Get-AzSentinelEntityActivity
Get Insights and Activities for an entity.
Syntax
Get-AzSentinelEntityActivity
-EntityId <String>
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String[]>]
[-DefaultProfile <PSObject>]
[<CommonParameters>]
Description
Get Insights and Activities for an entity.
Examples
Example 1: Get Insights and Activities for an Entity
Get-AzSentinelEntityActivity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId"
FriendlyName : WIN2019
Kind : Host
Name : 8d036a2d-f37d-e936-6cca-4e172687cb79
FriendlyName : HackTool:Win32/Mimikatz.gen!H
Kind : Malware
Name : 876fda24-fe06-62b7-7dca-bced167a0ca3
FriendlyName : 52.166.111.66
Kind : Ip
Name : 4ebb68f3-a435-fac0-d3b6-94712d246f0a
This command gets insights and activities for an Entity.
Example 2: Get Insights and Activities for an Entity by Id
$Entity = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "4ebb68f3-a435-fac0-d3b6-94712d246f0a"
$Entity | Get-AzSentinelEntityActivity
This command gets insights and activies for an Entity by object
Parameters
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EntityId
entity ID
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group. The name is case insensitive.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
Type: | String[] |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
The name of the workspace.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Outputs
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
Azure PowerShell
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for