Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release #189

Draft
wants to merge 74 commits into
base: master
Choose a base branch
from
Draft
Changes from 1 commit
Commits
Show all changes
74 commits
Select commit Hold shift + click to select a range
6ccb3ef
Release '0.6.2' (#31)
pkhabazi Jan 29, 2020
6f80f4d
Release Update Incident function (#37)
pkhabazi Feb 20, 2020
acc8b21
Release Feature playbook configuration (#33)
pkhabazi Feb 22, 2020
a9e559b
Fix/smallconflicts (#40)
pkhabazi Feb 24, 2020
2c138a5
fixing Subscribtion parameter for playbook (#43)
pkhabazi Feb 26, 2020
973b4c2
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Feb 26, 2020
bf07860
fixing Subscribtion parameter for playbook (#45)
pkhabazi Feb 26, 2020
19395a7
Fix- get-Azsentinalhuntingrule - Cannot validate argument on paramete…
pkhabazi Mar 15, 2020
6406bde
Fix - new-azsentinelalertrule playbook property (#49)
pkhabazi Mar 15, 2020
9007362
Feature - get all incidents (#51)
pkhabazi Mar 26, 2020
4d423a1
fixing logicapp sas token (#52)
pkhabazi Mar 26, 2020
8b1e50d
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Mar 27, 2020
10331af
Add support for day time periods (#61)
pemontto Apr 16, 2020
969cf29
Add missing dot to yml file extension (#59)
NVolcz Apr 16, 2020
4ecb7ea
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Apr 20, 2020
d79f8d5
adding support for resource provider in set-azsentinel (#69)
pkhabazi May 7, 2020
1f38c8c
New function for enabling and disabling Alert rules (#71)
pkhabazi May 7, 2020
19a63bd
New feature change the displayName of an alert (#68)
pkhabazi Jun 10, 2020
472e064
Handle nextLink for Playbooks (#78)
stehod Jun 26, 2020
3272c3c
adding support for alert aggregation (#65)
pkhabazi Jun 26, 2020
c4b3a00
Merge branch 'master' into development
pkhabazi Jun 26, 2020
2bd5ff5
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Jun 29, 2020
eb36838
Update groupingConfiguration.ps1 (#87)
ThijsLecomte Aug 27, 2020
4d9376a
Fix bug that causes loss of certain incident properties, add option t…
jholtmann Sep 7, 2020
f86f8d3
Feature - Adding support for all alert rule types (#90)
pkhabazi Sep 15, 2020
88b234b
New Functionality to get alert rule templates provided by Microsoft (…
ramirezversion Sep 16, 2020
ddc9c0a
Update/get az sentinel alert rule templates (#95)
pkhabazi Sep 18, 2020
ec36613
Feature/add az sentinel incident comment (#96)
pkhabazi Sep 18, 2020
d869e7f
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Sep 21, 2020
e69f329
fixing class error (#99)
pkhabazi Sep 22, 2020
dbc5514
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Sep 22, 2020
1fdb1ff
updating example files, ncluding multi rule yaml file (#104)
pkhabazi Sep 24, 2020
e4c37e8
Fix - Get-AzSentinelAlertRuleAction doesn't return playbookName (#102)
pkhabazi Sep 24, 2020
c3cfca2
init release Get-AzSentinelDataConnector function (#103)
pkhabazi Sep 24, 2020
91ea0e3
Fix - get-azsentinelhuntingrule updated get and remove function (#106)
pkhabazi Sep 24, 2020
2a19b51
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Sep 29, 2020
c1a5db0
Add filtering by lastModified (#107)
pemontto Sep 30, 2020
6be4a6e
updating AggregationKind class and enum (#111)
pkhabazi Oct 5, 2020
b7816d4
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Oct 5, 2020
83c4013
Release of Import-AzSentinelDataConnector function (#116)
pkhabazi Oct 8, 2020
417b86c
extra check for Import-AzSentinelDataConnector
pkhabazi Oct 8, 2020
c8e1f51
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Oct 8, 2020
46a8417
fixing class issue (#118)
pkhabazi Oct 16, 2020
94af32c
New function: Export-AzSentinel (#121)
pkhabazi Oct 20, 2020
7c6a0fe
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Oct 20, 2020
a4cd0be
fixing SeveritiesFilter issue for MicrosoftSecurityIncidentCreation (…
pkhabazi Oct 21, 2020
82062b4
updating Get-AzSentinelAlertRule function and docs (#125)
pkhabazi Oct 21, 2020
f467cd7
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Oct 22, 2020
c804870
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Nov 10, 2020
1bc9c89
modified token expiration logic (#135)
john-crouch Nov 10, 2020
8fa4c6a
fixing small issues (#136)
pkhabazi Nov 10, 2020
b321bfe
Fixing issue when switching from subscription (#140)
pkhabazi Nov 17, 2020
f8a4cbe
Fixing issue with Fusion rules (#143)
pkhabazi Nov 18, 2020
ee34dcf
MSSP Playbook (#142)
pkhabazi Nov 19, 2020
6328aca
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Nov 19, 2020
418581a
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Nov 19, 2020
19844eb
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Dec 3, 2020
7a1bf34
Prevent null reference of non-required argument; fixes #148 (#149)
lukiffer Dec 3, 2020
6e9c232
Add support for FileHash entity (#147)
pemontto Dec 3, 2020
b42e8a6
update enums folder name (#156)
pkhabazi Dec 9, 2020
acb3126
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Dec 9, 2020
f21cc7d
Updating alertrule output format (#157)
pkhabazi Dec 14, 2020
8e3fe1b
adding support for AlertRuleTemplate property (#160)
pkhabazi Dec 14, 2020
389ca1b
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Dec 16, 2020
d370c18
Follow official api schema (#162)
wadstromtech Dec 22, 2020
9b38eb6
fixing playbook reference (#163)
pkhabazi Dec 22, 2020
b714ad7
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Dec 30, 2020
789d44d
Add Office 365 Data Connector (#154)
wez3 Dec 30, 2020
9f6143b
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Jan 23, 2021
ce51766
Typo xported -> exported (#169)
nodauf Feb 2, 2021
8058e5a
Hunting rules function updated (#170)
pkhabazi Feb 2, 2021
8b2903e
Merge branch 'master' of github.com:wortell/AZSentinel into development
pkhabazi Feb 18, 2021
17e0704
updating the group entity properties (#188)
pkhabazi Aug 2, 2021
da54820
Error when multiple rules with the same name is found (#178)
pkhabazi Aug 2, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Release '0.6.2' (#31)
* updating get alert and hunting rule function

* updated error handling

* Create Get-PlayBook.ps1

* cleaning up
pkhabazi authored Jan 29, 2020

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 6ccb3ef684c9d5d3e47c076df68737c1bac4a0bc
2 changes: 1 addition & 1 deletion AzSentinel/AzSentinel.psd1
Original file line number Diff line number Diff line change
@@ -12,7 +12,7 @@
RootModule = 'AzSentinel.psm1'

# Version number of this module.
ModuleVersion = '0.6.1'
ModuleVersion = '0.6.2'

# Supported PSEditions
CompatiblePSEditions = 'Core', 'Desktop'
50 changes: 16 additions & 34 deletions AzSentinel/Classes/AlertRule.ps1
Original file line number Diff line number Diff line change
@@ -1,84 +1,66 @@
class AlertProp {

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[guid] $Name

[Parameter(Mandatory)]
[string] $DisplayName

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $Description

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[Severity] $Severity

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[bool] $Enabled

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $Query

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[string] $QueryFrequency

[ValidateNotNullOrEmpty()]
[string] $QueryPeriod

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[TriggerOperator] $TriggerOperator
[TriggerOperator]$TriggerOperator

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[Int] $TriggerThreshold

[Parameter(Mandatory)]
[AllowEmptyString()]
[string] $SuppressionDuration

[Parameter(Mandatory)]
[bool] $SuppressionEnabled

[Parameter(Mandatory)]
[AllowEmptyCollection()]
[Tactics[]] $Tactics

static [string] TriggerOperatorSwitch([string]$value) {
switch ($value) {
"gt" { $value = "GreaterThan" }
"lt" { $value = "LessThan" }
"eq" { $value = "Equal" }
"ne" { $value = "NotEqual" }
default { $value }
}
return $value
}

AlertProp ($Name, $DisplayName, $Description, $Severity, $Enabled, $Query, $QueryFrequency, $QueryPeriod, $TriggerOperator, $TriggerThreshold, $suppressionDuration, $suppressionEnabled, $Tactics) {
$this.name = $Name
$this.DisplayName = $DisplayName
$this.Description = $Description
$this.Severity = $Severity
$this.Enabled = $Enabled
$this.Query = $Query
$this.QueryFrequency = ("PT" + $QueryFrequency).ToUpper()
$this.QueryPeriod = ("PT" + $QueryPeriod).ToUpper()
$this.TriggerOperator = $TriggerOperator
$this.QueryFrequency = if ($QueryFrequency -like "PT*") { $QueryFrequency.ToUpper() } else { ("PT" + $QueryFrequency).ToUpper() }
$this.QueryPeriod = if ($QueryPeriod -like "PT*") { $QueryPeriod.ToUpper() } else { ("PT" + $QueryPeriod).ToUpper() }
$this.TriggerOperator = [AlertProp]::TriggerOperatorSwitch($TriggerOperator)
$this.TriggerThreshold = $TriggerThreshold
$this.SuppressionDuration = if (! ($null -eq $suppressionDuration) -or ! ($null -eq $suppressionEnabled)) { ("PT" + $suppressionDuration).ToUpper() } else { "PT1H" }
$this.SuppressionDuration = if ((! $null -eq $suppressionDuration) -or ( $false -eq $suppressionEnabled)) { if ($suppressionDuration -like "PT*") { $suppressionDuration.ToUpper() } else { ("PT" + $suppressionDuration).ToUpper() } } else { "PT1H" }
$this.SuppressionEnabled = if ($suppressionEnabled) { $suppressionEnabled } else { $false }
$this.Tactics = $Tactics
}
}

class AlertRule {
[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[guid] $Name

[Parameter(Mandatory)]
[string] $Etag

[Parameter(Mandatory = $false)]
[string]$type

[Parameter(Mandatory)]
[ValidateNotNullOrEmpty()]
[AlertProp]$Properties

[Parameter(Mandatory)]
19 changes: 14 additions & 5 deletions AzSentinel/Public/Get-AzSentinelAlertRule.ps1
Original file line number Diff line number Diff line change
@@ -57,14 +57,23 @@ function Get-AzSentinelAlertRule {

$uri = "$script:baseUri/providers/Microsoft.SecurityInsights/alertRules?api-version=2019-01-01-preview"
Write-Verbose -Message "Using URI: $($uri)"
$alertRules = Invoke-webrequest -Uri $uri -Method get -Headers $script:authHeader
Write-Verbose "Found $((($alertRules.Content | ConvertFrom-Json).value).count) Alert rules"

try {
$alertRules = Invoke-RestMethod -Uri $uri -Method Get -Headers $script:authHeader
}
catch {
Write-Verbose $_
Write-Error "Unable to get alert rules with error code: $($_.Exception.Message)" -ErrorAction Stop
}

$return = @()

if ($alertRules) {
if ($alertRules.value) {
Write-Verbose "Found $($alertRules.value.count) Alert rules"

if ($RuleName.Count -ge 1) {
foreach ($rule in $RuleName) {
[PSCustomObject]$temp = ($alertRules.Content | ConvertFrom-Json).value | Where-Object { $_.properties.displayName -eq $rule }
[PSCustomObject]$temp = $alertRules.value | Where-Object { $_.properties.displayName -eq $rule }
if ($null -ne $temp) {
$temp.properties | Add-Member -NotePropertyName name -NotePropertyValue $temp.name -Force
$temp.properties | Add-Member -NotePropertyName etag -NotePropertyValue $temp.etag -Force
@@ -79,7 +88,7 @@ function Get-AzSentinelAlertRule {
return $return
}
else {
($alertRules.Content | ConvertFrom-Json).value | ForEach-Object {
$alertRules.value | ForEach-Object {
$_.properties | Add-Member -NotePropertyName name -NotePropertyValue $_.name -Force
return $_.properties
}
23 changes: 15 additions & 8 deletions AzSentinel/Public/Get-AzSentinelHuntingRule.ps1
Original file line number Diff line number Diff line change
@@ -38,7 +38,7 @@ function Get-AzSentinelHuntingRule {
[string[]]$RuleName,

[Parameter(Mandatory = $false)]
[validateset("HuntingQueries", "GeneralExploration", "LogManagement")]
[validateset("Hunting Queries", "GeneralExploration", "LogManagement")]
[string]$Filter
)

@@ -65,14 +65,21 @@ function Get-AzSentinelHuntingRule {
$uri = "$script:baseUri/savedSearches?api-version=2017-04-26-preview"

Write-Verbose -Message "Using URI: $($uri)"
$alertRules = Invoke-webrequest -Uri $uri -Method get -Headers $script:authHeader
Write-Verbose "Found $((($alertRules.Content | ConvertFrom-Json).value).count) Alert rules"
try {
$huntingRules = (Invoke-RestMethod -Uri $uri -Method Get -Headers $script:authHeader | Where-Object $_.Category -eq $Filter)
}
catch {
Write-Verbose $_
Write-Error "Unable to get hunting rules with error code: $($_.Exception.Message)" -ErrorAction Stop
}

$return = @()

if ($alertRules) {
if ($huntingRules.value) {
Write-Verbose "Found $($huntingRules.value.count) hunting rules"
if ($RuleName.Count -ge 1) {
foreach ($rule in $RuleName) {
[PSCustomObject]$temp = ($alertRules.Content | ConvertFrom-Json).value | Where-Object {$_.properties.displayName -eq $rule}
[PSCustomObject]$temp = $huntingRules.value | Where-Object { $_.properties.displayName -eq $rule }
if ($null -ne $temp) {
$temp.properties | Add-Member -NotePropertyName name -NotePropertyValue $temp.name -Force
$temp.properties | Add-Member -NotePropertyName id -NotePropertyValue $temp.id -Force
@@ -81,13 +88,13 @@ function Get-AzSentinelHuntingRule {
$return += $temp.Properties
}
else {
Write-Warning "Unable to find Rule: $rule"
Write-Warning "Unable to find hunting rule: $rule"
}
}
return $return
}
else {
($alertRules.Content | ConvertFrom-Json).value | ForEach-Object {
$huntingRules.value | ForEach-Object {
$_.properties | Add-Member -NotePropertyName name -NotePropertyValue $_.name -Force
$_.properties | Add-Member -NotePropertyName id -NotePropertyValue $_.id -Force
$_.properties | Add-Member -NotePropertyName etag -NotePropertyValue $_.etag -Force
@@ -96,7 +103,7 @@ function Get-AzSentinelHuntingRule {
}
}
else {
Write-Warning "No rules found on $($WorkspaceName)"
Write-Warning "No hunting rules found on $($WorkspaceName)"
}
}
}
16 changes: 12 additions & 4 deletions AzSentinel/Public/Get-AzSentinelIncident.ps1
Original file line number Diff line number Diff line change
@@ -71,14 +71,22 @@ function Get-AzSentinelIncident {

$uri = "$script:baseUri/providers/Microsoft.SecurityInsights/Cases?api-version=2019-01-01-preview"
Write-Verbose -Message "Using URI: $($uri)"
$incident = Invoke-webrequest -Uri $uri -Method get -Headers $script:authHeader
Write-Verbose "Found $((($incident.Content | ConvertFrom-Json).value).count) incidents"

try {
$incident = Invoke-RestMethod -Uri $uri -Method Get -Headers $script:authHeader
}
catch {
Write-Verbose $_
Write-Error "Unable to get incidents with error code: $($_.Exception.Message)" -ErrorAction Stop
}

$return = @()

if ($incident) {
Write-Verbose "Found $($incident.value.count) incidents"
if ($IncidentName.Count -ge 1) {
foreach ($rule in $IncidentName) {
[PSCustomObject]$temp = ($incident.Content | ConvertFrom-Json).value | Where-Object { $_.properties.title -eq $rule }
[PSCustomObject]$temp = $incident.value | Where-Object { $_.properties.title -eq $rule }
if ($null -ne $temp) {
$return += $temp.properties
}
@@ -90,7 +98,7 @@ function Get-AzSentinelIncident {
}
elseif ($CaseNumber.Count -ge 1) {
foreach ($rule in $CaseNumber) {
[PSCustomObject]$temp = ($incident.Content | ConvertFrom-Json).value | Where-Object { $_.properties.caseNumber -eq $rule }
[PSCustomObject]$temp = $incident.value | Where-Object { $_.properties.caseNumber -eq $rule }
if ($null -ne $temp) {
$return += $temp.properties
}
33 changes: 13 additions & 20 deletions AzSentinel/Public/Import-AzSentinelAlertRule.ps1
Original file line number Diff line number Diff line change
@@ -62,7 +62,6 @@ function Import-AzSentinelAlertRule {
}
Get-LogAnalyticWorkspace @arguments

$errorResult = ''

if ($SettingsFile.Extension -eq '.json') {
try {
@@ -96,7 +95,7 @@ function Import-AzSentinelAlertRule {
$content = Get-AzSentinelAlertRule @arguments -RuleName $($item.displayName) -ErrorAction SilentlyContinue

if ($content) {
Write-Verbose -Message "Rule $($item.displayName) exists in Azure Sentinel"
Write-Host -Message "Rule $($item.displayName) exists in Azure Sentinel"

$item | Add-Member -NotePropertyName name -NotePropertyValue $content.name -Force
$item | Add-Member -NotePropertyName etag -NotePropertyValue $content.etag -Force
@@ -114,10 +113,8 @@ function Import-AzSentinelAlertRule {
}
}
catch {
$errorReturn = $_
$errorResult = ($errorReturn | ConvertFrom-Json ).error
Write-Verbose $_
Write-Error "Unable to connect to APi to get Analytic rules with message: $($errorResult.message)" -ErrorAction Stop
Write-Error "Unable to connect to APi to get Analytic rules with message: $($_.Exception.Message)" -ErrorAction Stop
}

try {
@@ -145,44 +142,40 @@ function Import-AzSentinelAlertRule {
if ($content) {
$compareResult = Compare-Policy -ReferenceTemplate ($content | Select-Object * -ExcludeProperty lastModifiedUtc, alertRuleTemplateName, name, etag, id) -DifferenceTemplate ($body.Properties | Select-Object * -ExcludeProperty name)
if ($compareResult) {
Write-Output "Found Differences for rule: $($item.displayName)"
Write-Output ($compareResult | Format-Table | Out-String)
Write-Host "Found Differences for rule: $($item.displayName)" -ForegroundColor Yellow
Write-Host ($compareResult | Format-Table | Out-String)

if ($PSCmdlet.ShouldProcess("Do you want to update profile: $($body.Properties.DisplayName)")) {
try {
$result = Invoke-webrequest -Uri $uri -Method Put -Headers $script:authHeader -Body ($body | ConvertTo-Json -EnumsAsStrings)
Write-Output "Successfully updated rule: $($item.displayName) with status: $($result.StatusDescription)"
Write-Host "Successfully updated rule: $($item.displayName) with status: $($result.StatusDescription)" -ForegroundColor Green
Write-Output ($body.Properties | Format-List | Format-Table | Out-String)
}
catch {
$errorReturn = $_
$errorResult = ($errorReturn | ConvertFrom-Json ).error
Write-Verbose $_.Exception.Message
Write-Error "Unable to invoke webrequest with error message: $($errorResult.message)" -ErrorAction Continue
Write-Verbose $_
Write-Error "Unable to invoke webrequest with error message: $($_.Exception.Message)" -ErrorAction Continue
}
}
else {
Write-Output "No change have been made for rule $($item.displayName), deployment aborted"
Write-Host "No change have been made for rule $($item.displayName), deployment aborted"
}
}
else {
Write-Output "Rule $($item.displayName) is compliance, nothing to do"
Write-Output ($body.Properties | Format-List | Format-Table | Out-String)
Write-Host "Rule $($item.displayName) is compliance, nothing to do"
Write-Host ($body.Properties | Format-List | Format-Table | Out-String)
}
}
else {
Write-Verbose "Creating new rule: $($item.displayName)"

try {
$result = Invoke-webrequest -Uri $uri -Method Put -Headers $script:authHeader -Body ($body | ConvertTo-Json -EnumsAsStrings)
Write-Output "Successfully created rule: $($item.displayName) with status: $($result.StatusDescription)"
Write-Host "Successfully created rule: $($item.displayName) with status: $($result.StatusDescription)" -ForegroundColor Green
Write-Output ($body.Properties | Format-List | Format-Table | Out-String)
}
catch {
$errorReturn = $_
$errorResult = ($errorReturn | ConvertFrom-Json ).error
Write-Verbose $_.Exception.Message
Write-Error "Unable to invoke webrequest with error message: $($errorResult.message)" -ErrorAction Continue
Write-Verbose $_
Write-Error "Unable to invoke webrequest with error message: $($_.Exception.Message)" -ErrorAction Continue
}
}
}
19 changes: 6 additions & 13 deletions AzSentinel/Public/Import-AzSentinelHuntingRule.ps1
Original file line number Diff line number Diff line change
@@ -62,7 +62,6 @@ function Import-AzSentinelHuntingRule {
}
Get-LogAnalyticWorkspace @arguments

$errorResult = ''
$item = @{ }

if ($SettingsFile.Extension -eq '.json') {
@@ -88,7 +87,7 @@ function Import-AzSentinelHuntingRule {
}

foreach ($item in $analytics) {
Write-Verbose -Message "Started with Hunting rule: $($item.displayName)"
Write-Host -Message "Started with Hunting rule: $($item.displayName)"

try {
Write-Verbose -Message "Get rule $($item.description)"
@@ -116,10 +115,8 @@ function Import-AzSentinelHuntingRule {
}
}
catch {
$errorReturn = $_
$errorResult = ($errorReturn | ConvertFrom-Json ).error
Write-Verbose $_
Write-Error "Unable to connect to APi to get Analytic rules with message: $($errorResult.message)" -ErrorAction Stop
Write-Error "Unable to connect to APi to get Analytic rules with message: $($_.Exception.Message)" -ErrorAction Stop
}

[PSCustomObject]$body = @{
@@ -167,10 +164,8 @@ function Import-AzSentinelHuntingRule {
Write-Output ($body.Properties | Format-List | Format-Table | Out-String)
}
catch {
$errorReturn = $_
$errorResult = ($errorReturn | ConvertFrom-Json ).error
Write-Verbose $_.Exception.Message
Write-Error "Unable to invoke webrequest with error message: $($errorResult.message)" -ErrorAction Continue
Write-Verbose $_
Write-Error "Unable to invoke webrequest with error message: $($_.Exception.Message)" -ErrorAction Continue
}
}
else {
@@ -191,10 +186,8 @@ function Import-AzSentinelHuntingRule {
Write-Output ($body.Properties | Format-List | Format-Table | Out-String)
}
catch {
$errorReturn = $_
$errorResult = ($errorReturn | ConvertFrom-Json ).error
Write-Verbose $_.Exception.Message
Write-Error "Unable to invoke webrequest with error message: $($errorResult.message)" -ErrorAction Continue
Write-Verbose $_
Write-Error "Unable to invoke webrequest with error message: $($_.Exception.Message)" -ErrorAction Continue
}
}
}
Loading