Set-AzDeviceSecurityGroup

Set-AzDeviceSecurityGroup
    -Name <String>
    -HubResourceId <String>
    [-ThresholdRule <PSThresholdCustomAlertRule[]>]
    [-TimeWindowRule <PSTimeWindowCustomAlertRule[]>]
    [-AllowlistRule <PSAllowlistCustomAlertRule[]>]
    [-DenylistRule <PSDenylistCustomAlertRule[]>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Set-AzDeviceSecurityGroup
    -InputObject <PSDeviceSecurityGroup>
    [-ThresholdRule <PSThresholdCustomAlertRule[]>]
    [-TimeWindowRule <PSTimeWindowCustomAlertRule[]>]
    [-AllowlistRule <PSAllowlistCustomAlertRule[]>]
    [-DenylistRule <PSDenylistCustomAlertRule[]>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Set-AzDeviceSecurityGroup
    -ResourceId <String>
    [-ThresholdRule <PSThresholdCustomAlertRule[]>]
    [-TimeWindowRule <PSTimeWindowCustomAlertRule[]>]
    [-AllowlistRule <PSAllowlistCustomAlertRule[]>]
    [-DenylistRule <PSDenylistCustomAlertRule[]>]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Set-AzDeviceSecurityGroup Cmdlet 會建立或更新 IoT 安全性解決方案中定義的裝置安全性群組。

$TimeWindowSize = New-TimeSpan -Minutes 5
$TimeWindowRule = New-AzDeviceSecurityGroupTimeWindowRuleObject -Type "ActiveConnectionsNotInAllowedRange" -Enabled $true `
-MaxThreshold 30 -MinThreshold 0 -TimeWindowSize $TimeWindowSize
Set-AzDeviceSecurityGroup -Name "MySecurityGroup" `
-HubResourceId "/subscriptions/XXXXXXXX-XXXX-XXXXX-XXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Devices/IotHubs/MyHub" `
-TimeWindowRule $TimeWindowRules

Id: "/subscriptions/XXXXXXXX-XXXX-XXXXX-XXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Devices/IotHubs/MyHub/providers/Microsoft.Security/deviceSecurityGroups/MySecurityGroup"
Name: "MySecurityGroup"
Type: "Microsoft.Security/deviceSecurityGroups"
ThresholdRules: []
TimeWindowRules: [
			{
              RuleType: "ActiveConnectionsNotInAllowedRange"
              DisplayName: "Number of active connections is not in allowed range"
              Description: "Get an alert when the number of active connections of a device in the time window is not in the allowed range"
              IsEnabled: true
              MinThreshold: 0
              MaxThreshold: 0
              TimeWindowSize: "PT5M"
            }]
AllowlistRules: [
			{
              RuleType": "ConnectionToIpNotAllowed",
              DisplayName: "Outbound connection to an ip that isn't allowed"
              Description: "Get an alert when an outbound connection is created between your device and an ip that isn't allowed"
              IsEnabled: false
              ValueType: "IpCidr"
              AllowlistValues: []
            },
            {
              RuleType: "LocalUserNotAllowed"
              DisplayName: "Login by a local user that isn't allowed"
              Description: "Get an alert when a local user that isn't allowed logins to the device"
              IsEnabled: false
              ValueType: "String"
              AllowlistValues: []
            }]
DenylistRules: []

從規則類型為 “ActiveConnectionsNotInAllowedRange” 的 IoT 中樞 “/subscriptions/XXXXXXXX-XXXX-XXXXX-XXXXXXXXXXXX/resourceGroups/MyResourceGroup/providers/Microsoft.Devices/IotHubs/MyHub” 更新現有的裝置安全性群組

此 Cmdlet 支援常見參數：-Debug、-ErrorAction、-ErrorVariable、-InformationAction、-InformationVariable、-OutBuffer、-OutVariable、-PipelineVariable、-ProgressAction、-Verbose、-WarningAction 和 -WarningVariable。 如需詳細資訊，請參閱 about_CommonParameters。