你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
New-AzSentinelBookmark
创建或更新书签。
语法
New-AzSentinelBookmark
-ResourceGroupName <String>
-WorkspaceName <String>
[-Id <String>]
[-SubscriptionId <String>]
[-DisplayName <String>]
[-EventTime <DateTime>]
[-IncidentInfoIncidentId <String>]
[-IncidentInfoRelationName <String>]
[-IncidentInfoSeverity <IncidentSeverity>]
[-IncidentInfoTitle <String>]
[-Label <String[]>]
[-Note <String>]
[-Query <String>]
[-QueryEndTime <DateTime>]
[-QueryResult <String>]
[-QueryStartTime <DateTime>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>]
New-AzSentinelBookmark
-ResourceGroupName <String>
-WorkspaceName <String>
-Bookmark <IBookmark>
[-Id <String>]
[-SubscriptionId <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>]
说明
创建或更新书签。
示例
示例 1:创建书签
$queryStartTime = (Get-Date).AddDays(-1).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$queryEndTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
New-AzSentinelBookmark -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -DisplayName "Incident Evidence" -Query "SecurityEvent | take 1" -QueryStartTime $queryStartTime -QueryEndTime $queryEndTime -EventTime $queryEndTime
DisplayName : Incident Evidence
CreatedByName : John Contoso
CreatedByEmail : john@contoso.com
Name : 6a8d6ea6-04d5-49d7-8169-ffca8b0ced59
Note : my notes
此命令创建书签。
参数
-Bookmark
表示 Azure 安全见解中的书签。 若要构造,请参阅 BOOKMARK 属性的 NOTES 部分并创建哈希表。
Type: | IBookmark |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
DefaultProfile 参数不起作用。 如果对其他订阅执行 cmdlet,请使用 SubscriptionId 参数。
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DisplayName
书签的显示名称
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EventTime
书签事件时间
Type: | DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
书签 ID
Type: | String |
Aliases: | BookmarkId |
Position: | Named |
Default value: | (New-Guid).Guid |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncidentInfoIncidentId
事件 ID
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncidentInfoRelationName
关系名称
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncidentInfoSeverity
事件的严重性
Type: | IncidentSeverity |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncidentInfoTitle
事件的标题
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Label
与此书签相关的标签列表
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Note
书签的笔记
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Query
书签的查询。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-QueryEndTime
查询的结束时间
Type: | DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-QueryResult
书签的查询结果。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-QueryStartTime
查询的开始时间
Type: | DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
资源组的名称。 此名称不区分大小写。
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
目标订阅的 ID。
Type: | String |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
工作区的名称。
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
输入
输出
备注
别名
复杂参数属性
若要创建下面所述的参数,请构造一个包含相应属性的哈希表。 有关哈希表的信息,请运行 Get-Help about_Hash_Tables。
BOOKMARK <IBookmark>
:表示 Azure 安全见解中的书签。
[Etag <String>]
:Azure 资源的 Etag[SystemDataCreatedAt <DateTime?>]
:资源创建时间戳(UTC)。[SystemDataCreatedBy <String>]
:创建资源的标识。[SystemDataCreatedByType <CreatedByType?>]
:创建资源的标识的类型。[SystemDataLastModifiedAt <DateTime?>]
:资源上次修改的时间戳(UTC)[SystemDataLastModifiedBy <String>]
:上次修改资源的标识。[SystemDataLastModifiedByType <CreatedByType?>]
:上次修改资源的标识类型。[Created <DateTime?>]
:创建书签的时间[CreatedByObjectId <String>]
:用户的对象 ID。[DisplayName <String>]
:书签的显示名称[EventTime <DateTime?>]
:书签事件时间[IncidentInfoIncidentId <String>]
:事件 ID[IncidentInfoRelationName <String>]
:关系名称[IncidentInfoSeverity <IncidentSeverity?>]
:事件的严重性[IncidentInfoTitle <String>]
:事件的标题[Label <String[]>]
:与此书签相关的标签列表[Note <String>]
:书签的备注[Query <String>]
:书签的查询。[QueryEndTime <DateTime?>]
:查询的结束时间[QueryResult <String>]
:书签的查询结果。[QueryStartTime <DateTime?>]
:查询的开始时间[Updated <DateTime?>]
:上次更新书签的时间[UpdatedByObjectId <String>]
:用户的对象 ID。
反馈
https://aka.ms/ContentUserFeedback。
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈