New-AzSentinelBookmark
Membuat atau memperbarui marka buku.
Sintaks
New-AzSentinelBookmark
-ResourceGroupName <String>
-WorkspaceName <String>
[-Id <String>]
[-SubscriptionId <String>]
[-DisplayName <String>]
[-EventTime <DateTime>]
[-IncidentInfoIncidentId <String>]
[-IncidentInfoRelationName <String>]
[-IncidentInfoSeverity <IncidentSeverity>]
[-IncidentInfoTitle <String>]
[-Label <String[]>]
[-Note <String>]
[-Query <String>]
[-QueryEndTime <DateTime>]
[-QueryResult <String>]
[-QueryStartTime <DateTime>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzSentinelBookmark
-ResourceGroupName <String>
-WorkspaceName <String>
[-Id <String>]
[-SubscriptionId <String>]
-Bookmark <IBookmark>
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Deskripsi
Membuat atau memperbarui marka buku.
Contoh
Contoh 1: Membuat Bookmark
$queryStartTime = (Get-Date).AddDays(-1).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$queryEndTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
New-AzSentinelBookmark -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -DisplayName "Incident Evidence" -Query "SecurityEvent | take 1" -QueryStartTime $queryStartTime -QueryEndTime $queryEndTime -EventTime $queryEndTime
DisplayName : Incident Evidence
CreatedByName : John Contoso
CreatedByEmail : john@contoso.com
Name : 6a8d6ea6-04d5-49d7-8169-ffca8b0ced59
Note : my notesPerintah ini membuat Bookmark.
Parameter
-Bookmark
Mewakili marka buku di Azure Security Insights. Untuk membuat, lihat bagian CATATAN untuk properti BOOKMARK dan membuat tabel hash.
| Jenis: | IBookmark |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | True |
| Terima input alur: | True |
| Terima karakter wildcard: | False |
-Confirm
Meminta konfirmasi sebelum menjalankan cmdlet.
| Jenis: | SwitchParameter |
| Alias: | cf |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-DefaultProfile
Parameter DefaultProfile tidak berfungsi. Gunakan parameter SubscriptionId saat tersedia jika menjalankan cmdlet terhadap langganan yang berbeda.
| Jenis: | PSObject |
| Alias: | AzureRMContext, AzureCredential |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-DisplayName
Nama tampilan marka buku
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-EventTime
Waktu peristiwa bookmark
| Jenis: | DateTime |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-Id
ID Marka Buku
| Jenis: | String |
| Alias: | BookmarkId |
| Position: | Named |
| Nilai default: | (New-Guid).Guid |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-IncidentInfoIncidentId
Id Insiden
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-IncidentInfoRelationName
Nama Relasi
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-IncidentInfoSeverity
Tingkat keparahan insiden
| Jenis: | IncidentSeverity |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-IncidentInfoTitle
Judul insiden
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-Label
Daftar label yang relevan dengan marka buku ini
| Jenis: | String[] |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-Note
Catatan marka buku
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-Query
Kueri marka buku.
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-QueryEndTime
Waktu akhir untuk kueri
| Jenis: | DateTime |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-QueryResult
Hasil kueri marka buku.
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-QueryStartTime
Waktu mulai untuk kueri
| Jenis: | DateTime |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-ResourceGroupName
Nama grup sumber daya. Nama tidak sensitif terhadap penggunaan huruf besar atau kecil.
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | True |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-SubscriptionId
ID langganan target.
| Jenis: | String |
| Position: | Named |
| Nilai default: | (Get-AzContext).Subscription.Id |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-WhatIf
Menunjukkan apa yang akan terjadi ketika cmdlet dijalankan. Cmdlet tidak dijalankan.
| Jenis: | SwitchParameter |
| Alias: | wi |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | False |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
-WorkspaceName
Nama ruang kerja.
| Jenis: | String |
| Position: | Named |
| Nilai default: | None |
| Diperlukan: | True |
| Terima input alur: | False |
| Terima karakter wildcard: | False |
