Edit

Get-AzSentinelIncident

Module:
Az.SecurityInsights Module

Gets an incident.

Syntax

List (Default) 

Get-AzSentinelIncident
    -ResourceGroupName <String>
    -WorkspaceName <String>
    [-SubscriptionId <String[]>]
    [-Filter <String>]
    [-Orderby <String>]
    [-SkipToken <String>]
    [-Top <Int32>]
    [-DefaultProfile <PSObject>]
    [<CommonParameters>]

Get 

Get-AzSentinelIncident
    -Id <String>
    -ResourceGroupName <String>
    -WorkspaceName <String>
    [-SubscriptionId <String[]>]
    [-DefaultProfile <PSObject>]
    [<CommonParameters>]

GetViaIdentity 

Get-AzSentinelIncident
    -InputObject <ISecurityInsightsIdentity>
    [-DefaultProfile <PSObject>]
    [<CommonParameters>]

Description

Gets an incident.

Examples

Example 1: List all Incidents

Get-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName"

Title        	: (Preview) TI map IP entity to AzureActivity
Description  	: Identifies a match in AzureActivity from any IP IOC from TI
Severity     	: Medium
Number      	: 754
Label        	: {}
ProviderName  : Azure Sentinel
Name         	: f5409f55-7dd8-4c73-9981-4627520b2db

This command lists all Incidents under a Microsoft Sentinel workspace.

Example 2: Get an Incident

Get-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id "f5409f55-7dd8-4c73-9981-4627520b2db"

Title        	: (Preview) TI map IP entity to AzureActivity
Description  	: Identifies a match in AzureActivity from any IP IOC from TI
Severity     	: Medium
Number      	: 754
Label        	: {}
ProviderName  : Azure Sentinel
Name         	: f5409f55-7dd8-4c73-9981-4627520b2db

This command gets an Incident.

Parameters

-DefaultProfile

The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.

Parameter properties

Type:PSObject
Default value:None
Supports wildcards:False
DontShow:False
Aliases:AzureRMContext, AzureCredential

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Filter

Filters the results, based on a Boolean condition. Optional.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

List
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Id

Incident ID

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False
Aliases:IncidentId

Parameter sets

Get
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Parameter properties

Type:ISecurityInsightsIdentity
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

GetViaIdentity
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-Orderby

Sorts the results. Optional.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

List
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-ResourceGroupName

The name of the resource group. The name is case insensitive.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

List
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
Get
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SkipToken

Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

List
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-SubscriptionId

The ID of the target subscription.

Parameter properties

Type:

String[]

Default value:(Get-AzContext).Subscription.Id
Supports wildcards:False
DontShow:False

Parameter sets

List
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
Get
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-Top

Returns only the first n results. Optional.

Parameter properties

Type:Int32
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

List
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-WorkspaceName

The name of the workspace.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

List
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False
Get
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

ISecurityInsightsIdentity

Outputs

IIncident