Update-AzSentinelAlertRuleAction
Creates or updates the action of alert rule.
Syntax
Update-AzSentinelAlertRuleAction
-Id <String>
-ResourceGroupName <String>
-RuleId <String>
[-SubscriptionId <String>]
-WorkspaceName <String>
[-LogicAppResourceId <String>]
[-TriggerUri <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-AzSentinelAlertRuleAction
-InputObject <ISecurityInsightsIdentity>
[-LogicAppResourceId <String>]
[-TriggerUri <String>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Creates or updates the action of alert rule.
Examples
Example 1: Updates an alert rule action
$LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myLogicAppResourceGroupName" -Name "myLogicAppPlaybookName"
$LogicAppTriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "myLogicAppResourceGroupName" -Name $LogicAppResourceId.Name -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
Update-AzSentinelAlertRuleAction -ResourceGroupName "mySentinelResourceGroupName" -workspaceName "myWorkspaceName" -RuleId "48bbf86d-540b-4a7b-9fee-2bd7d810dbed" -LogicAppResourceId ($LogicAppResourceId.Id) -TriggerUri ($LogicAppTriggerUri.Value) -Id ((New-Guid).Guid)
This command updates an alert rule action
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
Action ID
Type: | String |
Aliases: | ActionId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | ISecurityInsightsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-LogicAppResourceId
Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group. The name is case insensitive.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RuleId
Alert rule ID
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
Type: | String |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-TriggerUri
Logic App Callback URL for this specific workflow.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
The name of the workspace.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Outputs
Azure PowerShell