting in $ConfigurationData.NonNodeData.Sentinel.Settings) { $resourceTitle = 'SentinelSetting-{0}' -f $Setting.ResourceGroupName $parameters = $Setting $parameters.ApplicationId = $ApplicationId $parameters.TenantId = $TenantId $parameters.CertificateThumbprint = $CertificateThumbprint if ($parameters.ContainsKey('UniqueId')) { $parameters.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'SentinelSetting' -ExecutionName $resourceTitle -Properties $parameters -NoInvoke).Invoke($parameters) } foreach ($ThreatIntelligenceIndicator in $ConfigurationData.NonNodeData.Sentinel.ThreatIntelligenceIndicators) { $resourceTitle = 'SentinelThreatIntelligenceIndicator-{0}' -f $ThreatIntelligenceIndicator.DisplayName $parameters = $ThreatIntelligenceIndicator $parameters.ApplicationId = $ApplicationId $parameters.TenantId = $TenantId $parameters.CertificateThumbprint = $CertificateThumbprint if ($parameters.ContainsKey('UniqueId')) { $parameters.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'SentinelThreatIntelligenceIndicator' -ExecutionName $resourceTitle -Properties $parameters -NoInvoke).Invoke($parameters) } foreach ($Watchlist in $ConfigurationData.NonNodeData.Sentinel.Watchlists) { $resourceTitle = 'SentinelWatchlist-{0}' -f $Watchlist.Name $parameters = $Watchlist $parameters.ApplicationId = $ApplicationId $parameters.TenantId = $TenantId $parameters.CertificateThumbprint = $CertificateThumbprint if ($parameters.ContainsKey('UniqueId')) { $parameters.Remove('UniqueId') } (Get-DscSplattedResource -ResourceName 'SentinelWatchlist' -ExecutionName $resourceTitle -Properties $parameters -NoInvoke).Invoke($parameters) } } |