.png){kind=logo}
Event Collector
- 04 Mar 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Event Collector
- Updated on 04 Mar 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Get-LiquitEventCollector
Synopsis
This command displays a list of all event collectors known within the Liquit Workspace or you can just select one in particular.
Syntax
Get-LiquitEventCollector
[-LiquitContext <LiquitContext>]
[<CommonParameters>]
Get-LiquitEventCollector
[-ID] <guid[]>
[-LiquitContext <LiquitContext>]
[<CommonParameters>]
New-LiquitEventCollector
Synopsis
This command creates a new event collector.
Syntax
For Microsoft Azure Sentinel:
New-LiquitEventCollector
[-Type microsoftsentinel]
[-Name] <string>
[-Enabled] <boolean>
[-WorkspaceId] <string>
[-Key] <string>
[-Description <string>]
[-Filters <string[]>]
[-LiquitContext <LiquitContext>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
For Splunk:
New-LiquitEventCollector
[-Type splunk]
[-Name] <string>
[-Enabled] <boolean>
[-AccessToken] <string>
[-Uri] <string> mandatory
[-Description <string>]
[-Filters <string[]>]
[-ClientCertificate <Certificate>]
[-LiquitContext <LiquitContext>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Parameters
| Name | Value | Description | Required | Default value |
|---|---|---|---|---|
| Type | {microsoftsentinel|splunk} | The type of the collector for SIEM. | Yes | |
| Name | <string> | Provide a name for the collector. | Yes | |
| Enabled | <boolean> | Determines whether or not the collector is enabled. | Yes | |
| WorkspaceId | <string> | The ID of your Microsoft Log Analytics workspace. | Yes | |
| AccessToken | <string> | The authentication token that grants access to a Splunk platform instance. | Yes | |
| Uri | <string> | The address of the Splunk server. | Yes | |
| Key | <string> | The primary key associated with your Microsoft Log Analytics workspace. | Yes | |
| Description | <string> | The description of the collector. | No | |
| Filters | <string> | The types of events you want to send to the SIEM. | No | |
| LiquitContext | <LiquitContext> | Determines the selected zone. | No | Default |
Remove-LiquitEventCollector
Synopsis
This command removes an event collector.
Remove-LiquitEventCollector
[-EventCollector] <EventCollector[]>
[-LiquitContext <LiquitContext>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Was this article helpful?