Hi team:
Is it possible to administrate Azure Sentinel Watchlists through Powershell, like Rules with Az.SecurityInsights?
Aim is to keep Watchlist references in outer VCS for simpler manipulation, and sync it with Powershell to remote.
Thanks,
Hi team:
Is it possible to administrate Azure Sentinel Watchlists through Powershell, like Rules with Az.SecurityInsights?
Aim is to keep Watchlist references in outer VCS for simpler manipulation, and sync it with Powershell to remote.
Thanks,
Hi,
I've posted a PowerShell script yesterday that will be part of the new Microsoft Sentinel PowerShell module that I am currently developing.
Please let me know if you run into any issues.
You can use this script in an automation job to update the watchlist content based on a CSV file
@GeoffreyMontel-3143
Thank you for your post!
As of right now, using the Log Analytics’ REST API to manage watchlists, you can only create, modify, and delete watchlists and their items using the REST API - Manage watchlists in Azure Sentinel using REST API. If you'd like the ability to administer Azure Sentinel Watchlists using REST APIs, I'd recommend leveraging the Azure Sentinel GitHub repo to create a feature request for our engineering team.
Additional Links:
Azure Sentinel REST APIs
Azure Sentinel Tech Community
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Hi @JamesTran-MSFT
Thanks for reply.
In a nutshell, I understand it's not implemented yet. Only API endpoint.
It would be a waste of time if I coded the REST Powershell wrapper in parallel, assuming that target code for this would be Az.SecurityInsights.
I filed an feature request for this : https://github.com/Azure/azure-powershell/issues/15718 .
Thanks;
@GeoffreyMontel-3143
Thank you for the quick follow up on this and it looks like our PG team responded to your feature request, I'll post the response below.
PG Update:
This will be coming. But currently there is an issue in the various specs when using autorest due to some overlapping definitions. Once that is resolved I will add this set of cmdlets and a few others for new APIs!! Please hang tight as we work to resolve the rest api specs issue.
Source - https://github.com/Azure/azure-powershell/issues/15718#issuecomment-902739014
Thank you again for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
14 people are following this question.
Microsoft.ActiveDirectory.Management.ADPropertyValueCollection
Determining retention policies for all users in O365
Installing Hybrid worker on On-Premises Server running Exchange/Skype for business
SharePoint Hybrid Search - Onboarding PowerShell Script
Can't install Azure AD Connect Cloud Sync silently without user interaction