-
Notifications
You must be signed in to change notification settings - Fork 752
/
DismissAllAlerts.ps1
121 lines (100 loc) · 2.84 KB
/
DismissAllAlerts.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<#
.SYNOPSIS
Dismiss all alerts for subscription, based on filter (default is to dismiss all)
.PARAMETER SubscriptionId
Subscription Id
Example usage:
dismissAllAlerts.ps1 -SubscriptionId 4D4F988C-D81F-4BF6-862D-5DB94A067DB5
#>
Param(
[Parameter(Mandatory)] [string]
$SubscriptionId
)
$updatedToken = $null;
$pageNumber = 0
function Main() {
Login-AzAccount
Set-AzContext -SubscriptionId $SubscriptionId
$url = "https://management.azure.com/subscriptions/$($SubscriptionId)/providers/Microsoft.Security/alerts/?api-version=2021-01-01"
while ($url)
{
$pageNumber++
Write-Host (Get-Date).ToString() "Page Number:" $pageNumber
Write-Host (Get-Date).ToString() " " $url
$headers = Get-Headers
$results = Invoke-RestMethod -Method "Get" -Uri $url -Headers $headers
foreach ($alert in $results.value) {
Dismiss-Alert $alert
}
$url = $results.nextLink
}
}
function Get-Headers() {
if ($null -eq $updatedToken)
{
$updatedToken = Get-AzAccessToken
}
$tokenExpiry = $updatedToken.ExpiresOn.ToUnixTimeMilliseconds()
$currentTime = [int][double]::Parse((Get-Date -UFormat %s))
if ($currentTime > $tokenExpiry)
{
$updatedToken = Get-AzAccessToken
}
return @{
Authorization="Bearer $($updatedToken.Token)"
}
}
function Dismiss-Alert($alert) {
if (Should-BeDismissed($alert))
{
$dismissUrl = "https://management.azure.com/$($alert.id)/dismiss?api-version=2021-01-01"
Write-Host (Get-Date).ToString() " " $dismissUrl
$headers = Get-Headers
$retryCount = 0
$success = $false
while (($success -ne $true)){
try {
Invoke-RestMethod -Method "Post" -Uri $dismissUrl -Headers $headers
$success = $true
}
catch [System.Net.WebException]{
$StatusCode = [int]$PSItem.Exception.Response.StatusCode
if ($StatusCode -eq 429) {
Write-Host "Request was throttled"
try{
$RetryAfter = [int]$PSItem.Exception.Response.Headers["Retry-After"]
}
catch {
$RetryAfter = 360
}
if($retryCount -gt 5){
Write-Host "max retry reached, throwing exception"
throw
}
Write-Host "Sleep for $($RetryAfter) Seconds then retry"
Start-Sleep -Seconds $RetryAfter
$retryCount++
}
else{
throw
}
}
}
}
}
function Should-BeDismissed($alert) {
return $alert.properties.status -ne "Dismissed"
}
try {
Main
}
catch {
Write-Host "`n"
Write-Warning $("============ EXCEPTION DETAILS ====================`n" +
"Exception Type: $($PSItem.Exception.GetType().FullName)`n" +
"Message: $($PSItem.Exception.Message)`n" +
"Script Stack Trace:`n" +
$PSItem.ScriptStackTrace +
"`n============================================================")
throw
}