-
Notifications
You must be signed in to change notification settings - Fork 82
Import AzSentinelAlertRule
Manage Azure Sentinal Alert Rules
Import-AzSentinelAlertRule [-SubscriptionId <String>] -WorkspaceName <String> -SettingsFile <FileInfo>
[-WhatIf] [-Confirm] [<CommonParameters>]
This function imports Azure Sentinal Alert rules from JSON and YAML config files. This way you can manage your Alert rules dynamic from JSON or multiple YAML files
Import-AzSentinelAlertRule -WorkspaceName "" -SettingsFile ".\examples\AlertRules.json"
In this example all the rules configured in the JSON file will be created or updated
Import-AzSentinelAlertRule -WorkspaceName "" -SettingsFile ".\examples\SuspectApplicationConsent.yaml"
In this example all the rules configured in the YAML file will be created or updated
Get-Item .\examples\*.json | Import-AzSentinelAlertRule -WorkspaceName ""
In this example you can select multiple JSON files and Pipeline it to the SettingsFile parameter
Enter the subscription ID, if no subscription ID is provided then current AZContext subscription will be used
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Enter the Workspace name
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Path to the JSON or YAML file for the AlertRules
Type: FileInfo
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.