Share via


az security alerts-suppression-rule

View and manage alerts suppression rules.

Commands

Name Description Type Status
az security alerts-suppression-rule delete

Delete an alerts suppression rule.

Core GA
az security alerts-suppression-rule delete_scope

Delete an alerts suppression rule scope.

Core GA
az security alerts-suppression-rule list

List all alerts suppression rule on a subscription scope.

Core GA
az security alerts-suppression-rule show

Shows an alerts suppression rule.

Core GA
az security alerts-suppression-rule update

Updates or create an alerts suppression rule.

Core GA
az security alerts-suppression-rule upsert_scope

Update an alerts suppression rule with scope element.

Core GA

az security alerts-suppression-rule delete

Delete an alerts suppression rule.

az security alerts-suppression-rule delete --rule-name

Examples

Delete an alerts suppression rule.

az security alerts-suppression-rule delete --rule-name RuleName

Required Parameters

--rule-name

The unique name of the alerts suppression rule.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security alerts-suppression-rule delete_scope

Delete an alerts suppression rule scope.

az security alerts-suppression-rule delete_scope --field
                                                 --rule-name

Examples

Delete an alerts suppression rule scope.

az security alerts-suppression-rule delete_scope --rule-name RuleName --field "entities.process.commandline"

Required Parameters

--field

Entity name.

--rule-name

The unique name of the alerts suppression rule.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security alerts-suppression-rule list

List all alerts suppression rule on a subscription scope.

az security alerts-suppression-rule list

Examples

List alerts suppression rules.

az security alerts-suppression-rule list
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security alerts-suppression-rule show

Shows an alerts suppression rule.

az security alerts-suppression-rule show --rule-name

Examples

Get an alerts suppression rule on a subscription scope.

az security alerts-suppression-rule show --rule-name RuleName

Required Parameters

--rule-name

The unique name of the alerts suppression rule.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security alerts-suppression-rule update

Updates or create an alerts suppression rule.

az security alerts-suppression-rule update --alert-type
                                           --reason
                                           --rule-name
                                           --state
                                           [--comment]
                                           [--expiration-date-utc]

Examples

Create suppression rule with entities.

az security alerts-suppression-rule update --rule-name RuleName --alert-type "Test" --reason "Other" --comment "Test comment" --state "Enabled"

Required Parameters

--alert-type

Type of the alert to automatically suppress. For all alert types, use "*".

--reason

The reason for dismissing the alert.

--rule-name

The unique name of the alerts suppression rule.

--state

Possible states of the rule. Possible values are "Enabled" and "Disabled".

Optional Parameters

--comment

Any comment regarding the rule.

--expiration-date-utc

Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security alerts-suppression-rule upsert_scope

Update an alerts suppression rule with scope element.

az security alerts-suppression-rule upsert_scope --field
                                                 --rule-name
                                                 [--any-of]
                                                 [--contains-substring]

Examples

Add "entities.host.dnsdomain" scope to an alerts suppression rule.

az security alerts-suppression-rule upsert_scope --field "entities.process.commandline" --contains-substring "example" --rule-name RuleName

Required Parameters

--field

Entity name.

--rule-name

The unique name of the alerts suppression rule.

Optional Parameters

--any-of

A list of strings to scope the suppression rule by.

--contains-substring

The string to scope the suppression rule by.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.