az security automation
View your security automations.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az security automation create_or_update |
Creates or update a security automation. |
Core | GA |
| az security automation delete |
Deletes a security automation. |
Core | GA |
| az security automation list |
List all security automations under subscription/resource group. |
Core | GA |
| az security automation show |
Shows a security automation. |
Core | GA |
| az security automation validate |
Validates a security automation model before create or update. |
Core | GA |
az security automation create_or_update
Creates or update a security automation.
az security automation create_or_update --actions
--name
--resource-group
--scopes
--sources
[--description]
[--etag]
[--isEnabled]
[--location]
[--tags]Examples
Creates a security automation.
az security automation create_or_update -g Sample-RG -n sampleAutomation -l eastus --scopes '[{"description": "Scope for 487bb485-b5b0-471e-9c0d-10717612f869", "scopePath": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869"}]' --sources '[{"eventSource":"SubAssessments","ruleSets":null}]' --actions '[{"actionType":"EventHub","eventHubResourceId":"subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ContosoSiemPipeRg/providers/Microsoft.EventHub/namespaces/contososiempipe-ns/eventhubs/surashed-test","connectionString":"Endpoint=sb://contososiempipe-ns.servicebus.windows.net/;SharedAccessKeyName=Send;SharedAccessKey=dummy=;EntityPath=dummy","SasPolicyName":"dummy"}]'Required Parameters
A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.
Name of the resource to be fetched.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
A collection of scopes on which the security automations logic is applied.
A collection of the source event types which evaluate the security automation set of rules.
Optional Parameters
The security automation description.
Entity tag is used for comparing two or more entities from the same requested resource.
Indicates whether the security automation is enabled.
Location of the resource.
A list of key value pairs that describe the resource.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az security automation delete
Deletes a security automation.
az security automation delete --name
--resource-groupExamples
Deletes a security automation.
az security automation delete -g 'sampleRg' -n 'sampleAutomation'Required Parameters
Name of the resource to be fetched.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az security automation list
List all security automations under subscription/resource group.
az security automation list [--resource-group]Examples
List all security automations under subscription
az security automation listList all security automations under resource group
az security automation list -g 'sampleRg'Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az security automation show
Shows a security automation.
az security automation show --name
--resource-groupExamples
Shows a security automation.
az security automation show -g Sample-RG -n 'sampleAutomation'Required Parameters
Name of the resource to be fetched.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az security automation validate
Validates a security automation model before create or update.
az security automation validate --actions
--name
--resource-group
--scopes
--sources
[--description]
[--etag]
[--isEnabled]
[--location]
[--tags]Examples
Validates a security automation model before create or update.
az security automation validate -g Sample-RG -n sampleAutomation -l eastus --scopes '[{"description": "Scope for 487bb485-b5b0-471e-9c0d-10717612f869", "scopePath": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869"}]' --sources '[{"eventSource":"SubAssessments","ruleSets":null}]' --actions '[{"actionType":"EventHub","eventHubResourceId":"subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ContosoSiemPipeRg/providers/Microsoft.EventHub/namespaces/contososiempipe-ns/eventhubs/surashed-test","connectionString":"Endpoint=sb://contososiempipe-ns.servicebus.windows.net/;SharedAccessKeyName=Send;SharedAccessKey=dummy=;EntityPath=dummy","SasPolicyName":"dummy"}]'Required Parameters
A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.
Name of the resource to be fetched.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
A collection of scopes on which the security automations logic is applied.
A collection of the source event types which evaluate the security automation set of rules.
Optional Parameters
The security automation description.
Entity tag is used for comparing two or more entities from the same requested resource.
Indicates whether the security automation is enabled.
Location of the resource.
A list of key value pairs that describe the resource.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
