你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
New-AzSentinelIncident
创建或更新事件。
语法
New-AzSentinelIncident
-ResourceGroupName <String>
-WorkspaceName <String>
[-Id <String>]
[-SubscriptionId <String>]
[-Classification <IncidentClassification>]
[-ClassificationComment <String>]
[-ClassificationReason <IncidentClassificationReason>]
[-Description <String>]
[-FirstActivityTimeUtc <DateTime>]
[-Label <IIncidentLabel[]>]
[-LastActivityTimeUtc <DateTime>]
[-OwnerAssignedTo <String>]
[-OwnerEmail <String>]
[-OwnerObjectId <String>]
[-OwnerUserPrincipalName <String>]
[-ProviderIncidentId <String>]
[-ProviderName <String>]
[-Severity <IncidentSeverity>]
[-Status <IncidentStatus>]
[-Title <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>] New-AzSentinelIncident
-ResourceGroupName <String>
-WorkspaceName <String>
-Incident <IIncident>
[-Id <String>]
[-SubscriptionId <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>] 说明
创建或更新事件。
示例
示例 1:创建事件
New-AzSentinelIncident -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -Title "NewIncident" -Description "My Description" -Severity Low -Status New
Title : NewIncident
Description : My Description
Severity : Low
Status : New
Number : 779
CreatedTimeUtc : 2/3/2022 7:47:03 PM
Name : c831b5a7-5644-403f-9dc3-96d651e04c6d
Url : https://portal.azure.com/#asset/Microsoft_Azure_Security_Insights/Incident/subscriptions/274b1a41-c53c-4092-8d4a-7210f6a44a0c/resourceGroups/cyber-soc/providers/Microsoft.OperationalInsights/workspaces/myworkspace/providers/Microsoft.SecurityInsights/Incidents/c831b5a7-5644-403f-9dc3-96d651e04c6d此命令创建事件。
参数
-Classification
事件关闭的原因
| Type: | IncidentClassification |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ClassificationComment
描述事件关闭的原因
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ClassificationReason
事件被关闭的分类原因
| Type: | IncidentClassificationReason |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
DefaultProfile 参数不起作用。 如果对其他订阅执行 cmdlet,请使用 SubscriptionId 参数。
| Type: | PSObject |
| Aliases: | AzureRMContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
事件的说明
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FirstActivityTimeUtc
事件中第一个活动的时间
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
事件 ID
| Type: | String |
| Aliases: | IncidentId |
| Position: | Named |
| Default value: | (New-Guid).Guid |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Incident
表示 Azure 安全见解中的事件。 若要构造,请参阅 INCIDENT 属性的 NOTES 部分并创建哈希表。
| Type: | IIncident |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Label
要构造与此事件相关的标签列表,请参阅 LABEL 属性的 NOTES 部分,并创建哈希表。
| Type: | IIncidentLabel[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LastActivityTimeUtc
事件中最后一个活动的时间
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OwnerAssignedTo
事件分配给的用户的名称。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OwnerEmail
事件分配给的用户的电子邮件。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OwnerObjectId
事件分配给的用户的对象 ID。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OwnerUserPrincipalName
事件分配给的用户的用户主体名称。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProviderIncidentId
事件提供程序分配的事件 ID
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProviderName
生成事件的源提供程序的名称
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
资源组的名称。 此名称不区分大小写。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Severity
事件的严重性
| Type: | IncidentSeverity |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Status
事件的状态
| Type: | IncidentStatus |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SubscriptionId
目标订阅的 ID。
| Type: | String |
| Position: | Named |
| Default value: | (Get-AzContext).Subscription.Id |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Title
事件的标题
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WorkspaceName
工作区的名称。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
输入
输出
备注
别名
复杂参数属性
若要创建下面所述的参数,请构造一个包含相应属性的哈希表。 有关哈希表的信息,请运行 Get-Help about_Hash_Tables。
INCIDENT <IIncident>:表示 Azure 安全见解中的事件。
[Etag <String>]:Azure 资源的 Etag[SystemDataCreatedAt <DateTime?>]:资源创建时间戳(UTC)。[SystemDataCreatedBy <String>]:创建资源的标识。[SystemDataCreatedByType <CreatedByType?>]:创建资源的标识的类型。[SystemDataLastModifiedAt <DateTime?>]:资源上次修改的时间戳(UTC)[SystemDataLastModifiedBy <String>]:上次修改资源的标识。[SystemDataLastModifiedByType <CreatedByType?>]:上次修改资源的标识类型。[Classification <IncidentClassification?>]:事件关闭的原因[ClassificationComment <String>]:描述事件关闭的原因[ClassificationReason <IncidentClassificationReason?>]:事件已关闭的分类原因[Description <String>]:事件的说明[FirstActivityTimeUtc <DateTime?>]:事件中第一个活动的时间[Label <IIncidentLabel[]>]:与此事件相关的标签列表LabelName <String>:标签的名称
[LastActivityTimeUtc <DateTime?>]:事件中最后一个活动的时间[OwnerAssignedTo <String>]:事件分配给的用户的名称。[OwnerEmail <String>]:事件分配给的用户的电子邮件。[OwnerObjectId <String>]:事件分配给的用户的对象 ID。[OwnerUserPrincipalName <String>]:事件分配给的用户的用户主体名称。[ProviderIncidentId <String>]:事件提供程序分配的事件 ID[ProviderName <String>]:生成事件的源提供程序的名称[Severity <IncidentSeverity?>]:事件的严重性[Status <IncidentStatus?>]:事件的状态[Title <String>]:事件的标题
LABEL <IIncidentLabel[]>:与此事件相关的标签列表
LabelName <String>:标签的名称
反馈
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈