Freigeben über


Set-AzDeviceSecurityGroup

Erstellen oder Aktualisieren der Gerätesicherheitsgruppe

Syntax

Set-AzDeviceSecurityGroup
   -Name <String>
   -HubResourceId <String>
   [-ThresholdRule <PSThresholdCustomAlertRule[]>]
   [-TimeWindowRule <PSTimeWindowCustomAlertRule[]>]
   [-AllowlistRule <PSAllowlistCustomAlertRule[]>]
   [-DenylistRule <PSDenylistCustomAlertRule[]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzDeviceSecurityGroup
   [-ThresholdRule <PSThresholdCustomAlertRule[]>]
   [-TimeWindowRule <PSTimeWindowCustomAlertRule[]>]
   [-AllowlistRule <PSAllowlistCustomAlertRule[]>]
   [-DenylistRule <PSDenylistCustomAlertRule[]>]
   -InputObject <PSDeviceSecurityGroup>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzDeviceSecurityGroup
   [-ThresholdRule <PSThresholdCustomAlertRule[]>]
   [-TimeWindowRule <PSTimeWindowCustomAlertRule[]>]
   [-AllowlistRule <PSAllowlistCustomAlertRule[]>]
   [-DenylistRule <PSDenylistCustomAlertRule[]>]
   -ResourceId <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Beschreibung

Das Cmdlet Set-AzDeviceSecurityGroup erstellt oder aktualisiert eine in iot-Sicherheitslösung definierte Gerätesicherheitsgruppe.

Beispiele

Beispiel 1

$TimeWindowSize = New-TimeSpan -Minutes 5
$TimeWindowRule = New-AzDeviceSecurityGroupTimeWindowRuleObject -Type "ActiveConnectionsNotInAllowedRange" -Enabled $true `
-MaxThreshold 30 -MinThreshold 0 -TimeWindowSize $TimeWindowSize
Set-AzDeviceSecurityGroup -Name "MySecurityGroup" `
-HubResourceId "/subscriptions/XXXXXXXX-XXXX-XXXXX-XXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Devices/IotHubs/MyHub" `
-TimeWindowRule $TimeWindowRules

Id: "/subscriptions/XXXXXXXX-XXXX-XXXXX-XXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Devices/IotHubs/MyHub/providers/Microsoft.Security/deviceSecurityGroups/MySecurityGroup"
Name: "MySecurityGroup"
Type: "Microsoft.Security/deviceSecurityGroups"
ThresholdRules: []
TimeWindowRules: [
			{
              RuleType: "ActiveConnectionsNotInAllowedRange"
              DisplayName: "Number of active connections is not in allowed range"
              Description: "Get an alert when the number of active connections of a device in the time window is not in the allowed range"
              IsEnabled: true
              MinThreshold: 0
              MaxThreshold: 0
              TimeWindowSize: "PT5M"
            }]
AllowlistRules: [
			{
              RuleType": "ConnectionToIpNotAllowed",
              DisplayName: "Outbound connection to an ip that isn't allowed"
              Description: "Get an alert when an outbound connection is created between your device and an ip that isn't allowed"
              IsEnabled: false
              ValueType: "IpCidr"
              AllowlistValues: []
            },
            {
              RuleType: "LocalUserNotAllowed"
              DisplayName: "Login by a local user that isn't allowed"
              Description: "Get an alert when a local user that isn't allowed logins to the device"
              IsEnabled: false
              ValueType: "String"
              AllowlistValues: []
            }]
DenylistRules: []

Aktualisieren der vorhandenen Gerätesicherheitsgruppe von IoT Hub "/subscriptions/XXXXXXXX-XXXX-XXXXX-XXXX-XXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Devices/IotHubs/MyHub" mit Regeltyp "Active Verbinden ionsNotInAllowedRange"

Parameter

-AllowlistRule

Listenregeln zulassen.

Typ:PSAllowlistCustomAlertRule[]
Position:Named
Standardwert:None
Erforderlich:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Hiermit werden Sie vor der Ausführung des Cmdlets zur Bestätigung aufgefordert.

Typ:SwitchParameter
Aliases:cf
Position:Named
Standardwert:None
Erforderlich:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

Anmeldeinformationen, Konto, Mandant und Abonnement für die Kommunikation mit Azure

Typ:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Standardwert:None
Erforderlich:False
Accept pipeline input:False
Accept wildcard characters:False

-DenylistRule

Listenregeln verweigern.

Typ:PSDenylistCustomAlertRule[]
Position:Named
Standardwert:None
Erforderlich:False
Accept pipeline input:False
Accept wildcard characters:False

-HubResourceId

IoT Hub-Ressourcen-ID.

Typ:String
Position:Named
Standardwert:None
Erforderlich:True
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Input-Objekt.

Typ:PSDeviceSecurityGroup
Position:Named
Standardwert:None
Erforderlich:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Ressourcenname.

Typ:String
Position:Named
Standardwert:None
Erforderlich:True
Accept pipeline input:False
Accept wildcard characters:False

-ResourceId

ID der Sicherheitsressource, für die Sie den Befehl aufrufen möchten.

Typ:String
Position:Named
Standardwert:None
Erforderlich:True
Accept pipeline input:True
Accept wildcard characters:False

-ThresholdRule

Schwellenwertregeln.

Typ:PSThresholdCustomAlertRule[]
Position:Named
Standardwert:None
Erforderlich:False
Accept pipeline input:False
Accept wildcard characters:False

-TimeWindowRule

Zeitfensterregeln.

Typ:PSTimeWindowCustomAlertRule[]
Position:Named
Standardwert:None
Erforderlich:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Zeigt, was geschieht, wenn das Cmdlet ausgeführt wird. Das Cmdlet wird nicht ausgeführt.

Typ:SwitchParameter
Aliases:wi
Position:Named
Standardwert:None
Erforderlich:False
Accept pipeline input:False
Accept wildcard characters:False

Eingaben

PSThresholdCustomAlertRule[]

PSTimeWindowCustomAlertRule[]

PSAllowlistCustomAlertRule[]

PSDenylistCustomAlertRule[]

PSDeviceSecurityGroup

String

Ausgaben

PSDeviceSecurityGroup