Get-AzSentinelAlertRuleTemplate
Gets the alert rule template.
Syntax
Get-AzSentinelAlertRuleTemplate
-ResourceGroupName <String>
[-SubscriptionId <String[]>]
-WorkspaceName <String>
[-DefaultProfile <PSObject>]
[<CommonParameters>]
Get-AzSentinelAlertRuleTemplate
-Id <String>
-ResourceGroupName <String>
[-SubscriptionId <String[]>]
-WorkspaceName <String>
[-DefaultProfile <PSObject>]
[<CommonParameters>]
Get-AzSentinelAlertRuleTemplate
-InputObject <ISecurityInsightsIdentity>
[-DefaultProfile <PSObject>]
[<CommonParameters>]
Description
Gets the alert rule template.
Examples
Example 1: List all Alert Rule Templates
Get-AzSentinelAlertRuleTemplate -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName"
DisplayName : TI map IP entity to GitHub_CL
Description : Identifies a match in GitHub_CL table from any IP IOC from TI
CreatedDateUtc : 8/27/2019 12:00:00 AM
LastUpdatedDateUtc : 10/19/2021 12:00:00 AM
Kind : Scheduled
Severity : Medium
Name : aac495a9-feb1-446d-b08e-a1164a539452
DisplayName : Accessed files shared by temporary external user
Description : This detection identifies an external user is added to a Team or Teams chat
and shares a files which is accessed by many users (>10) and the users is removed within short period of time. This might be
an indicator of suspicious activity.
CreatedDateUtc : 8/18/2020 12:00:00 AM
LastUpdatedDateUtc : 1/3/2022 12:00:00 AM
Kind : Scheduled
Severity : Low
Name : bff058b2-500e-4ae5-bb49-a5b1423cbd5b
This command lists all Alert Rule Templates under a Microsoft Sentinel workspace.
Example 2: Get an Alert Rule Template
Get-AzSentinelAlertRuleTemplate -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id "myRuaac495a9-feb1-446d-b08e-a1164a539452leTemplateId"
DisplayName : TI map IP entity to GitHub_CL
Description : Identifies a match in GitHub_CL table from any IP IOC from TI
CreatedDateUtc : 8/27/2019 12:00:00 AM
LastUpdatedDateUtc : 10/19/2021 12:00:00 AM
Kind : Scheduled
Severity : Medium
Name : aac495a9-feb1-446d-b08e-a1164a539452
This command gets an Alert Rule Template.
Parameters
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
Alert rule template ID
Type: | String |
Aliases: | AlertRuleTemplateId, TemplateId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | ISecurityInsightsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group. The name is case insensitive.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
Type: | String[] |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
The name of the workspace.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Outputs
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Azure PowerShell