Get-AzSentinelEntity
Gets an entity.
Syntax
Get-AzSentinelEntity
-ResourceGroupName <String>
[-SubscriptionId <String[]>]
-WorkspaceName <String>
[-DefaultProfile <PSObject>]
[<CommonParameters>]
Get-AzSentinelEntity
-Id <String>
-ResourceGroupName <String>
[-SubscriptionId <String[]>]
-WorkspaceName <String>
[-DefaultProfile <PSObject>]
[<CommonParameters>]
Get-AzSentinelEntity
-InputObject <ISecurityInsightsIdentity>
[-DefaultProfile <PSObject>]
[<CommonParameters>]
Description
Gets an entity.
Examples
Example 1: List all Entities
Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName"
FriendlyName : WIN2019
Kind : Host
Name : 8d036a2d-f37d-e936-6cca-4e172687cb79
FriendlyName : 186.120.101.12
Kind : Ip
Name : bb590b07-5ef5-bf85-1c3e-2a04e1e137d2
This command lists all Entities under a Microsoft Sentinel workspace.
Example 2: Get an Entity
Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id "8d036a2d-f37d-e936-6cca-4e172687cb79"
FriendlyName : WIN2019
Kind : Host
Name : 8d036a2d-f37d-e936-6cca-4e172687cb79
This command gets an Entity.
Example 3: Get a Entity by object Id
$Entitys = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName"
$Entitys[0] | Get-AzSentinelEntity
FriendlyName : WIN2019
Kind : Host
Name : 8d036a2d-f37d-e936-6cca-4e172687cb79
This command gets an Entity by object
Example 4: Get a Entity by kind
Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" | Where-Object {$_.Kind -eq "CloudApplication"}
FriendlyName : Office 365
Kind : CloudApplication
Name : 8fceb9c4-abe7-7174-aabf-f1dde96a945e
This command gets an Entity by kind
Parameters
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
entity ID
Type: | String |
Aliases: | EntityId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | ISecurityInsightsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group. The name is case insensitive.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
Type: | String[] |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
The name of the workspace.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Outputs
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Azure PowerShell