az security alerts-suppression-rule
View and manage alerts suppression rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az security alerts-suppression-rule delete |
Delete an alerts suppression rule. |
Core | GA |
| az security alerts-suppression-rule delete_scope |
Delete an alerts suppression rule scope. |
Core | GA |
| az security alerts-suppression-rule list |
List all alerts suppression rule on a subscription scope. |
Core | GA |
| az security alerts-suppression-rule show |
Shows an alerts suppression rule. |
Core | GA |
| az security alerts-suppression-rule update |
Updates or create an alerts suppression rule. |
Core | GA |
| az security alerts-suppression-rule upsert_scope |
Update an alerts suppression rule with scope element. |
Core | GA |
az security alerts-suppression-rule delete
Delete an alerts suppression rule.
az security alerts-suppression-rule delete --rule-nameExamples
Delete an alerts suppression rule.
az security alerts-suppression-rule delete --rule-name RuleNameRequired Parameters
The unique name of the alerts suppression rule.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security alerts-suppression-rule delete_scope
Delete an alerts suppression rule scope.
az security alerts-suppression-rule delete_scope --field
--rule-nameExamples
Delete an alerts suppression rule scope.
az security alerts-suppression-rule delete_scope --rule-name RuleName --field "entities.process.commandline"Required Parameters
Entity name.
The unique name of the alerts suppression rule.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security alerts-suppression-rule list
List all alerts suppression rule on a subscription scope.
az security alerts-suppression-rule listExamples
List alerts suppression rules.
az security alerts-suppression-rule listGlobal Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security alerts-suppression-rule show
Shows an alerts suppression rule.
az security alerts-suppression-rule show --rule-nameExamples
Get an alerts suppression rule on a subscription scope.
az security alerts-suppression-rule show --rule-name RuleNameRequired Parameters
The unique name of the alerts suppression rule.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security alerts-suppression-rule update
Updates or create an alerts suppression rule.
az security alerts-suppression-rule update --alert-type
--reason
--rule-name
--state
[--comment]
[--expiration-date-utc]Examples
Create suppression rule with entities.
az security alerts-suppression-rule update --rule-name RuleName --alert-type "Test" --reason "Other" --comment "Test comment" --state "Enabled"Required Parameters
Type of the alert to automatically suppress. For all alert types, use "*".
The reason for dismissing the alert.
The unique name of the alerts suppression rule.
Possible states of the rule. Possible values are "Enabled" and "Disabled".
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Any comment regarding the rule.
Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az security alerts-suppression-rule upsert_scope
Update an alerts suppression rule with scope element.
az security alerts-suppression-rule upsert_scope --field
--rule-name
[--any-of]
[--contains-substring]Examples
Add "entities.host.dnsdomain" scope to an alerts suppression rule.
az security alerts-suppression-rule upsert_scope --field "entities.process.commandline" --contains-substring "example" --rule-name RuleNameRequired Parameters
Entity name.
The unique name of the alerts suppression rule.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
A list of strings to scope the suppression rule by.
The string to scope the suppression rule by.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
