Get-AzSentinelAlertRule

Module:

Az.SecurityInsights Module

Gets the alert rule.

Syntax

List (Default)

Get-AzSentinelAlertRule
    -ResourceGroupName <String>
    -WorkspaceName <String>
    [-SubscriptionId <String[]>]
    [-DefaultProfile <PSObject>]
    [<CommonParameters>]

Get

Get-AzSentinelAlertRule
    -ResourceGroupName <String>
    -RuleId <String>
    -WorkspaceName <String>
    [-SubscriptionId <String[]>]
    [-DefaultProfile <PSObject>]
    [<CommonParameters>]

GetViaIdentity

Get-AzSentinelAlertRule
    -InputObject <ISecurityInsightsIdentity>
    [-DefaultProfile <PSObject>]
    [<CommonParameters>]

Description

Gets the alert rule.

Examples

Example 1: List all Alert Rules

Get-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName"

AlertDisplayName : (Preview) TI map IP entity to SigninLogs
FriendlyName     : (Preview) TI map IP entity to SigninLogs
Description      : Identifies a match in SigninLogs from any IP IOC from TI
Kind             : SecurityAlert
Name             : d1e4d1dd-8d16-1aed-59bd-a256266d7244
ProductName      : Azure Sentinel
Status           : New
ProviderAlertId  : d6c7a42b-c0da-41ef-9629-b3d2d407b181
Tactic           : {Impact}

This command lists all Alert Rules under a Microsoft Sentinel workspace.

Example 2: Get an Alert Rule

Get-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -RuleId "d6c7a42b-c0da-41ef-9629-b3d2d407b181"

AlertDisplayName : (Preview) TI map IP entity to SigninLogs
FriendlyName     : (Preview) TI map IP entity to SigninLogs
Description      : Identifies a match in SigninLogs from any IP IOC from TI
Kind             : SecurityAlert
Name             : d1e4d1dd-8d16-1aed-59bd-a256266d7244
ProductName      : Azure Sentinel
Status           : New
ProviderAlertId  : d6c7a42b-c0da-41ef-9629-b3d2d407b181
Tactic           : {Impact}

This command gets an Alert Rule.

Example 3: Get an Alert Rule by object Id

$rules = Get-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName"
 $rules[0] | Get-AzSentinelAlertRule

AlertDisplayName : (Preview) TI map IP entity to SigninLogs
FriendlyName     : (Preview) TI map IP entity to SigninLogs
Description      : Identifies a match in SigninLogs from any IP IOC from TI
Kind             : SecurityAlert
Name             : d1e4d1dd-8d16-1aed-59bd-a256266d7244
ProductName      : Azure Sentinel
Status           : New
ProviderAlertId  : d6c7a42b-c0da-41ef-9629-b3d2d407b181
Tactic           : {Impact}

This command gets an Alert Rule by object

Parameters

-DefaultProfile

The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.

Parameter properties

Type:	PSObject
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	AzureRMContext, AzureCredential

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Parameter properties

Type:	ISecurityInsightsIdentity
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

GetViaIdentity

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResourceGroupName

The name of the resource group. The name is case insensitive.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

List

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Get

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-RuleId

Alert rule ID

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

Get

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SubscriptionId

The ID of the target subscription.

Parameter properties

Type:	String[]
Default value:	(Get-AzContext).Subscription.Id
Supports wildcards:	False
DontShow:	False

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Get

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WorkspaceName

The name of the workspace.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

List

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

Get

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

ISecurityInsightsIdentity

Outputs

IAlertRule