Event Collector
  • 26 Sep 2023
  • 1 Minute to read
  • Dark
    Light
  • PDF

Event Collector

  • Dark
    Light
  • PDF

Article Summary

Get-LiquitEventCollector

Synopsis

Displays a list of all event collectors known within the Liquit Workspace or you can just select one in particular.

Syntax

Get-LiquitEventCollector
[-LiquitContext <LiquitContext>]  
[<CommonParameters>]

Get-LiquitEventCollector 
[-ID] <guid[]> 
[-LiquitContext <LiquitContext>]  
[<CommonParameters>]

New-LiquitEventCollector

Synopsis

Create a new event collector.

Syntax

For Microsoft Azure Sentinel:

New-LiquitEventCollector 
[-Type microsoftsentinel] 
[-Name] <string>  
[-Enabled] <boolean>  
[-WorkspaceId] <string>  
[-Key] <string>  
[-Description <string>] 
[-Filters <string[]>] 
[-LiquitContext <LiquitContext>] 
[-WhatIf] 
[-Confirm] 
[<CommonParameters>]

For Splunk:

New-LiquitEventCollector
[-Type splunk]  
[-Name] <string>  
[-Enabled] <boolean>  
[-AccessToken] <string>  
[-Uri] <string> mandatory 
[-Description <string>] 
[-Filters <string[]>] 
[-ClientCertificate <Certificate>] 
[-LiquitContext <LiquitContext>] 
[-WhatIf] 
[-Confirm] 
[<CommonParameters>] 

Parameters

NameValueDescriptionRequiredDefault value
Type{microsoftsentinel|splunk}The type of the collector for SIEM.Yes
Name<string>Provide a name for the collector.Yes
Enabled<boolean>Determines whether or not the collector is enabled.Yes
WorkspaceId<string>The ID of your Microsoft Log Analytics workspace.Yes
AccessToken<string>The authentication token that grants access to a Splunk platform instance.Yes
Uri<string>The address of the Splunk server.Yes
Key<string>The primary key associated with your Microsoft Log Analytics workspace.Yes
Description<string>The description of the collectorNo
Filters<string>The types of event you want to send to the SIEM.No
LiquitContext<LiquitContext>Determines the selected zoneNoDefault

Remove-LiquitEventCollector

Synopsis

Removes an event collector.

Remove-LiquitEventCollector 
[-EventCollector] <EventCollector[]> 
[-LiquitContext <LiquitContext>] 
[-WhatIf] 
[-Confirm]  
[<CommonParameters>]

Was this article helpful?


What's Next