Update-AzSentinelAlertRuleAction
Creates or updates the action of alert rule.
Syntax
Update-AzSentinelAlertRuleAction
-Id <String>
-ResourceGroupName <String>
-RuleId <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-LogicAppResourceId <String>]
[-TriggerUri <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>]
Update-AzSentinelAlertRuleAction
-InputObject <ISecurityInsightsIdentity>
[-LogicAppResourceId <String>]
[-TriggerUri <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>]
Description
Creates or updates the action of alert rule.
Examples
Example 1: Updates an alert rule action
$LogicAppResourceId = Get-AzLogicApp -ResourceGroupName "myLogicAppResourceGroupName" -Name "myLogicAppPlaybookName"
$LogicAppTriggerUri = Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "myLogicAppResourceGroupName" -Name $LogicAppResourceId.Name -TriggerName "When_a_response_to_an_Azure_Sentinel_alert_is_triggered"
Update-AzSentinelAlertRuleAction -ResourceGroupName "mySentinelResourceGroupName" -workspaceName "myWorkspaceName" -RuleId "48bbf86d-540b-4a7b-9fee-2bd7d810dbed" -LogicAppResourceId ($LogicAppResourceId.Id) -TriggerUri ($LogicAppTriggerUri.Value) -Id ((New-Guid).Guid)
This command updates an alert rule action
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
Action ID
Type: | String |
Aliases: | ActionId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | ISecurityInsightsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-LogicAppResourceId
Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group. The name is case insensitive.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RuleId
Alert rule ID
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
Type: | String |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-TriggerUri
Logic App Callback URL for this specific workflow.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
The name of the workspace.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Outputs
Notes
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <ISecurityInsightsIdentity>
: Identity Parameter
[ActionId <String>]
: Action ID[AlertRuleTemplateId <String>]
: Alert rule template ID[AutomationRuleId <String>]
: Automation rule ID[BookmarkId <String>]
: Bookmark ID[ConsentId <String>]
: consent ID[DataConnectorId <String>]
: Connector ID[EntityId <String>]
: entity ID[EntityQueryId <String>]
: entity query ID[EntityQueryTemplateId <String>]
: entity query template ID[Id <String>]
: Resource identity path[IncidentCommentId <String>]
: Incident comment ID[IncidentId <String>]
: Incident ID[MetadataName <String>]
: The Metadata name.[Name <String>]
: Threat intelligence indicator name field.[RelationName <String>]
: Relation Name[ResourceGroupName <String>]
: The name of the resource group. The name is case insensitive.[RuleId <String>]
: Alert rule ID[SentinelOnboardingStateName <String>]
: The Sentinel onboarding state name. Supports - default[SettingsName <String>]
: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba[SourceControlId <String>]
: Source control Id[SubscriptionId <String>]
: The ID of the target subscription.[WorkspaceName <String>]
: The name of the workspace.
Azure PowerShell
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for