-
Notifications
You must be signed in to change notification settings - Fork 82
Export AzSentinel
Pouyan Khabazi edited this page Dec 31, 2020
·
1 revision
Export Azure Sentinel
Export-AzSentinel [-SubscriptionId <String>] -WorkspaceName <String> -OutputFolder <FileInfo>
-Kind <ExportType[]> [-TemplatesKind <Kind[]>] [<CommonParameters>]
With this function you can export Azure Sentinel configuration
Export-AzSentinel -WorkspaceName '' -Path C:\Temp\ -Kind All
In this example you export Alert, Hunting and Template rules
Export-AzSentinel -WorkspaceName '' -Path C:\Temp\ -Kind Templates
In this example you export only the Templates
Export-AzSentinel -WorkspaceName '' -Path C:\Temp\ -Kind Alert
In this example you export only the Scheduled Alert rules
Enter the subscription ID, if no subscription ID is provided then current AZContext subscription will be used
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Enter the Workspace name
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The Path where you want to export the JSON files
Type: FileInfo
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Select what you want to export: Alert, Hunting, Templates or All
Type: ExportType[]
Parameter Sets: (All)
Aliases:
Accepted values: Alert, Hunting, All, Templates
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
Select which Kind of templates you want to export, if empy all Templates will be exported
Type: Kind[]
Parameter Sets: (All)
Aliases:
Accepted values: Scheduled, Fusion, MLBehaviorAnalytics, MicrosoftSecurityIncidentCreation
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.