你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Update-AzSentinelIncident
创建或更新事件。
语法
Update-AzSentinelIncident
-Id <String>
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Classification <IncidentClassification>]
[-ClassificationComment <String>]
[-ClassificationReason <IncidentClassificationReason>]
[-Description <String>]
[-FirstActivityTimeUtc <DateTime>]
[-Label <IIncidentLabel[]>]
[-LastActivityTimeUtc <DateTime>]
[-OwnerAssignedTo <String>]
[-OwnerEmail <String>]
[-OwnerObjectId <String>]
[-OwnerUserPrincipalName <String>]
[-ProviderIncidentId <String>]
[-ProviderName <String>]
[-Severity <IncidentSeverity>]
[-Status <IncidentStatus>]
[-Title <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>]
Update-AzSentinelIncident
-InputObject <ISecurityInsightsIdentity>
[-Classification <IncidentClassification>]
[-ClassificationComment <String>]
[-ClassificationReason <IncidentClassificationReason>]
[-Description <String>]
[-FirstActivityTimeUtc <DateTime>]
[-Label <IIncidentLabel[]>]
[-LastActivityTimeUtc <DateTime>]
[-OwnerAssignedTo <String>]
[-OwnerEmail <String>]
[-OwnerObjectId <String>]
[-OwnerUserPrincipalName <String>]
[-ProviderIncidentId <String>]
[-ProviderName <String>]
[-Severity <IncidentSeverity>]
[-Status <IncidentStatus>]
[-Title <String>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>]
说明
创建或更新事件。
示例
示例 1:更新事件
Update-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Id "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" -OwnerAssignedTo "user@mydomain.local"
此命令通过分配所有者来更新事件。
参数
-Classification
事件关闭的原因
Type: | IncidentClassification |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ClassificationComment
描述事件关闭的原因
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ClassificationReason
事件被关闭的分类原因
Type: | IncidentClassificationReason |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
提示你在运行 cmdlet 之前进行确认。
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
DefaultProfile 参数不起作用。 如果对其他订阅执行 cmdlet,请使用 SubscriptionId 参数。
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Description
事件的说明
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-FirstActivityTimeUtc
事件中第一个活动的时间
Type: | DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
事件 ID
Type: | String |
Aliases: | IncidentId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
要构造的标识参数,请参阅 INPUTOBJECT 属性的 NOTES 部分并创建哈希表。
Type: | ISecurityInsightsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Label
要构造与此事件相关的标签列表,请参阅 LABEL 属性的 NOTES 部分,并创建哈希表。
Type: | IIncidentLabel[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-LastActivityTimeUtc
事件中最后一个活动的时间
Type: | DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-OwnerAssignedTo
事件分配给的用户的名称。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-OwnerEmail
事件分配给的用户的电子邮件。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-OwnerObjectId
事件分配给的用户的对象 ID。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-OwnerUserPrincipalName
事件分配给的用户的用户主体名称。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProviderIncidentId
事件提供程序分配的事件 ID
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProviderName
生成事件的源提供程序的名称
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
资源组的名称。 此名称不区分大小写。
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Severity
事件的严重性
Type: | IncidentSeverity |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Status
事件的状态
Type: | IncidentStatus |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
目标订阅的 ID。
Type: | String |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Title
事件的标题
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
工作区的名称。
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
输入
输出
备注
别名
复杂参数属性
若要创建下面所述的参数,请构造一个包含相应属性的哈希表。 有关哈希表的信息,请运行 Get-Help about_Hash_Tables。
INPUTOBJECT <ISecurityInsightsIdentity>
:标识参数
[ActionId <String>]
:操作 ID[AlertRuleTemplateId <String>]
:警报规则模板 ID[AutomationRuleId <String>]
:自动化规则 ID[BookmarkId <String>]
:书签 ID[ConsentId <String>]
:同意 ID[DataConnectorId <String>]
:连接or ID[EntityId <String>]
:实体 ID[EntityQueryId <String>]
:实体查询 ID[EntityQueryTemplateId <String>]
:实体查询模板 ID[Id <String>]
:资源标识路径[IncidentCommentId <String>]
:事件注释 ID[IncidentId <String>]
:事件 ID[MetadataName <String>]
:元数据名称。[Name <String>]
:威胁情报指示器名称字段。[RelationName <String>]
:关系名称[ResourceGroupName <String>]
:资源组的名称。 此名称不区分大小写。[RuleId <String>]
:警报规则 ID[SentinelOnboardingStateName <String>]
:Sentinel 载入状态名称。 支持 - 默认值[SettingsName <String>]
:设置名称。 支持 - 异常、EyesOn、EntityAnalytics、Ueba[SourceControlId <String>]
:源代码管理 ID[SubscriptionId <String>]
:目标订阅的 ID。[WorkspaceName <String>]
:工作区的名称。
LABEL <IIncidentLabel[]>
:与此事件相关的标签列表
LabelName <String>
:标签的名称
反馈
https://aka.ms/ContentUserFeedback。
即将推出:在整个 2024 年,我们将逐步取消以“GitHub 问题”作为内容的反馈机制,并将其替换为新的反馈系统。 有关详细信息,请参阅:提交和查看相关反馈