az sentinel bookmark
Note
This reference is part of the sentinel extension for the Azure CLI (version 2.37.0 or higher). The extension will automatically install the first time you run an az sentinel bookmark command. Learn more about extensions.
Manage bookmark with sentinel.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az sentinel bookmark create |
Create the bookmark. |
Extension | Experimental |
| az sentinel bookmark delete |
Delete the bookmark. |
Extension | Experimental |
| az sentinel bookmark expand |
Expand an bookmark. |
Extension | Experimental |
| az sentinel bookmark list |
Get all bookmarks. |
Extension | Experimental |
| az sentinel bookmark relation |
Manage bookmark relation with sentinel. |
Extension | GA |
| az sentinel bookmark relation create |
Create the bookmark relation. |
Extension | Experimental |
| az sentinel bookmark relation delete |
Delete the bookmark relation. |
Extension | Experimental |
| az sentinel bookmark relation list |
Get all bookmark relations. |
Extension | Experimental |
| az sentinel bookmark relation show |
Get a bookmark relation. |
Extension | Experimental |
| az sentinel bookmark relation update |
Update the bookmark relation. |
Extension | Experimental |
| az sentinel bookmark show |
Get a bookmark. |
Extension | Experimental |
| az sentinel bookmark update |
Update the bookmark. |
Extension | Experimental |
az sentinel bookmark create
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Create the bookmark.
az sentinel bookmark create --bookmark-id
--resource-group
--workspace-name
[--created]
[--created-by]
[--display-name]
[--entity-mappings]
[--etag]
[--event-time]
[--incident-info]
[--labels]
[--notes]
[--query-content]
[--query-end-time]
[--query-result]
[--query-start-time]
[--tactics]
[--techniques]
[--updated]
[--updated-by]Required Parameters
ID of bookmark.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Optional Parameters
The time the bookmark was created.
Describes a user that created the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The display name of the bookmark.
Describes the entity mappings of the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Etag of the azure resource.
The bookmark event time.
Describes an incident that relates to bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
List of labels relevant to this bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The notes of the bookmark.
The query of the bookmark.
The end time for the query.
The query result of the bookmark.
The start time for the query.
A list of relevant mitre attacks Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
A list of relevant mitre techniques Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The last time the bookmark was updated.
Describes a user that updated the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel bookmark delete
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Delete the bookmark.
az sentinel bookmark delete [--bookmark-id]
[--ids]
[--resource-group]
[--subscription]
[--workspace-name]
[--yes]Optional Parameters
ID of bookmark.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel bookmark expand
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Expand an bookmark.
az sentinel bookmark expand --bookmark-id
--resource-group
--workspace-name
[--end-time]
[--expansion-id]
[--start-time]Required Parameters
ID of bookmark.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Optional Parameters
The end date filter, so the only expansion results returned are before this date.
The Id of the expansion to perform.
The start date filter, so the only expansion results returned are after this date.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel bookmark list
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get all bookmarks.
az sentinel bookmark list --resource-group
--workspace-nameRequired Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel bookmark show
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get a bookmark.
az sentinel bookmark show [--bookmark-id]
[--ids]
[--resource-group]
[--subscription]
[--workspace-name]Optional Parameters
ID of bookmark.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az sentinel bookmark update
This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update the bookmark.
az sentinel bookmark update [--add]
[--bookmark-id]
[--created]
[--created-by]
[--display-name]
[--entity-mappings]
[--etag]
[--event-time]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--incident-info]
[--labels]
[--notes]
[--query-content]
[--query-end-time]
[--query-result]
[--query-start-time]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--tactics]
[--techniques]
[--updated]
[--updated-by]
[--workspace-name]Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
ID of bookmark.
The time the bookmark was created.
Describes a user that created the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The display name of the bookmark.
Describes the entity mappings of the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Etag of the azure resource.
The bookmark event time.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Describes an incident that relates to bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
List of labels relevant to this bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The notes of the bookmark.
The query of the bookmark.
The end time for the query.
The query result of the bookmark.
The start time for the query.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
A list of relevant mitre attacks Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
A list of relevant mitre techniques Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The last time the bookmark was updated.
Describes a user that updated the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The name of the workspace.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
