-
Notifications
You must be signed in to change notification settings - Fork 82
Get AzSentinelIncident
Get Azure Sentinel Incident
Get-AzSentinelIncident [-SubscriptionId <String>] -WorkspaceName <String> [-IncidentName <String[]>]
[-CaseNumber <Int32[]>] [-All] [-WhatIf] [-Confirm] [<CommonParameters>]
With this function you can get a list of open incidents from Azure Sentinel. You can can also filter to Incident with speciefiek case namber or Case name
Get-AzSentinelIncident -WorkspaceName ""
Get a list of the last 200 Incidents
Get-AzSentinelIncident -WorkspaceName "" -All
Get a list of all Incidents
Get-AzSentinelIncident -WorkspaceName "" -CaseNumber
Get information of a specifiek incident with providing the casenumber
Get-AzSentinelIncident -WorkspaceName "" -IncidentName "", ""
Get information of one or more incidents with providing a incident name, this is the name of the alert rule that triggered the incident
Enter the subscription ID, if no subscription ID is provided then current AZContext subscription will be used
Type: String
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseEnter the Workspace name
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseEnter incident name, this is the same name as the alert rule that triggered the incident
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: FalseEnter the case number to get specfiek details of a open case
Type: Int32[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: FalseUse -All switch to get a list of all the incidents
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: True (ByValue)
Accept wildcard characters: FalseShows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalsePrompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: FalseThis cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.