New-AzSecurityAutomationActionObject

Module:: Az.Security Module

Creates new security automation action object

Syntax

SecurityAutomationActionLogicApp (Default)

New-AzSecurityAutomationActionObject
    -LogicAppResourceId <String>
    -Uri <String>
    [-DefaultProfile <IAzureContextContainer>]
    [<CommonParameters>]

SecurityAutomationActionEventHub

New-AzSecurityAutomationActionObject
    -EventHubResourceId <String>
    -ConnectionString <String>
    [-SasPolicyName <String>]
    [-DefaultProfile <IAzureContextContainer>]
    [<CommonParameters>]

SecurityAutomationActionWorkspace

New-AzSecurityAutomationActionObject
    -WorkspaceResourceId <String>
    [-DefaultProfile <IAzureContextContainer>]
    [<CommonParameters>]

Description

Creates new security automation action object

Examples

Example 1

New-AzSecurityAutomationActionObject -WorkspaceResourceId '/subscriptions/64ac75e7-15ff-4963-8c07-a16016505e0f/resourceGroups/sampleResourceGroup/providers/Microsoft.OperationalInsights/workspaces/surashed-test'

Creates new security automation action with workspace type

Example 2

New-AzSecurityAutomationActionObject -LogicAppResourceId '/subscriptions/03b601f1-7eca-4496-8f8d-355219eee254/resourceGroups/sampleResourceGroup/providers/Microsoft.Logic/workflows/LA' -Uri 'https://dummy.com/'

Creates new security automation action with logicApp type

Example 3

New-AzSecurityAutomationActionObject -EventHubResourceId 'subscriptions/03b601f1-7eca-4496-8f8d-355219eee254/resourceGroups/sampleResourceGroup/providers/Microsoft.EventHub/namespaces/cus-wsp-fake-assessment/eventhubs/cus-wsp-fake-assessment' -ConnectionString 'Endpoint=sb://dummy/;SharedAccessKeyName=dummy;SharedAccessKey=dummy;EntityPath=dummy'

Creates new security automation action with even-hub type

Parameters

-ConnectionString

The target Event Hub connection string

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

SecurityAutomationActionEventHub

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Parameter properties

Type:	IAzureContextContainer
Default value:	None
Supports wildcards:	False
DontShow:	False
Aliases:	AzContext, AzureRmContext, AzureCredential

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-EventHubResourceId

The target Event Hub Azure Resource ID

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

SecurityAutomationActionEventHub

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-LogicAppResourceId

The triggered Logic App Azure Resource ID. This can also reside on other subscriptions, given that you have permissions to trigger the Logic App

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

SecurityAutomationActionLogicApp

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-SasPolicyName

The target Event Hub SAS policy name

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

SecurityAutomationActionEventHub

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Uri

The Logic App trigger URI endpoint (it will not be included in any response)

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

SecurityAutomationActionLogicApp

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WorkspaceResourceId

The fully qualified Log Analytics Workspace Azure Resource ID

Parameter properties

Type:	String
Default value:	None
Supports wildcards:	False
DontShow:	False

Parameter sets

SecurityAutomationActionWorkspace

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Share via

New-AzSecurityAutomationActionObject

Syntax

SecurityAutomationActionLogicApp (Default)

SecurityAutomationActionEventHub

SecurityAutomationActionWorkspace

Description

Examples

Example 1

Example 2

Example 3

Parameters

-ConnectionString

Parameter properties

Parameter sets

-DefaultProfile

Parameter properties

Parameter sets

-EventHubResourceId

Parameter properties

Parameter sets

-LogicAppResourceId

Parameter properties

Parameter sets

-SasPolicyName

Parameter properties

Parameter sets

-Uri

Parameter properties

Parameter sets

-WorkspaceResourceId

Parameter properties

Parameter sets

CommonParameters

Inputs

None

Outputs

PSSecurityAutomationAction