Share via


az security automation

View your security automations.

Commands

Name Description Type Status
az security automation create_or_update

Creates or update a security automation.

Core GA
az security automation delete

Deletes a security automation.

Core GA
az security automation list

List all security automations under subscription/resource group.

Core GA
az security automation show

Shows a security automation.

Core GA
az security automation validate

Validates a security automation model before create or update.

Core GA

az security automation create_or_update

Creates or update a security automation.

az security automation create_or_update --actions
                                        --name
                                        --resource-group
                                        --scopes
                                        --sources
                                        [--description]
                                        [--etag]
                                        [--isEnabled]
                                        [--location]
                                        [--tags]

Examples

Creates a security automation.

az security automation create_or_update -g Sample-RG -n sampleAutomation -l eastus --scopes '[{"description": "Scope for 487bb485-b5b0-471e-9c0d-10717612f869", "scopePath": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869"}]' --sources '[{"eventSource":"SubAssessments","ruleSets":null}]' --actions '[{"actionType":"EventHub","eventHubResourceId":"subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ContosoSiemPipeRg/providers/Microsoft.EventHub/namespaces/contososiempipe-ns/eventhubs/surashed-test","connectionString":"Endpoint=sb://contososiempipe-ns.servicebus.windows.net/;SharedAccessKeyName=Send;SharedAccessKey=dummy=;EntityPath=dummy","SasPolicyName":"dummy"}]'

Required Parameters

--actions

A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.

--name -n

Name of the resource to be fetched.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scopes

A collection of scopes on which the security automations logic is applied.

--sources

A collection of the source event types which evaluate the security automation set of rules.

Optional Parameters

--description

The security automation description.

--etag

Entity tag is used for comparing two or more entities from the same requested resource.

--isEnabled

Indicates whether the security automation is enabled.

--location -l

Location of the resource.

--tags

A list of key value pairs that describe the resource.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security automation delete

Deletes a security automation.

az security automation delete --name
                              --resource-group

Examples

Deletes a security automation.

az security automation delete -g 'sampleRg' -n 'sampleAutomation'

Required Parameters

--name -n

Name of the resource to be fetched.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security automation list

List all security automations under subscription/resource group.

az security automation list [--resource-group]

Examples

List all security automations under subscription

az security automation list

List all security automations under resource group

az security automation list -g 'sampleRg'

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security automation show

Shows a security automation.

az security automation show --name
                            --resource-group

Examples

Shows a security automation.

az security automation show -g Sample-RG -n 'sampleAutomation'

Required Parameters

--name -n

Name of the resource to be fetched.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az security automation validate

Validates a security automation model before create or update.

az security automation validate --actions
                                --name
                                --resource-group
                                --scopes
                                --sources
                                [--description]
                                [--etag]
                                [--isEnabled]
                                [--location]
                                [--tags]

Examples

Validates a security automation model before create or update.

az security automation validate -g Sample-RG -n sampleAutomation -l eastus --scopes '[{"description": "Scope for 487bb485-b5b0-471e-9c0d-10717612f869", "scopePath": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869"}]' --sources '[{"eventSource":"SubAssessments","ruleSets":null}]' --actions '[{"actionType":"EventHub","eventHubResourceId":"subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ContosoSiemPipeRg/providers/Microsoft.EventHub/namespaces/contososiempipe-ns/eventhubs/surashed-test","connectionString":"Endpoint=sb://contososiempipe-ns.servicebus.windows.net/;SharedAccessKeyName=Send;SharedAccessKey=dummy=;EntityPath=dummy","SasPolicyName":"dummy"}]'

Required Parameters

--actions

A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.

--name -n

Name of the resource to be fetched.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scopes

A collection of scopes on which the security automations logic is applied.

--sources

A collection of the source event types which evaluate the security automation set of rules.

Optional Parameters

--description

The security automation description.

--etag

Entity tag is used for comparing two or more entities from the same requested resource.

--isEnabled

Indicates whether the security automation is enabled.

--location -l

Location of the resource.

--tags

A list of key value pairs that describe the resource.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.