Invoke-AzSentinelThreatIntelligenceIndicatorQuery
Query threat intelligence indicators as per filtering criteria.
Syntax
Invoke-AzSentinelThreatIntelligenceIndicatorQuery
-ResourceGroupName <String>
-WorkspaceName <String>
[-SubscriptionId <String>]
[-Id <String[]>]
[-IncludeDisabled]
[-Keyword <String[]>]
[-MaxConfidence <Int32>]
[-MaxValidUntil <String>]
[-MinConfidence <Int32>]
[-MinValidUntil <String>]
[-PageSize <Int32>]
[-PatternType <String[]>]
[-SkipToken <String>]
[-SortBy <IThreatIntelligenceSortingCriteria[]>]
[-Source <String[]>]
[-ThreatType <String[]>]
[-DefaultProfile <PSObject>]
[-Confirm]
[-WhatIf]
[<CommonParameters>]
Description
Query threat intelligence indicators as per filtering criteria.
Examples
Example 1: Query all Threat Intelligence Indicators
Invoke-AzSentinelThreatIntelligenceIndicatorQuery -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName"
Etag Kind Name SystemDataCreatedAt SystemDataCreatedBy
---- ---- ---- ------------------- -------
"b603878e-0000-0100-0000-62d1d0010000" indicator f4dd9aa3-081b-2f0b-a5d7-3805954e8a39
This command queries TI indicators.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
Ids of threat intelligence indicators
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-IncludeDisabled
Parameter to include/exclude disabled indicators.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Keyword
Keywords for searching threat intelligence indicators
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MaxConfidence
Maximum confidence.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MaxValidUntil
End time for ValidUntil filter.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MinConfidence
Minimum confidence.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-MinValidUntil
Start time for ValidUntil filter.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PageSize
Page size
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PatternType
Pattern types
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResourceGroupName
The name of the resource group. The name is case insensitive.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SkipToken
Skip token.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SortBy
Columns to sort by and sorting order To construct, see NOTES section for SORTBY properties and create a hash table.
Type: | IThreatIntelligenceSortingCriteria[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Source
Sources of threat intelligence indicators
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
The ID of the target subscription.
Type: | String |
Position: | Named |
Default value: | (Get-AzContext).Subscription.Id |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ThreatType
Threat types of threat intelligence indicators
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WorkspaceName
The name of the workspace.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Outputs
IThreatIntelligenceInformation
Notes
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
SORTBY <IThreatIntelligenceSortingCriteria[]>
: Columns to sort by and sorting order
[ItemKey <String>]
: Column name[SortOrder <ThreatIntelligenceSortingCriteriaEnum?>]
: Sorting order (ascending/descending/unsorted).