你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Invoke-AzSentinelThreatIntelligenceIndicatorQuery
根据筛选条件查询威胁情报指示器。
语法
Invoke-AzSentinelThreatIntelligenceIndicatorQuery
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String[]>]
[-IncludeDisabled]
[-Keyword <String[]>]
[-MaxConfidence <Int32>]
[-MaxValidUntil <String>]
[-MinConfidence <Int32>]
[-MinValidUntil <String>]
[-PageSize <Int32>]
[-PatternType <String[]>]
[-SkipToken <String>]
[-SortBy <IThreatIntelligenceSortingCriteria[]>]
[-Source <String[]>]
[-ThreatType <String[]>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>]
说明
根据筛选条件查询威胁情报指示器。
示例
示例 1:查询所有威胁情报指标
Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName"
Etag Kind Name SystemDataCreatedAt SystemDataCreatedBy
---- ---- ---- ------------------- -------
"b603878e-0000-0100-0000-62d1d0010000" indicator f4dd9aa3-081b-2f0b-a5d7-3805954e8a39
此命令查询 TI 指示器。
参数
-Confirm
提示你在运行 cmdlet 之前进行确认。
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
DefaultProfile 参数不起作用。 如果对其他订阅执行 cmdlet,请使用 SubscriptionId 参数。
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
威胁情报指标的 ID
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncludeDisabled
要包含/排除已禁用指示器的参数。
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Keyword
用于搜索威胁情报指示器的关键字
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MaxConfidence
最大置信度。
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MaxValidUntil
ValidUntil 筛选器的结束时间。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MinConfidence
最小置信度。
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MinValidUntil
ValidUntil 筛选器的开始时间。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PageSize
页面大小
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PatternType
模式类型
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
资源组的名称。 此名称不区分大小写。
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SkipToken
跳过令牌。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SortBy
要按排序顺序和排序顺序构造的列,请参阅 SORTBY 属性的 NOTES 部分并创建哈希表。
Type: | IThreatIntelligenceSortingCriteria[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Source
威胁情报指标的来源
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
目标订阅的 ID。
Type: | String |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ThreatType
威胁情报指标的威胁类型
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
工作区的名称。
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
输出
IThreatIntelligenceInformation
备注
别名
复杂参数属性
若要创建下面所述的参数,请构造一个包含相应属性的哈希表。 有关哈希表的信息,请运行 Get-Help about_Hash_Tables。
SORTBY <IThreatIntelligenceSortingCriteria[]>
:排序依据和排序顺序的列
[ItemKey <String>]
:列名[SortOrder <ThreatIntelligenceSortingCriteriaEnum?>]
:排序顺序(升序/降序/未排序)。
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈