Get-AzIotSecurityAnalyticsAggregatedAlert
获取 IoT 安全聚合警报
语法
SolutionScope (默认值)
Get-AzIotSecurityAnalyticsAggregatedAlert
-ResourceGroupName <String>
-SolutionName <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
SolutionLevelResource
Get-AzIotSecurityAnalyticsAggregatedAlert
-ResourceGroupName <String>
-SolutionName <String>
-Name <String>
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
说明
Get-AzIotSecurityAnalyticsAggregatedAlert cmdlet 在 iot 中心的设备上返回一个或多个聚合警报。 聚合警报的名称是警报类型和警报聚合日期的组合,用“/”分隔。
示例
示例 1
Get-AzIotSecurityAnalyticsAggregatedAlert -ResourceGroupName "MyResourceGroup" -SolutionName "MySolution" -Name "IoT_Bruteforce_Fail/2019-02-02"
Id: "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Security/iotSecuritySolutions/MySolution/analyticsModels/default/aggregatedAlerts/IoT_Bruteforce_Fail/2019-02-02"
Name: "IoT_Bruteforce_Fail/2019-02-02"
Type: "Microsoft.Security/IoTSecurityAggregatedAlert"
AlertType: "IoT_Bruteforce_Fail"
AlertDisplayName: "Failed Bruteforce"
AggregatedDateUtc: "2019-02-02"
VendorName: "Microsoft"
ReportedSeverity: "Low"
RemediationSteps: ""
Description: "Multiple unsuccsseful login attempts identified. A Bruteforce attack on the device failed."
Count: 50
EffectedResourceType: "IoT Device"
SystemSource: "Devices"
ActionTaken: "Detected"
LogAnalyticsQuery: "SecurityAlert | where tolower(ResourceId) == tolower('/subscriptions/b77ec8a9-04ed-48d2-a87a-e5887b978ba6/resourceGroups/IoT-Solution-DemoEnv/providers/Microsoft.Devices/IotHubs/rtogm-hub') and tolower(AlertName) == tolower('Custom Alert - number of device to cloud messages in MQTT protocol is not in the allowed range') | extend DeviceId=parse_json(ExtendedProperties)['DeviceId'] | project DeviceId, TimeGenerated, DisplayName, AlertSeverity, Description, RemediationSteps, ExtendedProperties"
TopDevicesList: [
{
DeviceId: "testDevice1"
AlertsCount: 45
LastOccurrence: "10:42"
}
{
DeviceId: "testDevice2"
AlertsCount: 30
LastOccurrence: "15:42"
}
]
获取解决方案“MySolution”和资源组“MyResourceGroup”中的聚合警报“IoT_Bruteforce_Fail/02-02”(警报类型及其聚合日期的名称合并)
示例 2
Get-AzIotSecurityAnalyticsAggregatedAlert -ResourceGroupName "MyResourceGroup" -SolutionName "MySolution"
Array of aggregated alert items as shown in example 1
获取解决方案“MySolution”和资源组“MyResourceGroup”中所有聚合警报的列表
参数
-DefaultProfile
用于与 Azure 通信的凭据、帐户、租户和订阅。
参数属性
| 类型: | IAzureContextContainer |
| 默认值: | None |
| 支持通配符: | False |
| 不显示: | False |
| 别名: | AzContext, AzureRmContext, AzureCredential |
参数集
(All)
| Position: | Named |
| 必需: | False |
| 来自管道的值: | False |
| 来自管道的值(按属性名称): | False |
| 来自剩余参数的值: | False |
-Name
资源名称。
参数属性
| 类型: | String |
| 默认值: | None |
| 支持通配符: | False |
| 不显示: | False |
参数集
SolutionLevelResource
| Position: | Named |
| 必需: | True |
| 来自管道的值: | False |
| 来自管道的值(按属性名称): | False |
| 来自剩余参数的值: | False |
-ResourceGroupName
资源组名称。
参数属性
| 类型: | String |
| 默认值: | None |
| 支持通配符: | False |
| 不显示: | False |
参数集
(All)
| Position: | Named |
| 必需: | True |
| 来自管道的值: | False |
| 来自管道的值(按属性名称): | False |
| 来自剩余参数的值: | False |
-SolutionName
解决方案 名称
参数属性
| 类型: | String |
| 默认值: | None |
| 支持通配符: | False |
| 不显示: | False |
参数集
(All)
| Position: | Named |
| 必需: | True |
| 来自管道的值: | False |
| 来自管道的值(按属性名称): | False |
| 来自剩余参数的值: | False |
CommonParameters
此 cmdlet 支持通用参数:-Debug、-ErrorAction、-ErrorVariable、-InformationAction、-InformationVariable、-OutBuffer、-OutVariable、-PipelineVariable、-ProgressAction、-Verbose、-WarningAction 和 -WarningVariable。 有关详细信息,请参阅 about_CommonParameters。
