az sentinel automation-rule
Note
This reference is part of the sentinel extension for the Azure CLI (version 2.37.0 or higher). The extension will automatically install the first time you run an az sentinel automation-rule command. Learn more about extensions.
Manage automation rule with sentinel.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az sentinel automation-rule create |
Create the automation rule. |
Extension | Experimental |
| az sentinel automation-rule delete |
Delete the automation rule. |
Extension | Experimental |
| az sentinel automation-rule list |
Get all automation rules. |
Extension | Experimental |
| az sentinel automation-rule show |
Get the automation rule. |
Extension | Experimental |
| az sentinel automation-rule update |
Update the automation rule. |
Extension | Experimental |
az sentinel automation-rule create
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Create the automation rule.
az sentinel automation-rule create --automation-rule-name
--resource-group
--workspace-name
[--actions]
[--display-name]
[--etag]
[--order]
[--triggering-logic]Required Parameters
Name of automation rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Optional Parameters
The actions to execute when the automation rule is triggered. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The display name of the automation rule.
Etag of the azure resource.
The order of execution of the automation rule.
Describes automation rule triggering logic. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel automation-rule delete
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Delete the automation rule.
az sentinel automation-rule delete [--automation-rule-name]
[--ids]
[--resource-group]
[--subscription]
[--workspace-name]
[--yes]Optional Parameters
Name of automation rule.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel automation-rule list
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get all automation rules.
az sentinel automation-rule list --resource-group
--workspace-nameRequired Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel automation-rule show
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get the automation rule.
az sentinel automation-rule show [--automation-rule-name]
[--ids]
[--resource-group]
[--subscription]
[--workspace-name]Optional Parameters
Name of automation rule.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel automation-rule update
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update the automation rule.
az sentinel automation-rule update [--actions]
[--add]
[--automation-rule-name]
[--display-name]
[--etag]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--order]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--triggering-logic]
[--workspace-name]Optional Parameters
The actions to execute when the automation rule is triggered. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Name of automation rule.
The display name of the automation rule.
Etag of the azure resource.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The order of execution of the automation rule.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Describes automation rule triggering logic. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
