Public/generated/Get-KriticalUtcmSentinelWatchlist.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmSentinelWatchlist {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource SentinelWatchlist.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCSentinelWatchlist -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmSentinelWatchlist -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Other
    Param count: 21
#>

[CmdletBinding()]
param(
        # Tha name of the watchlist.
[Parameter(Mandatory)] [string]$Name,
        # The name of the resource group. The name is case insensitive.
[string]$SubscriptionId,
        # The name of the resource group. The name is case insensitive.
[string]$ResourceGroupName,
        # The name of the workspace.
[string]$WorkspaceName,
        # The id (a Guid) of the watchlist
[string]$Id,
        # The display name of the watchlist.
[string]$DisplayName,
        # The source of the watchlist. Only accepts 'Local file' and 'Remote storage'. And it must included in the request.
[string]$SourceType,
        # The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address.
[string]$ItemsSearchKey,
        # A description of the watchlist
[string]$Description,
        # The default duration of a watchlist (in ISO 8601 duration format)
[string]$DefaultDuration,
        # The watchlist alias
[string]$Alias,
        # The number of lines in a csv content to skip before the header
[int]$NumberOfLinesToSkip,
        # The raw content that represents to watchlist items to create. Example : This line will be skipped header1,header2 value1,value2
[string]$RawContent,
        # Present ensures the instance exists, absent ensures it is removed.
[ValidateSet('Absent','Present')] [string]$Ensure,
        # Credentials of the workload's Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'SentinelWatchlist' -Workload 'Other' -Verb 'Get' -CallerParams $PSBoundParameters
}