Update-AzSentinelAlertRuleAction
Creates or updates the action of alert rule.
Syntax
Update-AzSentinelAlertRuleAction
-Id <String>
-ResourceGroupName <String>
-RuleId <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-LogicAppResourceId <String>]
[-TriggerUri <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>] Update-AzSentinelAlertRuleAction
-InputObject <ISecurityInsightsIdentity>
[-LogicAppResourceId <String>]
[-TriggerUri <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>] Description
Creates or updates the action of alert rule.
Examples
Example 1: Updates an alert rule action
$LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myLogicAppResourceGroupName" -Name "myLogicAppPlaybookName"
$LogicAppTriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "myLogicAppResourceGroupName" -Name $LogicAppResourceId.Name -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
Update-AzSentinelAlertRuleAction -ResourceGroupName "mySentinelResourceGroupName" -workspaceName "myWorkspaceName" -RuleId "48bbf86d-540b-4a7b-9fee-2bd7d810dbed" -LogicAppResourceId ($LogicAppResourceId.Id) -TriggerUri ($LogicAppTriggerUri.Value) -Id ((New-Guid).Guid)This command updates an alert rule action
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
| Type: | PSObject |
| Aliases: | AzureRMContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Action ID
| Type: | String |
| Aliases: | ActionId |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | ISecurityInsightsIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-LogicAppResourceId
Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group. The name is case insensitive.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RuleId
Alert rule ID
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
| Type: | String |
| Position: | Named |
| Default value: | (Get-AzContext).Subscription.Id |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TriggerUri
Logic App Callback URL for this specific workflow.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WorkspaceName
The name of the workspace.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Outputs
Notes
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <ISecurityInsightsIdentity>: Identity Parameter
[ActionId <String>]: Action ID[AlertRuleTemplateId <String>]: Alert rule template ID[AutomationRuleId <String>]: Automation rule ID[BookmarkId <String>]: Bookmark ID[ConsentId <String>]: consent ID[DataConnectorId <String>]: Connector ID[EntityId <String>]: entity ID[EntityQueryId <String>]: entity query ID[EntityQueryTemplateId <String>]: entity query template ID[Id <String>]: Resource identity path[IncidentCommentId <String>]: Incident comment ID[IncidentId <String>]: Incident ID[MetadataName <String>]: The Metadata name.[Name <String>]: Threat intelligence indicator name field.[RelationName <String>]: Relation Name[ResourceGroupName <String>]: The name of the resource group. The name is case insensitive.[RuleId <String>]: Alert rule ID[SentinelOnboardingStateName <String>]: The Sentinel onboarding state name. Supports - default[SettingsName <String>]: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba[SourceControlId <String>]: Source control Id[SubscriptionId <String>]: The ID of the target subscription.[WorkspaceName <String>]: The name of the workspace.
Azure PowerShell
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for