你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

Az.SecurityInsights

Microsoft Azure Sentinel 是可缩放的云原生安全信息事件管理 (SIEM) 和安全业务流程自动响应 (SOAR) 解决方案。 Azure Sentinel 在整个企业范围内提供智能安全分析和威胁智能,为警报检测、威胁可见性、主动搜寻和威胁响应提供单一解决方案。
Azure Sentinel PowerShell 模块 (Az.SecurityInsights) 允许你与以下组件进行交互:* 事件 * 分析规则 (警报规则)

  • 分析规则模板
  • 分析规则操作 (,例如将 Azure 逻辑应用 Playbook 附加到规则)
  • 书签
  • 数据连接器
  • 注释

所有 cmdlet 都可以使用连接对象来提供 resourceGroupName 和 workspaceName,如以下示例所示:

安全见解

Get-AzSentinelAlertRule

Gets a specific or all Analytic Rules (Alert Rule).

Get-AzSentinelAlertRuleAction

Gets an Automated Response (Alert Rule Action) for an Analytics Rule, like an Azure Logic Apps Playbook.
Azure Sentinel Automation Rules will be supported in the future.

Note: This requires a parameter value of "AlertRuleId"

Get-AzSentinelAlertRuleTemplate

Gets an Analytic Rule Template.

Get-AzSentinelBookmark

Gets a Bookmark.
A Bookmark is used to preserve queries, comments and tags for a specific incident.
You create the Bookmark first and then add it to an incident.

Get-AzSentinelDataConnector

Gets a Data Connector.

Please note that automation support is only available for the following data connectors:

  • AADDataConnector
  • AATPDataConnector
  • ASCDataConnector
  • AwsCloudTrailDataConnector
  • MCASDataConnector
  • MDATPDataConnector
  • OfficeDataConnector
  • TIDataConnector
Get-AzSentinelIncident

Gets one or more Azure Sentinel Incidents.

Get-AzSentinelIncidentComment

Gets an Incident Comment.

New-AzSentinelAlertRule

Create an Analytics Rule (Alert Rule).

New-AzSentinelAlertRuleAction

Add an Automated Response to an Analytic Rule.

New-AzSentinelBookmark

Creates a Bookmark for a specific incident.

New-AzSentinelDataConnector

Creates a Data Connector.

New-AzSentinelIncident

Creates an Incident.

New-AzSentinelIncidentComment

Adds a Comment to an Incident.

New-AzSentinelIncidentOwner

Create Incident Owner object to update an incident owner.

Remove-AzSentinelAlertRule

Deletes an Analytics Rule (AlertRule)

Remove-AzSentinelAlertRuleAction

Removes an Automated Response from an Analytic Rule.

Remove-AzSentinelBookmark

Deletes a Bookmark.

Remove-AzSentinelDataConnector

Removes a Data Connector.

Remove-AzSentinelIncident

Deletes an Incident.

Update-AzSentinelAlertRule

Updates an Analytic Rule (Alert Rule).

Update-AzSentinelAlertRuleAction

Updates an Automated Response (Alert Rule Action).

Update-AzSentinelBookmark

Updates a Bookmark.

Update-AzSentinelDataConnector

Updates a Data Connector.

Update-AzSentinelIncident

Updates an Incident