Update-MgBetaSecurityRuleDetectionRule
Update the navigation property detectionRules in security
Syntax
Update-MgBetaSecurityRuleDetectionRule
-DetectionRuleId <String>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-CreatedBy <String>]
[-CreatedDateTime <DateTime>]
[-DetectionAction <IMicrosoftGraphSecurityDetectionAction>]
[-DetectorId <String>]
[-DisplayName <String>]
[-Id <String>]
[-IsEnabled]
[-LastModifiedBy <String>]
[-LastModifiedDateTime <DateTime>]
[-LastRunDetails <IMicrosoftGraphSecurityRunDetails>]
[-QueryCondition <IMicrosoftGraphSecurityQueryCondition>]
[-Schedule <IMicrosoftGraphSecurityRuleSchedule>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgBetaSecurityRuleDetectionRule
-DetectionRuleId <String>
-BodyParameter <IMicrosoftGraphSecurityDetectionRule>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgBetaSecurityRuleDetectionRule
-InputObject <ISecurityIdentity>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-CreatedBy <String>]
[-CreatedDateTime <DateTime>]
[-DetectionAction <IMicrosoftGraphSecurityDetectionAction>]
[-DetectorId <String>]
[-DisplayName <String>]
[-Id <String>]
[-IsEnabled]
[-LastModifiedBy <String>]
[-LastModifiedDateTime <DateTime>]
[-LastRunDetails <IMicrosoftGraphSecurityRunDetails>]
[-QueryCondition <IMicrosoftGraphSecurityQueryCondition>]
[-Schedule <IMicrosoftGraphSecurityRuleSchedule>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgBetaSecurityRuleDetectionRule
-InputObject <ISecurityIdentity>
-BodyParameter <IMicrosoftGraphSecurityDetectionRule>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Update the navigation property detectionRules in security
Permissions
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | CustomDetection.ReadWrite.All, |
| Delegated (personal Microsoft account) | Not supported |
| Application | CustomDetection.ReadWrite.All, |
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BodyParameter
detectionRule To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IMicrosoftGraphSecurityDetectionRule |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CreatedBy
Name of the user or application that created the rule.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CreatedDateTime
Timestamp of rule creation.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DetectionAction
detectionAction To construct, see NOTES section for DETECTIONACTION properties and create a hash table.
| Type: | IMicrosoftGraphSecurityDetectionAction |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DetectionRuleId
The unique identifier of detectionRule
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DetectorId
The ID of the detector that triggered the alert. Also see the 'detectorId' field in microsoft.graph.security.alert.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
Name of the rule.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | ISecurityIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IsEnabled
Whether rule is turned on for the tenant.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LastModifiedBy
Name of the user or application who last updated the rule.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LastModifiedDateTime
Timestamp of when the rule was last updated.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LastRunDetails
runDetails To construct, see NOTES section for LASTRUNDETAILS properties and create a hash table.
| Type: | IMicrosoftGraphSecurityRunDetails |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-QueryCondition
queryCondition To construct, see NOTES section for QUERYCONDITION properties and create a hash table.
| Type: | IMicrosoftGraphSecurityQueryCondition |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Schedule
ruleSchedule To construct, see NOTES section for SCHEDULE properties and create a hash table.
| Type: | IMicrosoftGraphSecurityRuleSchedule |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityDetectionRule
Microsoft.Graph.Beta.PowerShell.Models.ISecurityIdentity
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityDetectionRule
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphSecurityDetectionRule>: detectionRule
[(Any) <Object>]: This indicates any property can be added to this object.[CreatedBy <String>]: Name of the user or application that created the rule.[CreatedDateTime <DateTime?>]: Timestamp of rule creation.[DisplayName <String>]: Name of the rule.[IsEnabled <Boolean?>]: Whether rule is turned on for the tenant.[LastModifiedBy <String>]: Name of the user or application who last updated the rule.[LastModifiedDateTime <DateTime?>]: Timestamp of when the rule was last updated.[Id <String>]: The unique identifier for an entity. Read-only.[DetectionAction <IMicrosoftGraphSecurityDetectionAction>]: detectionAction[(Any) <Object>]: This indicates any property can be added to this object.[AlertTemplate <IMicrosoftGraphSecurityAlertTemplate>]: alertTemplate[(Any) <Object>]: This indicates any property can be added to this object.[Category <String>]: Category assigned to the alert triggered by the custom detection rule.[Description <String>]: Description of the alert triggered by the custom detection rule.[ImpactedAssets <IMicrosoftGraphSecurityImpactedAsset-[]>]: Which asset or assets were impacted based on the alert triggered by the custom detection rule.[MitreTechniques <String-[]>]: MITRE technique assigned to the alert triggered by the custom detection rule.[RecommendedActions <String>]: Recommended actions to mitigate the threat related to the alert triggered by the custom detection rule.[Severity <String>]: alertSeverity[Title <String>]: Name of the alert triggered by the custom detection rule.
[OrganizationalScope <IMicrosoftGraphSecurityOrganizationalScope>]: organizationalScope[(Any) <Object>]: This indicates any property can be added to this object.[ScopeNames <String-[]>]: List of groups to which the custom detection rule applies.[ScopeType <String>]: scopeType
[ResponseActions <IMicrosoftGraphSecurityResponseAction-[]>]: Actions taken on impacted assets as set in the custom detection rule.
[DetectorId <String>]: The ID of the detector that triggered the alert. Also see the 'detectorId' field in microsoft.graph.security.alert.[LastRunDetails <IMicrosoftGraphSecurityRunDetails>]: runDetails[(Any) <Object>]: This indicates any property can be added to this object.[ErrorCode <String>]: huntingRuleErrorCode[FailureReason <String>]: Reason for failure when the custom detection last ran and failed. See the table below.[LastRunDateTime <DateTime?>]: Timestamp when the custom detection was last run.[Status <String>]: huntingRuleRunStatus
[QueryCondition <IMicrosoftGraphSecurityQueryCondition>]: queryCondition[(Any) <Object>]: This indicates any property can be added to this object.[LastModifiedDateTime <DateTime?>]: Timestamp of when the query in the custom detection rule was last updated.[QueryText <String>]: Contents of the query.
[Schedule <IMicrosoftGraphSecurityRuleSchedule>]: ruleSchedule[(Any) <Object>]: This indicates any property can be added to this object.[NextRunDateTime <DateTime?>]: Timestamp of the custom detection rule's next scheduled run.[Period <String>]: How often the detection rule is set to run. The allowed values are: 0, 1H, 3H, 12H, or 24H. '0' signifies the rule is run continuously.
DETECTIONACTION <IMicrosoftGraphSecurityDetectionAction>: detectionAction
[(Any) <Object>]: This indicates any property can be added to this object.[AlertTemplate <IMicrosoftGraphSecurityAlertTemplate>]: alertTemplate[(Any) <Object>]: This indicates any property can be added to this object.[Category <String>]: Category assigned to the alert triggered by the custom detection rule.[Description <String>]: Description of the alert triggered by the custom detection rule.[ImpactedAssets <IMicrosoftGraphSecurityImpactedAsset-[]>]: Which asset or assets were impacted based on the alert triggered by the custom detection rule.[MitreTechniques <String-[]>]: MITRE technique assigned to the alert triggered by the custom detection rule.[RecommendedActions <String>]: Recommended actions to mitigate the threat related to the alert triggered by the custom detection rule.[Severity <String>]: alertSeverity[Title <String>]: Name of the alert triggered by the custom detection rule.
[OrganizationalScope <IMicrosoftGraphSecurityOrganizationalScope>]: organizationalScope[(Any) <Object>]: This indicates any property can be added to this object.[ScopeNames <String-[]>]: List of groups to which the custom detection rule applies.[ScopeType <String>]: scopeType
[ResponseActions <IMicrosoftGraphSecurityResponseAction-[]>]: Actions taken on impacted assets as set in the custom detection rule.
INPUTOBJECT <ISecurityIdentity>: Identity Parameter
[AlertId <String>]: The unique identifier of alert[AnalyzedEmailId <String>]: The unique identifier of analyzedEmail[ArticleId <String>]: The unique identifier of article[ArticleIndicatorId <String>]: The unique identifier of articleIndicator[AttackSimulationOperationId <String>]: The unique identifier of attackSimulationOperation[AuditLogQueryId <String>]: The unique identifier of auditLogQuery[AuditLogRecordId <String>]: The unique identifier of auditLogRecord[AuthoredNoteId <String>]: The unique identifier of authoredNote[AuthorityTemplateId <String>]: The unique identifier of authorityTemplate[CaseOperationId <String>]: The unique identifier of caseOperation[CategoryTemplateId <String>]: The unique identifier of categoryTemplate[CitationTemplateId <String>]: The unique identifier of citationTemplate[CloudAppDiscoveryReportId <String>]: The unique identifier of cloudAppDiscoveryReport[CloudAppSecurityProfileId <String>]: The unique identifier of cloudAppSecurityProfile[CustomerInsightTenantId <String>]: The unique identifier of customerInsight[DataSourceId <String>]: The unique identifier of dataSource[DepartmentTemplateId <String>]: The unique identifier of departmentTemplate[DetectionRuleId <String>]: The unique identifier of detectionRule[DispositionReviewStageNumber <String>]: The unique identifier of dispositionReviewStage[DomainSecurityProfileId <String>]: The unique identifier of domainSecurityProfile[EdiscoveryCaseId <String>]: The unique identifier of ediscoveryCase[EdiscoveryCaseMemberId <String>]: The unique identifier of ediscoveryCaseMember[EdiscoveryCustodianId <String>]: The unique identifier of ediscoveryCustodian[EdiscoveryFileId <String>]: The unique identifier of ediscoveryFile[EdiscoveryHoldPolicyId <String>]: The unique identifier of ediscoveryHoldPolicy[EdiscoveryNoncustodialDataSourceId <String>]: The unique identifier of ediscoveryNoncustodialDataSource[EdiscoveryReviewSetId <String>]: The unique identifier of ediscoveryReviewSet[EdiscoveryReviewSetQueryId <String>]: The unique identifier of ediscoveryReviewSetQuery[EdiscoveryReviewTagId <String>]: The unique identifier of ediscoveryReviewTag[EdiscoveryReviewTagId1 <String>]: The unique identifier of ediscoveryReviewTag[EdiscoverySearchId <String>]: The unique identifier of ediscoverySearch[EmailThreatSubmissionId <String>]: The unique identifier of emailThreatSubmission[EmailThreatSubmissionPolicyId <String>]: The unique identifier of emailThreatSubmissionPolicy[EndUserNotificationDetailId <String>]: The unique identifier of endUserNotificationDetail[EndUserNotificationId <String>]: The unique identifier of endUserNotification[FilePlanReferenceTemplateId <String>]: The unique identifier of filePlanReferenceTemplate[FileSecurityProfileId <String>]: The unique identifier of fileSecurityProfile[FileThreatSubmissionId <String>]: The unique identifier of fileThreatSubmission[HealthIssueId <String>]: The unique identifier of healthIssue[HostComponentId <String>]: The unique identifier of hostComponent[HostCookieId <String>]: The unique identifier of hostCookie[HostId <String>]: The unique identifier of host[HostPairId <String>]: The unique identifier of hostPair[HostPortId <String>]: The unique identifier of hostPort[HostSecurityProfileId <String>]: The unique identifier of hostSecurityProfile[HostSslCertificateId <String>]: The unique identifier of hostSslCertificate[HostTrackerId <String>]: The unique identifier of hostTracker[IPSecurityProfileId <String>]: The unique identifier of ipSecurityProfile[IncidentId <String>]: The unique identifier of incident[IntelligenceProfileId <String>]: The unique identifier of intelligenceProfile[IntelligenceProfileIndicatorId <String>]: The unique identifier of intelligenceProfileIndicator[LandingPageDetailId <String>]: The unique identifier of landingPageDetail[LandingPageId <String>]: The unique identifier of landingPage[LoginPageId <String>]: The unique identifier of loginPage[PartnerSecurityAlertId <String>]: The unique identifier of partnerSecurityAlert[PassiveDnsRecordId <String>]: The unique identifier of passiveDnsRecord[PayloadId <String>]: The unique identifier of payload[ProviderTenantSettingId <String>]: The unique identifier of providerTenantSetting[RetentionEventId <String>]: The unique identifier of retentionEvent[RetentionEventTypeId <String>]: The unique identifier of retentionEventType[RetentionLabelId <String>]: The unique identifier of retentionLabel[SecureScoreControlProfileId <String>]: The unique identifier of secureScoreControlProfile[SecureScoreId <String>]: The unique identifier of secureScore[SecurityActionId <String>]: The unique identifier of securityAction[SecurityRequirementId <String>]: The unique identifier of securityRequirement[SecurityScoreHistoryId <String>]: The unique identifier of securityScoreHistory[SensitivityLabelId <String>]: The unique identifier of sensitivityLabel[SensorId <String>]: The unique identifier of sensor[SimulationAutomationId <String>]: The unique identifier of simulationAutomation[SimulationAutomationRunId <String>]: The unique identifier of simulationAutomationRun[SimulationId <String>]: The unique identifier of simulation[SiteSourceId <String>]: The unique identifier of siteSource[SslCertificateId <String>]: The unique identifier of sslCertificate[SubcategoryTemplateId <String>]: The unique identifier of subcategoryTemplate[SubdomainId <String>]: The unique identifier of subdomain[SubjectRightsRequestId <String>]: The unique identifier of subjectRightsRequest[TiIndicatorId <String>]: The unique identifier of tiIndicator[TrainingCampaignId <String>]: The unique identifier of trainingCampaign[TrainingId <String>]: The unique identifier of training[TrainingLanguageDetailId <String>]: The unique identifier of trainingLanguageDetail[UnifiedGroupSourceId <String>]: The unique identifier of unifiedGroupSource[UrlThreatSubmissionId <String>]: The unique identifier of urlThreatSubmission[UserId <String>]: The unique identifier of user[UserPrincipalName <String>]: Alternate key of user[UserSecurityProfileId <String>]: The unique identifier of userSecurityProfile[UserSourceId <String>]: The unique identifier of userSource[VulnerabilityComponentId <String>]: The unique identifier of vulnerabilityComponent[VulnerabilityId <String>]: The unique identifier of vulnerability[WhoisHistoryRecordId <String>]: The unique identifier of whoisHistoryRecord[WhoisRecordId <String>]: The unique identifier of whoisRecord
LASTRUNDETAILS <IMicrosoftGraphSecurityRunDetails>: runDetails
[(Any) <Object>]: This indicates any property can be added to this object.[ErrorCode <String>]: huntingRuleErrorCode[FailureReason <String>]: Reason for failure when the custom detection last ran and failed. See the table below.[LastRunDateTime <DateTime?>]: Timestamp when the custom detection was last run.[Status <String>]: huntingRuleRunStatus
QUERYCONDITION <IMicrosoftGraphSecurityQueryCondition>: queryCondition
[(Any) <Object>]: This indicates any property can be added to this object.[LastModifiedDateTime <DateTime?>]: Timestamp of when the query in the custom detection rule was last updated.[QueryText <String>]: Contents of the query.
SCHEDULE <IMicrosoftGraphSecurityRuleSchedule>: ruleSchedule
[(Any) <Object>]: This indicates any property can be added to this object.[NextRunDateTime <DateTime?>]: Timestamp of the custom detection rule's next scheduled run.[Period <String>]: How often the detection rule is set to run. The allowed values are: 0, 1H, 3H, 12H, or 24H. '0' signifies the rule is run continuously.