external help file | Module Name | online version | schema |
---|---|---|---|
Az.SecurityInsights-help.xml |
Az.SecurityInsights |
2.0.0 |
Creates or updates the bookmark.
New-AzSentinelBookmark -ResourceGroupName <String> -WorkspaceName <String> [-Id <String>]
[-SubscriptionId <String>] [-DisplayName <String>] [-EventTime <DateTime>] [-IncidentInfoIncidentId <String>]
[-IncidentInfoRelationName <String>] [-IncidentInfoSeverity <IncidentSeverity>] [-IncidentInfoTitle <String>]
[-Label <String[]>] [-Note <String>] [-Query <String>] [-QueryEndTime <DateTime>] [-QueryResult <String>]
[-QueryStartTime <DateTime>] [-DefaultProfile <PSObject>] [-WhatIf]
[-Confirm] [<CommonParameters>]
New-AzSentinelBookmark -ResourceGroupName <String> -WorkspaceName <String> [-Id <String>]
[-SubscriptionId <String>] -Bookmark <IBookmark> [-DefaultProfile <PSObject>]
[-WhatIf] [-Confirm] [<CommonParameters>]
Creates or updates the bookmark.
$queryStartTime = (Get-Date).AddDays(-1).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$queryEndTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
New-AzSentinelBookmark -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -DisplayName "Incident Evidence" -Query "SecurityEvent | take 1" -QueryStartTime $queryStartTime -QueryEndTime $queryEndTime -EventTime $queryEndTime
DisplayName : Incident Evidence
CreatedByName : John Contoso
CreatedByEmail : john@contoso.com
Name : 6a8d6ea6-04d5-49d7-8169-ffca8b0ced59
Note : my notes
This command creates a Bookmark.
Represents a bookmark in Azure Security Insights. To construct, see NOTES section for BOOKMARK properties and create a hash table.
Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IBookmark
Parameter Sets: Create
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: System.Management.Automation.PSObject
Parameter Sets: (All)
Aliases: AzureRMContext, AzureCredential
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The display name of the bookmark
Type: System.String
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The bookmark event time
Type: System.DateTime
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Bookmark ID
Type: System.String
Parameter Sets: (All)
Aliases: BookmarkId
Required: False
Position: Named
Default value: (New-Guid).Guid
Accept pipeline input: False
Accept wildcard characters: False
Incident Id
Type: System.String
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Relation Name
Type: System.String
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The severity of the incident
Type: Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Support.IncidentSeverity
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The title of the incident
Type: System.String
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
List of labels relevant to this bookmark
Type: System.String[]
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The notes of the bookmark
Type: System.String
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The query of the bookmark.
Type: System.String
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The end time for the query
Type: System.DateTime
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The query result of the bookmark.
Type: System.String
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The start time for the query
Type: System.DateTime
Parameter Sets: CreateExpanded
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The name of the resource group. The name is case insensitive.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
The ID of the target subscription.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: (Get-AzContext).Subscription.Id
Accept pipeline input: False
Accept wildcard characters: False
The name of the workspace.
Type: System.String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Prompts you for confirmation before running the cmdlet.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: System.Management.Automation.SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.