Set-AzAlertsSuppressionRule
Create or update an alerts suppression rule.
Syntax
Set-AzAlertsSuppressionRule
-Name <String>
-AlertType <String>
[-ExpirationDateUtc <DateTime>]
-Reason <String>
-State <PSRuleState>
[-Comment <String>]
[-SuppressionAlertsScope <PSSuppressionAlertsScope>]
[-AllOf <PSIScopeElement[]>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzAlertsSuppressionRule
-InputObject <PSAlertsSuppressionRule>
[-Name <String>]
[-AlertType <String>]
[-ExpirationDateUtc <DateTime>]
[-Reason <String>]
[-State <PSRuleState>]
[-Comment <String>]
[-SuppressionAlertsScope <PSSuppressionAlertsScope>]
[-AllOf <PSIScopeElement[]>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Create or update an alerts suppression rule.
Examples
Example 1
Set-AzAlertsSuppressionRule -Name "Example" -State Enabled -Comment "Example of a comment" -AlertType "AzureDNS_CurrencyMining" -Reason "Other" -AllOf @([Microsoft.Azure.Commands.Security.Models.AlertsSuppressionRules.PSScopeElementContains]::new("entities.account.name", "example")) -ExpirationDateUtc 2024-10-17T15:02:24.7511441Z
The above example creates a new suppression rule with the name "Example" to suppress alerts of type (Digital currency mining activity)[https://video2.skills-academy.com/en-us/azure/defender-for-cloud/alerts-reference] that contains "example" as part of their account name.
Parameters
-AlertType
Alert type to suppress.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AllOf
Scope the suppression rule using specific entities.
Type: | PSIScopeElement[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Comment
Comment.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExpirationDateUtc
Set an expiration data for the rule, expected to be in a UTC format.
Type: | Nullable<T>[DateTime] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Input Object.
Type: | PSAlertsSuppressionRule |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Name
Alert suppression rule name, needs to be unique per subscription.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Reason
The reason for creating the suppression rule.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-State
State of the rule, Enabled/Disabled
Type: | PSRuleState |
Accepted values: | Enabled, Disabled, Expired, Enabled, Disabled, Expired |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SuppressionAlertsScope
Scope the suppression rule using specific entities.
Type: | PSSuppressionAlertsScope |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Outputs
Azure PowerShell