-
Notifications
You must be signed in to change notification settings - Fork 82
Update AzSentinelIncident
Update Azure Sentinel Incident
Update-AzSentinelIncident [-SubscriptionId <String>] -WorkspaceName <String> -CaseNumber <Int32>
[-Severity <String>] [-Status <Status>] [-Comment <String>] [-Labels <String[]>] [-CloseReason <CloseReason>]
[-ClosedReasonText <String>] [-Description <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
With this function you can update existing Azure Sentinel Incident.
Update-AzSentinelIncident -WorkspaceName ""
Get a list of all open Incidents
Update-AzSentinelIncident -WorkspaceName '' -CaseNumber 42291 -Labels "NewLabel"
Add a new Label to list of Labels for a Incident
Update-AzSentinelIncident -WorkspaceName '' -CaseNumber 42293 -Status Closed -CloseReason FalsePositive -ClosedReasonText "Your input"
Close the Incidnet using status Closed, when status closed is selected then CloseReason and ClosedReasonText prperty are required to be filled in
Enter the subscription ID, if no subscription ID is provided then current AZContext subscription will be used
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseEnter the Workspace name
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseEnter the case number to get specfiek details of a open case
Type: Int32
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: 0
Accept pipeline input: True (ByValue)
Accept wildcard characters: FalseEnter the Severity, you can choose from Medium, High, Low and Informational
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseEnter the Status of the incident, you can choose from New, InProgress and Closed
Type: Status
Parameter Sets: (All)
Aliases:
Accepted values: New, InProgress, Closed
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseEnter Comment tekst to add comment to the incident
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseAdd Lebels to the incident, current configured Labels will be added to the existing Labels
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseWhen Status is equil to Closed, CloseReason is required. You can select from: TruePositive, FalsePositive
Type: CloseReason
Parameter Sets: (All)
Aliases:
Accepted values: TruePositive, FalsePositive
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseWhen Status is equil to Closed, ClosedReasonText is required to be filled in.
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False{{ Fill Description Description }}
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseShows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalsePrompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.