az sentinel
Note
This reference is part of the sentinel extension for the Azure CLI (version 2.37.0 or higher). The extension will automatically install the first time you run an az sentinel command. Learn more about extensions.
Manage Microsoft Sentinel.
Commands
Name | Description | Type | Status |
---|---|---|---|
az sentinel alert-rule |
Manage alert rule with sentinel. |
Extension | GA |
az sentinel alert-rule action |
Manage alert rule action with sentinel. |
Extension | GA |
az sentinel alert-rule action create |
Create the action of alert rule. |
Extension | Experimental |
az sentinel alert-rule action delete |
Delete the action of alert rule. |
Extension | Experimental |
az sentinel alert-rule action list |
Get all actions of alert rule. |
Extension | Experimental |
az sentinel alert-rule action show |
Get the action of alert rule. |
Extension | Experimental |
az sentinel alert-rule action update |
Update the action of alert rule. |
Extension | Experimental |
az sentinel alert-rule create |
Create the alert rule. |
Extension | Experimental |
az sentinel alert-rule delete |
Delete the alert rule. |
Extension | Experimental |
az sentinel alert-rule list |
Get all alert rules. |
Extension | Experimental |
az sentinel alert-rule show |
Get the alert rule. |
Extension | Experimental |
az sentinel alert-rule template |
Manage alert rule template with sentinel. |
Extension | GA |
az sentinel alert-rule template list |
Get all alert rule templates. |
Extension | Experimental |
az sentinel alert-rule template show |
Get the alert rule template. |
Extension | Experimental |
az sentinel alert-rule update |
Update the alert rule. |
Extension | Experimental |
az sentinel analytics-setting |
Manage security ml analytics setting with sentinel. |
Extension | GA |
az sentinel analytics-setting create |
Create the Security ML Analytics Settings. |
Extension | Experimental |
az sentinel analytics-setting delete |
Delete the Security ML Analytics Settings. |
Extension | Experimental |
az sentinel analytics-setting list |
Get all Security ML Analytics Settings. |
Extension | Experimental |
az sentinel analytics-setting show |
Get the Security ML Analytics Settings. |
Extension | Experimental |
az sentinel analytics-setting update |
Update the Security ML Analytics Settings. |
Extension | Experimental |
az sentinel automation-rule |
Manage automation rule with sentinel. |
Extension | GA |
az sentinel automation-rule create |
Create the automation rule. |
Extension | Experimental |
az sentinel automation-rule delete |
Delete the automation rule. |
Extension | Experimental |
az sentinel automation-rule list |
Get all automation rules. |
Extension | Experimental |
az sentinel automation-rule show |
Get the automation rule. |
Extension | Experimental |
az sentinel automation-rule update |
Update the automation rule. |
Extension | Experimental |
az sentinel bookmark |
Manage bookmark with sentinel. |
Extension | GA |
az sentinel bookmark create |
Create the bookmark. |
Extension | Experimental |
az sentinel bookmark delete |
Delete the bookmark. |
Extension | Experimental |
az sentinel bookmark expand |
Expand an bookmark. |
Extension | Experimental |
az sentinel bookmark list |
Get all bookmarks. |
Extension | Experimental |
az sentinel bookmark relation |
Manage bookmark relation with sentinel. |
Extension | GA |
az sentinel bookmark relation create |
Create the bookmark relation. |
Extension | Experimental |
az sentinel bookmark relation delete |
Delete the bookmark relation. |
Extension | Experimental |
az sentinel bookmark relation list |
Get all bookmark relations. |
Extension | Experimental |
az sentinel bookmark relation show |
Get a bookmark relation. |
Extension | Experimental |
az sentinel bookmark relation update |
Update the bookmark relation. |
Extension | Experimental |
az sentinel bookmark show |
Get a bookmark. |
Extension | Experimental |
az sentinel bookmark update |
Update the bookmark. |
Extension | Experimental |
az sentinel data-connector |
Manage data connector with sentinel. |
Extension | GA |
az sentinel data-connector connect |
Connect a data connector. |
Extension | Experimental |
az sentinel data-connector create |
Create the data connector. |
Extension | Experimental |
az sentinel data-connector delete |
Delete the data connector. |
Extension | Experimental |
az sentinel data-connector disconnect |
Disconnect a data connector. |
Extension | Experimental |
az sentinel data-connector list |
Get all data connectors. |
Extension | Experimental |
az sentinel data-connector show |
Get a data connector. |
Extension | Experimental |
az sentinel data-connector update |
Update the data connector. |
Extension | Experimental |
az sentinel enrichment |
Manage enrichment with sentinel. |
Extension | GA |
az sentinel enrichment domain-whois |
Manage domain whois with sentinel. |
Extension | GA |
az sentinel enrichment domain-whois show |
Get whois information for a single domain name. |
Extension | Experimental |
az sentinel enrichment ip-geodata |
Manage ip geodata with sentinel. |
Extension | GA |
az sentinel enrichment ip-geodata show |
Get geodata for a single IP address. |
Extension | Experimental |
az sentinel entity-query |
Manage entity query with sentinel. |
Extension | GA |
az sentinel entity-query create |
Create the entity query. |
Extension | Experimental |
az sentinel entity-query delete |
Delete the entity query. |
Extension | Experimental |
az sentinel entity-query list |
Get all entity queries. |
Extension | Experimental |
az sentinel entity-query show |
Get an entity query. |
Extension | Experimental |
az sentinel entity-query template |
Manage entity query template with sentinel. |
Extension | GA |
az sentinel entity-query template list |
Get all entity query templates. |
Extension | Experimental |
az sentinel entity-query template show |
Get an entity query. |
Extension | Experimental |
az sentinel entity-query update |
Update the entity query. |
Extension | Experimental |
az sentinel incident |
Manage incident with sentinel. |
Extension | GA |
az sentinel incident comment |
Manage incident comment with sentinel. |
Extension | GA |
az sentinel incident comment create |
Create the incident comment. |
Extension | Experimental |
az sentinel incident comment delete |
Delete the incident comment. |
Extension | Experimental |
az sentinel incident comment list |
Get all incident comments. |
Extension | Experimental |
az sentinel incident comment show |
Get an incident comment. |
Extension | Experimental |
az sentinel incident comment update |
Update the incident comment. |
Extension | Experimental |
az sentinel incident create |
Create the incident. |
Extension | Experimental |
az sentinel incident create-team |
Create a Microsoft team to investigate the incident by sharing information and insights between participants. |
Extension | Experimental |
az sentinel incident delete |
Delete the incident. |
Extension | Experimental |
az sentinel incident list |
Get all incidents. |
Extension | Experimental |
az sentinel incident list-alert |
Get all incident alerts. |
Extension | Experimental |
az sentinel incident list-bookmark |
Get all incident bookmarks. |
Extension | Experimental |
az sentinel incident list-entity |
Get all incident related entities. |
Extension | Experimental |
az sentinel incident relation |
Manage incident relation with sentinel. |
Extension | GA |
az sentinel incident relation create |
Create the incident relation. |
Extension | Experimental |
az sentinel incident relation delete |
Delete the incident relation. |
Extension | Experimental |
az sentinel incident relation list |
Get all incident relations. |
Extension | Experimental |
az sentinel incident relation show |
Get an incident relation. |
Extension | Experimental |
az sentinel incident relation update |
Update the incident relation. |
Extension | Experimental |
az sentinel incident run-playbook |
Trigger playbook on a specific incident. |
Extension | Experimental |
az sentinel incident show |
Get an incident. |
Extension | Experimental |
az sentinel incident update |
Update the incident. |
Extension | Experimental |
az sentinel metadata |
Manage metadata with sentinel. |
Extension | GA |
az sentinel metadata create |
Create a Metadata. |
Extension | Experimental |
az sentinel metadata delete |
Delete a Metadata. |
Extension | Experimental |
az sentinel metadata list |
List of all metadata. |
Extension | Experimental |
az sentinel metadata show |
Get a Metadata. |
Extension | Experimental |
az sentinel metadata update |
Update a Metadata. |
Extension | Experimental |
az sentinel office-consent |
Manage office consent with sentinel. |
Extension | GA |
az sentinel office-consent delete |
Delete the office365 consent. |
Extension | Experimental |
az sentinel office-consent list |
Get all office365 consents. |
Extension | Experimental |
az sentinel office-consent show |
Get an office365 consent. |
Extension | Experimental |
az sentinel onboarding-state |
Manage onboarding state with sentinel. |
Extension | GA |
az sentinel onboarding-state create |
Create Sentinel onboarding state. |
Extension | Experimental |
az sentinel onboarding-state delete |
Delete Sentinel onboarding state. |
Extension | Experimental |
az sentinel onboarding-state list |
Get all Sentinel onboarding states. |
Extension | Experimental |
az sentinel onboarding-state show |
Get Sentinel onboarding state. |
Extension | Experimental |
az sentinel onboarding-state update |
Update Sentinel onboarding state. |
Extension | Experimental |
az sentinel setting |
Manage setting with sentinel. |
Extension | GA |
az sentinel setting create |
Create setting. |
Extension | Experimental |
az sentinel setting delete |
Delete setting of the product. |
Extension | Experimental |
az sentinel setting list |
List of all the settings. |
Extension | Experimental |
az sentinel setting show |
Get a setting. |
Extension | Experimental |
az sentinel setting update |
Update setting. |
Extension | Experimental |
az sentinel source-control |
Manage source control with sentinel. |
Extension | GA |
az sentinel source-control create |
Create a source control. |
Extension | Experimental |
az sentinel source-control delete |
Delete a source control. |
Extension | Experimental |
az sentinel source-control list |
Get all source controls, without source control items. |
Extension | Experimental |
az sentinel source-control list-repository |
Get a list of repositories metadata. |
Extension | Experimental |
az sentinel source-control show |
Get a source control by its identifier. |
Extension | Experimental |
az sentinel source-control update |
Create a source control. |
Extension | Experimental |
az sentinel threat-indicator |
Manage threat intelligence indicator with sentinel. |
Extension | GA |
az sentinel threat-indicator append-tag |
Append tags to a threat intelligence indicator. |
Extension | Experimental |
az sentinel threat-indicator create |
Create a new threat intelligence indicator. |
Extension | Experimental |
az sentinel threat-indicator delete |
Delete a threat intelligence indicator. |
Extension | Experimental |
az sentinel threat-indicator list |
Get all threat intelligence indicators. |
Extension | Experimental |
az sentinel threat-indicator metric |
Manage threat intelligence indicator metric with sentinel. |
Extension | GA |
az sentinel threat-indicator metric list |
Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). |
Extension | GA |
az sentinel threat-indicator query |
Query threat intelligence indicators as per filtering criteria. |
Extension | Experimental |
az sentinel threat-indicator replace-tag |
Replace tags added to a threat intelligence indicator. |
Extension | Experimental |
az sentinel threat-indicator show |
View a threat intelligence indicator by name. |
Extension | Experimental |
az sentinel threat-indicator update |
Update a threat Intelligence indicator. |
Extension | Experimental |
az sentinel watchlist |
Manage watchlist with sentinel. |
Extension | GA |
az sentinel watchlist create |
Create a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation header. |
Extension | Experimental |
az sentinel watchlist delete |
Delete a watchlist. |
Extension | Experimental |
az sentinel watchlist list |
Get all watchlists, without watchlist items. |
Extension | Experimental |
az sentinel watchlist show |
Get a watchlist, without its watchlist items. |
Extension | Experimental |
az sentinel watchlist update |
Update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv content type). To create a Watchlist and its Items, we should call this endpoint with either rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large watchlist, where the content size can go up to 500 MB. The status of processing such large file can be polled through the URL returned in Azure-AsyncOperation header. |
Extension | Experimental |
Azure CLI