Az.SecurityInsights

Microsoft Azure Sentinel adalah manajemen kejadian informasi keamanaan (SIEM) yang dapat diskalakan, asli cloud dan solusi respons otomatis orkestrasi keamanan (SOAR). Azure Sentinel menghadirkan analitik keamanan cerdas dan inteligensi ancaman di seluruh perusahaan, menyediakan solusi tunggal untuk deteksi pemberitahuan, visibilitas ancaman, perburuan proaktif, dan respons ancaman.
Modul Azure Sentinel PowerShell (Az.SecurityInsights) memungkinkan Anda berinteraksi dengan komponen berikut: * Insiden * Aturan Analitik (Aturan Pemberitahuan)

• Templat Aturan Analitik
• Tindakan Aturan Analitik (seperti melampirkan Playbook Azure Logic Apps ke aturan Anda)
• Bookmark
• Konektor Data
• Komentar

Semua cmdlet dapat bekerja dengan objek koneksi untuk menyediakan resourceGroupName dan workspaceName Anda seperti dalam contoh berikut:

Security Insights

Get-AzSentinelAlertRule	Gets a specific or all Analytic Rules (Alert Rule).
Get-AzSentinelAlertRuleAction	Gets an Automated Response (Alert Rule Action) for an Analytics Rule, like an Azure Logic Apps Playbook. Azure Sentinel Automation Rules will be supported in the future. Note: This requires a parameter value of "AlertRuleId"
Get-AzSentinelAlertRuleTemplate	Gets an Analytic Rule Template.
Get-AzSentinelBookmark	Gets a Bookmark. A Bookmark is used to preserve queries, comments and tags for a specific incident. You create the Bookmark first and then add it to an incident.
Get-AzSentinelDataConnector	Gets a Data Connector. Please note that automation support is only available for the following data connectors: AADDataConnector AATPDataConnector ASCDataConnector AwsCloudTrailDataConnector MCASDataConnector MDATPDataConnector OfficeDataConnector TIDataConnector
Get-AzSentinelIncident	Gets one or more Azure Sentinel Incidents.
Get-AzSentinelIncidentComment	Gets an Incident Comment.
New-AzSentinelAlertRule	Create an Analytics Rule (Alert Rule).
New-AzSentinelAlertRuleAction	Add an Automated Response to an Analytic Rule.
New-AzSentinelBookmark	Creates a Bookmark for a specific incident.
New-AzSentinelDataConnector	Creates a Data Connector.
New-AzSentinelIncident	Creates an Incident.
New-AzSentinelIncidentComment	Adds a Comment to an Incident.
New-AzSentinelIncidentOwner	Create Incident Owner object to update an incident owner.
Remove-AzSentinelAlertRule	Deletes an Analytics Rule (AlertRule)
Remove-AzSentinelAlertRuleAction	Removes an Automated Response from an Analytic Rule.
Remove-AzSentinelBookmark	Deletes a Bookmark.
Remove-AzSentinelDataConnector	Removes a Data Connector.
Remove-AzSentinelIncident	Deletes an Incident.
Update-AzSentinelAlertRule	Updates an Analytic Rule (Alert Rule).
Update-AzSentinelAlertRuleAction	Updates an Automated Response (Alert Rule Action).
Update-AzSentinelBookmark	Updates a Bookmark.
Update-AzSentinelDataConnector	Updates a Data Connector.
Update-AzSentinelIncident	Updates an Incident