New-AzSentinelIncidentRelation

Module:: Az.SecurityInsights Module

Creates or updates the incident relation.

Syntax

CreateExpanded (Default)

New-AzSentinelIncidentRelation
    -IncidentId <String>
    -ResourceGroupName <String>
    -WorkspaceName <String>
    [-RelationName <String>]
    [-SubscriptionId <String>]
    [-RelatedResourceId <String>]
    [-DefaultProfile <PSObject>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Create

New-AzSentinelIncidentRelation
    -IncidentId <String>
    -ResourceGroupName <String>
    -WorkspaceName <String>
    -Relation <IRelation>
    [-RelationName <String>]
    [-SubscriptionId <String>]
    [-DefaultProfile <PSObject>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

Creates or updates the incident relation.

Examples

Example 1: Create a Incident Relation

$bookmark = Get-AzSentinelBookmark -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id "myBookmarkId"
 New-AzSentinelIncidentRelation -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -IncidentId "myIncidentId" -RelationName ((New-Guid).Guid) -RelatedResourceId ($bookmark.Id)

Name                : 4b112bd9-a6b5-44f6-b89d-8bcbf021fbdf
RelatedResourceName : a636a51c-471a-468d-89ed-d7f4b2a7a569
RelatedResourceKind :
RelatedResourceType : Microsoft.SecurityInsights/Bookmarks

This command creates a Incident Relation connecting the Bookmark to the Incident.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DefaultProfile

The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.

Parameter properties

Type:	PSObject
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	AzureRMContext, AzureCredential

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-IncidentId

Incident ID

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-RelatedResourceId

The resource ID of the related resource

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

CreateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Relation

Represents a relation between two resources To construct, see NOTES section for RELATION properties and create a hash table.

Parameter properties

Type:	IRelation
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

Create

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-RelationName

Relation Name

Parameter properties

Type:	String
Default value:	(New-Guid).Guid
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResourceGroupName

The name of the resource group. The name is case insensitive.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SubscriptionId

The ID of the target subscription.

Parameter properties

Type:	String
Default value:	(Get-AzContext).Subscription.Id
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:	SwitchParameter
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WorkspaceName

The name of the workspace.

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Share via

New-AzSentinelIncidentRelation

Syntax

CreateExpanded (Default)

Create

Description

Examples

Example 1: Create a Incident Relation

Parameters

-Confirm

Parameter properties

Parameter sets

-DefaultProfile

Parameter properties

Parameter sets

-IncidentId

Parameter properties

Parameter sets

-RelatedResourceId

Parameter properties

Parameter sets

-Relation

Parameter properties

Parameter sets

-RelationName

Parameter properties

Parameter sets

-ResourceGroupName

Parameter properties

Parameter sets

-SubscriptionId

Parameter properties

Parameter sets

-WhatIf

Parameter properties

Parameter sets

-WorkspaceName

Parameter properties

Parameter sets

CommonParameters

Inputs

IRelation

Outputs

IRelation