Update-AzSentinelAlertRule
Syntax
UpdateScheduled (Default)
Update-AzSentinelAlertRule
-ResourceGroupName <String>
-WorkspaceName <String>
-RuleId <String>
[-SubscriptionId <String>]
[-AlertRuleTemplateName <String>]
[-Enabled]
[-Disabled]
[-Description <String>]
[-Query <String>]
[-DisplayName <String>]
[-SuppressionDuration <TimeSpan>]
[-SuppressionEnabled]
[-Severity <AlertSeverity>]
[-Tactic <AttackTactic>]
[-CreateIncident]
[-GroupingConfigurationEnabled]
[-ReOpenClosedIncident]
[-LookbackDuration <TimeSpan>]
[-MatchingMethod <String>]
[-GroupByAlertDetail <AlertDetail[]>]
[-GroupByCustomDetail <String[]>]
[-GroupByEntity <EntityMappingType[]>]
[-EntityMapping <EntityMapping[]>]
[-AlertDescriptionFormat <String>]
[-AlertDisplayNameFormat <String>]
[-AlertSeverityColumnName <String>]
[-AlertTacticsColumnName <String>]
[-QueryFrequency <TimeSpan>]
[-QueryPeriod <TimeSpan>]
[-TriggerOperator <TriggerOperator>]
[-TriggerThreshold <Int32>]
[-EventGroupingSettingAggregationKind <EventGroupingAggregationKind>]
[-DefaultProfile <PSObject>]
[-Scheduled]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateFusionMLTI
Update-AzSentinelAlertRule
-ResourceGroupName <String>
-WorkspaceName <String>
-RuleId <String>
[-SubscriptionId <String>]
[-AlertRuleTemplateName <String>]
[-Enabled]
[-Disabled]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-FusionMLorTI]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateMicrosoftSecurityIncidentCreation
Update-AzSentinelAlertRule
-ResourceGroupName <String>
-WorkspaceName <String>
-RuleId <String>
[-SubscriptionId <String>]
[-AlertRuleTemplateName <String>]
[-Enabled]
[-Disabled]
[-Description <String>]
[-DisplayNamesFilter <String[]>]
[-DisplayNamesExcludeFilter <String[]>]
[-ProductFilter <MicrosoftSecurityProductName>]
[-SeveritiesFilter <AlertSeverity[]>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-MicrosoftSecurityIncidentCreation]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateNRT
Update-AzSentinelAlertRule
-ResourceGroupName <String>
-WorkspaceName <String>
-RuleId <String>
[-SubscriptionId <String>]
[-AlertRuleTemplateName <String>]
[-Enabled]
[-Disabled]
[-Description <String>]
[-Query <String>]
[-DisplayName <String>]
[-SuppressionDuration <TimeSpan>]
[-SuppressionEnabled]
[-Severity <AlertSeverity>]
[-Tactic <AttackTactic>]
[-CreateIncident]
[-GroupingConfigurationEnabled]
[-ReOpenClosedIncident]
[-LookbackDuration <TimeSpan>]
[-MatchingMethod <String>]
[-GroupByAlertDetail <AlertDetail[]>]
[-GroupByCustomDetail <String[]>]
[-GroupByEntity <EntityMappingType[]>]
[-EntityMapping <EntityMapping[]>]
[-AlertDescriptionFormat <String>]
[-AlertDisplayNameFormat <String>]
[-AlertSeverityColumnName <String>]
[-AlertTacticsColumnName <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-NRT]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentityFusionMLTI
Update-AzSentinelAlertRule
-InputObject <ISecurityInsightsIdentity>
[-AlertRuleTemplateName <String>]
[-Enabled]
[-Disabled]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-FusionMLorTI]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentityMicrosoftSecurityIncidentCreation
Update-AzSentinelAlertRule
-InputObject <ISecurityInsightsIdentity>
[-AlertRuleTemplateName <String>]
[-Enabled]
[-Disabled]
[-Description <String>]
[-DisplayNamesFilter <String[]>]
[-DisplayNamesExcludeFilter <String[]>]
[-ProductFilter <MicrosoftSecurityProductName>]
[-SeveritiesFilter <AlertSeverity[]>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-MicrosoftSecurityIncidentCreation]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentityNRT
Update-AzSentinelAlertRule
-InputObject <ISecurityInsightsIdentity>
[-AlertRuleTemplateName <String>]
[-Enabled]
[-Disabled]
[-Description <String>]
[-Query <String>]
[-DisplayName <String>]
[-SuppressionDuration <TimeSpan>]
[-SuppressionEnabled]
[-Severity <AlertSeverity>]
[-Tactic <AttackTactic>]
[-CreateIncident]
[-GroupingConfigurationEnabled]
[-ReOpenClosedIncident]
[-LookbackDuration <TimeSpan>]
[-MatchingMethod <String>]
[-GroupByAlertDetail <AlertDetail[]>]
[-GroupByCustomDetail <String[]>]
[-GroupByEntity <EntityMappingType[]>]
[-EntityMapping <EntityMapping[]>]
[-AlertDescriptionFormat <String>]
[-AlertDisplayNameFormat <String>]
[-AlertSeverityColumnName <String>]
[-AlertTacticsColumnName <String>]
[-DefaultProfile <PSObject>]
[-AsJob]
[-NoWait]
[-NRT]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentityUpdateScheduled
Update-AzSentinelAlertRule
-InputObject <ISecurityInsightsIdentity>
[-AlertRuleTemplateName <String>]
[-Enabled]
[-Disabled]
[-Description <String>]
[-Query <String>]
[-DisplayName <String>]
[-SuppressionDuration <TimeSpan>]
[-SuppressionEnabled]
[-Severity <AlertSeverity>]
[-Tactic <AttackTactic>]
[-CreateIncident]
[-GroupingConfigurationEnabled]
[-ReOpenClosedIncident]
[-LookbackDuration <TimeSpan>]
[-MatchingMethod <String>]
[-GroupByAlertDetail <AlertDetail[]>]
[-GroupByCustomDetail <String[]>]
[-GroupByEntity <EntityMappingType[]>]
[-EntityMapping <EntityMapping[]>]
[-AlertDescriptionFormat <String>]
[-AlertDisplayNameFormat <String>]
[-AlertSeverityColumnName <String>]
[-AlertTacticsColumnName <String>]
[-QueryFrequency <TimeSpan>]
[-QueryPeriod <TimeSpan>]
[-TriggerOperator <TriggerOperator>]
[-TriggerThreshold <Int32>]
[-EventGroupingSettingAggregationKind <EventGroupingAggregationKind>]
[-DefaultProfile <PSObject>]
[-Scheduled]
[-AsJob]
[-NoWait]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Examples
Example 1: Update an scheduled alert rule
Update-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -ruleId "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" -Query "SecurityAlert | take 2"
This command updates a scheduled alert rule
Parameters
Updates the alert rule.
Type: String
Default value: None Supports wildcards: False DontShow: False
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Updates the alert rule.
Type: String
Default value: None Supports wildcards: False DontShow: False
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-AlertRuleTemplateName
Updates the alert rule.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-AlertSeverityColumnName
Updates the alert rule.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-AlertTacticsColumnName
Updates the alert rule.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-AsJob
Run the command as a job
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-CreateIncident
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: PSObject
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRMContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Description
Updates the alert rule.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Disabled
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisplayName
Updates the alert rule.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisplayNamesExcludeFilter
Updates the alert rule.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisplayNamesFilter
Updates the alert rule.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Enabled
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EntityMapping
'Account', 'Host', 'IP', 'Malware', 'File', 'Process', 'CloudApplication', 'DNS', 'AzureResource', 'FileHash', 'RegistryKey', 'RegistryValue', 'SecurityGroup', 'URL', 'Mailbox', 'MailCluster', 'MailMessage', 'SubmissionMail'
To construct, see NOTES section for ENTITYMAPPING properties and create a hash table.
Parameter properties
Type: EntityMapping [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EventGroupingSettingAggregationKind
Updates the alert rule.
Parameter properties
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-FusionMLorTI
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateFusionMLTI
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityFusionMLTI
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-GroupByAlertDetail
Updates the alert rule.
Parameter properties
Type: AlertDetail [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-GroupByCustomDetail
Updates the alert rule.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-GroupByEntity
Updates the alert rule.
Parameter properties
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-GroupingConfigurationEnabled
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Identity Parameter
To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
UpdateViaIdentityFusionMLTI
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityMicrosoftSecurityIncidentCreation
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-LookbackDuration
Updates the alert rule.
Parameter properties
Type: TimeSpan
Default value: New-TimeSpan -Hours 5 Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-MatchingMethod
Updates the alert rule.
Parameter properties
Type: String
Default value: AllEntities Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-MicrosoftSecurityIncidentCreation
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityMicrosoftSecurityIncidentCreation
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-NoWait
Run the command asynchronously
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-NRT
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateNRT
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ProductFilter
Updates the alert rule.
Parameter properties
Parameter sets
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Query
Updates the alert rule.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-QueryFrequency
Updates the alert rule.
Parameter properties
Type: TimeSpan
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-QueryPeriod
Updates the alert rule.
Parameter properties
Type: TimeSpan
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ReOpenClosedIncident
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
The Resource Group Name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateFusionMLTI
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-RuleId
[Alias('RuleId')]
The name of Operational Insights Resource Provider.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateFusionMLTI
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Scheduled
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SeveritiesFilter
High, Medium, Low, Informational
Parameter properties
Type: AlertSeverity [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Severity
Updates the alert rule.
Parameter properties
Type: AlertSeverity
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SubscriptionId
Gets subscription credentials which uniquely identify Microsoft Azure subscription.
The subscription ID forms part of the URI for every service call.
Parameter properties
Type: String
Default value: (Get-AzContext).Subscription.Id Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateFusionMLTI
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SuppressionDuration
Updates the alert rule.
Parameter properties
Type: TimeSpan
Default value: New-TimeSpan -Hours 5 Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SuppressionEnabled
Updates the alert rule.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Tactic
Updates the alert rule.
Parameter properties
Type: AttackTactic
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityNRT
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-TriggerOperator
Updates the alert rule.
Parameter properties
Type: TriggerOperator
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-TriggerThreshold
Updates the alert rule.
Parameter properties
Type: Int32
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateViaIdentityUpdateScheduled
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WorkspaceName
The name of the workspace.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateScheduled
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateFusionMLTI
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateMicrosoftSecurityIncidentCreation
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
UpdateNRT
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs