Set-AzAlertsSuppressionRule

Create or update an alerts suppression rule.

Syntax

Set-AzAlertsSuppressionRule
   -Name <String>
   -AlertType <String>
   [-ExpirationDateUtc <DateTime>]
   -Reason <String>
   -State <PSRuleState>
   [-Comment <String>]
   [-SuppressionAlertsScope <PSSuppressionAlertsScope>]
   [-AllOf <PSIScopeElement[]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzAlertsSuppressionRule
   -InputObject <PSAlertsSuppressionRule>
   [-Name <String>]
   [-AlertType <String>]
   [-ExpirationDateUtc <DateTime>]
   [-Reason <String>]
   [-State <PSRuleState>]
   [-Comment <String>]
   [-SuppressionAlertsScope <PSSuppressionAlertsScope>]
   [-AllOf <PSIScopeElement[]>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Create or update an alerts suppression rule.

Examples

Example 1

Set-AzAlertsSuppressionRule -Name "Example" -State Enabled -Comment "Example of a comment" -AlertType "AzureDNS_CurrencyMining" -Reason "Other" -AllOf @([Microsoft.Azure.Commands.Security.Models.AlertsSuppressionRules.PSScopeElementContains]::new("entities.account.name", "example")) -ExpirationDateUtc 2024-10-17T15:02:24.7511441Z

The above example creates a new suppression rule with the name "Example" to suppress alerts of type (Digital currency mining activity)[https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference] that contains "example" as part of their account name.

Parameters

-AlertType

Alert type to suppress.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-AllOf

Scope the suppression rule using specific entities.

Type:PSIScopeElement[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Comment

Comment.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExpirationDateUtc

Set an expiration data for the rule, expected to be in a UTC format.

Type:Nullable<T>[DateTime]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InputObject

Input Object.

Type:PSAlertsSuppressionRule
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Alert suppression rule name, needs to be unique per subscription.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Reason

The reason for creating the suppression rule.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-State

State of the rule, Enabled/Disabled

Type:PSRuleState
Accepted values:Enabled, Disabled, Expired, Enabled, Disabled, Expired
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SuppressionAlertsScope

Scope the suppression rule using specific entities.

Type:PSSuppressionAlertsScope
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSAlertsSuppressionRule

Outputs

PSAlertsSuppressionRule