Azure – A new PowerShell module is available to manage Azure Sentinel

You may now know Azure Sentinel, the cloud native SIEM (Security Information and Event Management) solution from Microsoft.

Well, if you are using and managing Azure Sentinel you will be happy to know that a PowerShell module is now available to manage Azure Sentinel, in addition of the Azure portal.

Before you deploy this module, you need to ensure:

  • you are using PowerShell 5.1 (or later)
  • have the Az.Accounts module installed

If you don’t have Az.Accounts or Azure PowerShell module you can install it using the below command

Install-Module –Name Az.Accounts

Then you can install the Az.SecurityInsights module using the command

Install-Module -Name Az.SecurityInsights –AllowClobber


Then after authenticating against Azure using Connect-AzAccount you can manage your Azure Sentinel by investigating/assigning incident, configuring connectors and so on.

If you have more than one Azure subscription you may have to set the Azure context first.

All Az.SecurityInsights commands can be listed with the command

Get-Command -Module Az.SecurityInsigths

At the time of writing the below commands are available

  • Get-AzSentinelAlertRuleAction
  • New-AzSentinelAlertRuleAction
  • Remove-AzSentinelAlertRuleAction
  • Update-AzSentinelAlertRuleAction
  • Get-AzSentinelAlertRule
  • New-AzSentinelAlertRule
  • Remove-AzSentinelAlertRule
  • Update-AzSentinelAlertRule
  • Get-AzSentinelAlertRuleTemplate
  • Get-AzSentinelBookmark
  • New-AzSentinelBookmark
  • Remove-AzSentinelBookmark
  • Update-AzSentinelBookmark
  • Get-AzSentinelDataConnector
  • New-AzSentinelDataConnector
  • Remove-AzSentinelDataConnector
  • Update-AzSentinelDataConnector
  • Get-AzSentinelIncidentComment
  • New-AzSentinelIncidentComment
  • Get-AzSentinelIncident
  • New-AzSentinelIncident
  • New-AzSentinelIncidentOwner
  • Remove-AzSentinelIncident
  • Update-AzSentinelIncident
Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies