Public/generated/Get-KriticalUtcmSentinelWatchlist.ps1
|
# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit # (c) 2026 Kritical Pty Ltd | https://kritical.net # Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner. function Get-KriticalUtcmSentinelWatchlist { <# .SYNOPSIS Kritical.UTCM shim for M365DSC resource SentinelWatchlist. .DESCRIPTION Search-replace safe: callers that today invoke Get-M365DSCSentinelWatchlist -Credential $cred -TenantId $tid can rename to Get-KriticalUtcmSentinelWatchlist -Credential $cred -TenantId $tid with ZERO other edits. Parameter shape matches the M365DSC .schema.mof exactly. By default -PreferM365DscBehavior is true. Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge. Bridge maps resource → Graph endpoint per per-resource wave; where mapping is not yet shipped, bridge returns an object with Verdict='UNMAPPED'. .NOTES Workload: Other Param count: 21 #> [CmdletBinding()] param( # Tha name of the watchlist. [Parameter(Mandatory)] [string]$Name, # The name of the resource group. The name is case insensitive. [string]$SubscriptionId, # The name of the resource group. The name is case insensitive. [string]$ResourceGroupName, # The name of the workspace. [string]$WorkspaceName, # The id (a Guid) of the watchlist [string]$Id, # The display name of the watchlist. [string]$DisplayName, # The source of the watchlist. Only accepts 'Local file' and 'Remote storage'. And it must included in the request. [string]$SourceType, # The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. [string]$ItemsSearchKey, # A description of the watchlist [string]$Description, # The default duration of a watchlist (in ISO 8601 duration format) [string]$DefaultDuration, # The watchlist alias [string]$Alias, # The number of lines in a csv content to skip before the header [int]$NumberOfLinesToSkip, # The raw content that represents to watchlist items to create. Example : This line will be skipped header1,header2 value1,value2 [string]$RawContent, # Present ensures the instance exists, absent ensures it is removed. [ValidateSet('Absent','Present')] [string]$Ensure, # Credentials of the workload's Admin [string]$Credential, # Id of the Azure Active Directory application to authenticate with. [string]$ApplicationId, # Id of the Azure Active Directory tenant used for authentication. [string]$TenantId, # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. [string]$CertificateThumbprint, # Username can be made up to anything but password will be used for CertificatePassword [string]$CertificatePassword, # Path to certificate used in service principal usually a PFX file. [string]$CertificatePath, # Managed ID being used for authentication. [bool]$ManagedIdentity ) Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'SentinelWatchlist' -Workload 'Other' -Verb 'Get' -CallerParams $PSBoundParameters } |