New-AzSentinelIncidentRelation
Creates or updates the incident relation.
Syntax
New-AzSentinelIncidentRelation
-IncidentId <String>
-ResourceGroupName <String>
-WorkspaceName <String>
[-RelationName <String>]
[-SubscriptionId <String>]
[-RelatedResourceId <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelIncidentRelation
-IncidentId <String>
-ResourceGroupName <String>
-WorkspaceName <String>
-Relation <IRelation>
[-RelationName <String>]
[-SubscriptionId <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>] Description
Creates or updates the incident relation.
Examples
Example 1: Create a Incident Relation
$bookmark = Get-AzSentinelBookmark -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id "myBookmarkId"
New-AzSentinelIncidentRelation -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -IncidentId "myIncidentId" -RelationName ((New-Guid).Guid) -RelatedResourceId ($bookmark.Id)
Name : 4b112bd9-a6b5-44f6-b89d-8bcbf021fbdf
RelatedResourceName : a636a51c-471a-468d-89ed-d7f4b2a7a569
RelatedResourceKind :
RelatedResourceType : Microsoft.SecurityInsights/BookmarksThis command creates a Incident Relation connecting the Bookmark to the Incident.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
| Type: | PSObject |
| Aliases: | AzureRMContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IncidentId
Incident ID
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RelatedResourceId
The resource ID of the related resource
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Relation
Represents a relation between two resources To construct, see NOTES section for RELATION properties and create a hash table.
| Type: | IRelation |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-RelationName
Relation Name
| Type: | String |
| Position: | Named |
| Default value: | (New-Guid).Guid |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group. The name is case insensitive.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
| Type: | String |
| Position: | Named |
| Default value: | (Get-AzContext).Subscription.Id |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WorkspaceName
The name of the workspace.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Outputs
Notes
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
RELATION <IRelation>: Represents a relation between two resources
[Etag <String>]: Etag of the azure resource[SystemDataCreatedAt <DateTime?>]: The timestamp of resource creation (UTC).[SystemDataCreatedBy <String>]: The identity that created the resource.[SystemDataCreatedByType <CreatedByType?>]: The type of identity that created the resource.[SystemDataLastModifiedAt <DateTime?>]: The timestamp of resource last modification (UTC)[SystemDataLastModifiedBy <String>]: The identity that last modified the resource.[SystemDataLastModifiedByType <CreatedByType?>]: The type of identity that last modified the resource.[RelatedResourceId <String>]: The resource ID of the related resource
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for