How to Use PowerShell With Azure Sentinel

Microsoft Azure Sentinel, Security Information and event management (SIEM) system allow us to manage events logs using advanced tools and AI.


When it comes to managing Azure Sentinel with PowerShell our options are limited and as of writing these lines there is no PowerShell module for Sentinel however there is an Azure CLI module for it.

Update: Two days ago (1/1/21) Microsoft released the Azure Sentinel PowerShell module. You can download it from the PowerShell Gallery using the following command:

Install-Module -Name Az.SecurityInsights

After installing the module you can review all the available commands with the line below:

Get-command -module az.securityinsights

Azure CLI

If you don’t mind using Azure CLI, you can manage Sentinel with it. The module is very new, and not all the commands are fully working.

To use Sentinel with Azure CLI you use the following syntex:

az sentinel 

To view all the commands type:

az sentinel --help

You don’t need to install the module separately, but you need Azure CLI 2.11.0 once you try to run the command you will be asked to install the module.

If you used to PowerShell, you might need to wait until Azure makes the modules available to PowerShell.