Event Collector
- 17 Jun 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Event Collector
- Updated on 17 Jun 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Get-LiquitEventCollector
Synopsis
This command displays a list of all event collectors known within the Liquit Workspace or you can just select one in particular.
Syntax
Get-LiquitEventCollector
[-LiquitContext <LiquitContext>]
[<CommonParameters>]
Get-LiquitEventCollector
[-ID] <guid[]>
[-LiquitContext <LiquitContext>]
[<CommonParameters>]
New-LiquitEventCollector
Synopsis
This command creates a new event collector.
Syntax
For Microsoft Azure Sentinel:
New-LiquitEventCollector
[-Type microsoftsentinel]
[-Name] <string>
[-Enabled] <boolean>
[-WorkspaceId] <string>
[-Key] <string>
[-Description <string>]
[-Filters {UserLogin | DistributePackage | LaunchPackage | InstallPackage | UninstallPackage | UserLogoff | RepairPackage | InstallDeployment | RestCreate| RestUpdate | RestDelete | RestAdd | RestRemove | RestAction} ]
[-LiquitContext <LiquitContext>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
For Splunk:
New-LiquitEventCollector
[-Type splunk]
[-Name] <string>
[-Enabled] <boolean>
[-AccessToken] <string>
[-Uri] <string>
[-Description <string>]
[-Filters {UserLogin | DistributePackage | LaunchPackage | InstallPackage | UninstallPackage | UserLogoff | RepairPackage | InstallDeployment | RestCreate| RestUpdate | RestDelete | RestAdd | RestRemove | RestAction} ]
[-ClientCertificate <Certificate>]
[-LiquitContext <LiquitContext>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Examples
Splunk
New-LiquitEventCollector -Type "Splunk" -Name "PS-Test-Splunk" -Uri "https://splunk.liquit.com:9997/services/collector/event" -AccessToken "asdjhgdasjkasdjlkasd" -AuditingFilters @("RestCreate","RestUpdate","RestDelete","RestAdd","RestRemove","RestAction") -Filters @("UserLogin","UserLogoff","DistributePackage","InstallPackage","LaunchPackage","UninstallPackage","RepairPackage")
Microsoft Azure Sentinel
New-LiquitEventCollector -Type MicrosoftSentinel -Name "PS-Test-MicrosoftSentinel" -LocationType 'Azure public cloud' -WorkspaceId "d7a6bca9-45cf-4136-afd0-89fbb6981b30" -Key "jVxR8DtFCDBgNDQIv0Lo//InzufMzTMgM0CirEMaHAdFHn9X8LuKmuf59G0TK2uCGI8VrelAakD1iya+uW7ptQ==" -AuditingFilters @("RestCreate","RestUpdate","RestDelete","RestAdd","RestRemove","RestAction") -Filters @("UserLogin","UserLogoff","DistributePackage","InstallPackage","LaunchPackage","UninstallPackage","RepairPackage")
Parameters
Name | Value | Description | Required | Default value |
---|---|---|---|---|
Type | {microsoftsentinel|splunk} | The type of the collector for SIEM. | Yes | |
Name | <string> | Provide a name for the collector. | Yes | |
Enabled | <boolean> | Determines whether or not the collector is enabled. | Yes | |
WorkspaceId | <string> | The ID of your Microsoft Log Analytics workspace. | Yes | |
AccessToken | <string> | The authentication token that grants access to a Splunk platform instance. | Yes | |
URI | <string> | The address of the Splunk server. | Yes | |
Key | <string> | The primary key associated with your Microsoft Log Analytics workspace. | Yes | |
Description | <string> | The description of the collector. | No | |
Filters | UserLogin | DistributePackage | LaunchPackage | InstallPackage | UninstallPackage | UserLogoff |RepairPackage | InstallDeployment | RestCreate | RestUpdate | RestDelete | RestAdd | RestRemove | RestAction | The types of events you want to send to the SIEM. | No | |
LiquitContext | <LiquitContext> | Determines the selected zone. | No | Default |
Remove-LiquitEventCollector
Synopsis
This command removes an event collector.
Remove-LiquitEventCollector
[-EventCollector] <EventCollector[]>
[-LiquitContext <LiquitContext>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Parameters
Name | Value | Description | Required | Default value |
---|---|---|---|---|
EventCollector | <EventCollector[]> | The type of the collector for SIEM. | Yes | |
LiquitContext | <LiquitContext> | Determines the selected zone. | No | Default |
Set-LiquitEventCollector
Set-LiquitEventCollector
[-EventCollector] <EventCollector[]>
[-AccessToken ]
[-ClientCertificate ]
[-Description ]
[-Enabled ]
[-Filters {UserLogin | DistributePackage | LaunchPackage | InstallPackage | UninstallPackage | UserLogoff | RepairPackage | InstallDeployment | RestCreate| RestUpdate | RestDelete | RestAdd | RestRemove | RestAction} ]
[-AuditingFilters {RestCreate | RestUpdate | RestDelete | RestAdd | RestRemove | RestAction}]
[-EventTags ]
[-Name ]
[-Key ]
[-Uri ]
[-WorkspaceId ]
[-LiquitContext ]
[-WhatIf]
[-Confirm]
Parameters
Name | Value | Description | Required | Default value |
---|---|---|---|---|
EventCollector | <EventCollector[]> | The type of the collector for SIEM. | Yes | |
Filters | UserLogin | DistributePackage | LaunchPackage | InstallPackage | UninstallPackage | UserLogoff |RepairPackage | InstallDeployment | RestCreate | RestUpdate | RestDelete | RestAdd | RestRemove | RestAction | The types of events you want to send to the SIEM. | No | |
AuditingFilters | RestCreate | RestUpdate | RestDelete | RestAdd | RestRemove | RestAction | The type of entities you want to audit. For more information, see Auditing. | No | |
LiquitContext | <LiquitContext> | Determines the selected zone. | No | Default |
Was this article helpful?