Skip to content

Commit

Permalink
fix examples
Browse files Browse the repository at this point in the history
  • Loading branch information
@VeryEarly
VeryEarly committed Sep 7, 2022
1 parent 22b4aaf commit 5124653
Show file tree
Hide file tree
Showing 33 changed files with 63 additions and 85 deletions.
4 changes: 2 additions & 2 deletions src/SecurityInsights/examples/Get-AzSentinelEnrichment.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
### Example 1: Get a Domain Enrichment
```powershell
Get-AzSentinelEnrichment -ResourceGroupName "myResourceGroupName" -Domain "microsoft.com
Get-AzSentinelEnrichment -ResourceGroupName "myResourceGroupName" -Domain "microsoft.com"
```
```output
Created : 5/2/1991 12:00:00 AM
Expand All @@ -14,7 +14,7 @@ This command gets an enrichment for a domain.

### Example 2: Get a IP Enrichment
```powershell
Get-AzSentinelEnrichment -ResourceGroupName "myResourceGroupName" IPAddress "1.1.1.1"
Get-AzSentinelEnrichment -ResourceGroupName "myResourceGroupName" -IPAddress "1.1.1.1"
```
```output
Asn : 13335
Expand Down
2 changes: 1 addition & 1 deletion src/SecurityInsights/examples/Get-AzSentinelEntityActivity.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
### Example 1: Get Insights and Activities for an Entity
```powershell
Get-AzSentinelEntityAcivity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId"
Get-AzSentinelEntityActivity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId"
```
```output
FriendlyName : WIN2019
Expand Down
8 changes: 4 additions & 4 deletions src/SecurityInsights/examples/Get-AzSentinelEntityInsight.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
### Example 1: Get Insights for an Entity for a given time range
```powershell
$startTime = (get-date).AddDays(-7).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$endTime = (get-date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$startTime = (Get-Date).AddDays(-7).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$endTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
Get-AzSentinelEntityInsight -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId" -EndTime $endTime -StartTime $startTime
```
```output
Expand All @@ -16,8 +16,8 @@ This command gets insights for an Entity for a given time range.

### Example 2: Get Insights for an Entity by entity Id for a given time range
```powershell
$startTime = (get-date).AddDays(-7).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$endTime = (get-date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$startTime = (Get-Date).AddDays(-7).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$endTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$Entity = Get-AzSentinelEntity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "8d036a2d-f37d-e936-6cca-4e172687cb79"
$Entity | Get-AzSentinelEntityInsight -EndTime $endTime -StartTime $startTime
```
Expand Down
2 changes: 1 addition & 1 deletion src/SecurityInsights/examples/Get-AzSentinelEntityRelation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ This command lists all Entity Relations for a given Entity.

### Example 2: Get an Entity Relation
```powershell
Get-AzSentinelEntityRelation -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId" -Id "myEntityRelationId"
Get-AzSentinelEntityRelation -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId" -RelationName "myEntityRelationId"
```

This command gets an Entity Relation for a given Entity.
Expand Down
6 changes: 3 additions & 3 deletions src/SecurityInsights/examples/Get-AzSentinelEntityTimeline.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
### Example 1: Get Timeline for an Entity for a given time range
```powershell
$startTime = (get-date).AddDays(-7).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$endTime = (get-date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
Get-AzSentinelEntityTime -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId" -EndTime $endTime -StartTime $startTime
$startTime = (Get-Date).AddDays(-7).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$endTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
Get-AzSentinelEntityTimeline -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId" -EndTime $endTime -StartTime $startTime
```
```output
DisplayName : Suspicious process executed
Expand Down
2 changes: 1 addition & 1 deletion src/SecurityInsights/examples/Get-AzSentinelIncidentRelation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ This command lists all Incident Relations for a given Incident.

### Example 2: Get a Incident Relation
```powershell
Get-AzSentinelIncidentRelation -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -IncidentId "myIncidentId" -Id "myIncidentRelationId"
Get-AzSentinelIncidentRelation -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -IncidentId "myIncidentId" -RelationName "myIncidentRelationId"
```
```output
Name : 076bda5c-7d94-b6d8-8ef4-b0b2a0830dac_df9493a7-4f2e-84da-1f41-4914e8c029ba
Expand Down
14 changes: 7 additions & 7 deletions src/SecurityInsights/examples/New-AzSentinelAlertRule.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,32 +14,32 @@ This command creates an Alert Rule of the Fusion kind based on the template "Adv

This command creates an Alert Rule of the MLBehaviorAnalytics kind based on the template "Anomalous SSH Login Detection"

### Example 2: Create the Threat Intelligence Alert Rule
### Example 3: Create the Threat Intelligence Alert Rule
```powershell
$AlertRuleTemplateName = "0dd422ee-e6af-4204-b219-f59ac172e4c6"
New-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind ThreatIntelligence -Enabled -AlertRuleTemplateName $AlertRuleTemplateName
```

This command creates an Alert Rule of the ThreatIntelligence kind based on the template "Microsoft Threat Intelligence Analytics"

### Example 3: Create a Microsoft Security Incident Creation Alert Rule
### Example 4: Create a Microsoft Security Incident Creation Alert Rule
```powershell
$AlertRuleTemplateName = "a2e0eb51-1f11-461a-999b-cd0ebe5c7a72"
New-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind MicrosoftSecurityIncidentCreation -Enabled -AlertRuleTemplateName $AlertRuleTemplateName -DisplayName "Create incidents based on Microsoft Defender for IoT" -ProductFilter "Azure Security Center for IoT"
New-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind MicrosoftSecurityIncidentCreation -Enabled -AlertRuleTemplateName $AlertRuleTemplateName -ProductFilter "Azure Security Center for IoT"
```

This command creates an Alert Rule of the MicrosoftSecurityIncidentCreation kind based on the template for Create incidents based on Azure Security Center for IoT alerts.

### Example 4: Create a Scheduled Alert Rule
### Example 5: Create a Scheduled Alert Rule
```powershell
PS C:> New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Exection Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventId == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10
New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind Scheduled -Enabled -DisplayName "Powershell Exection Alert (Several Times per Hour)" -Severity Low -Query "SecurityEvent | where EventId == 4688" -QueryFrequency (New-TimeSpan -Hours 1) -QueryPeriod (New-TimeSpan -Hours 1) -TriggerThreshold 10
```

This command creates an Alert Rule of the Scheduled kind. Please note that that query (parameter -Query) needs to be on a single line as as string.

### Example 5: Create a Near Realtime Alert Rule
### Example 6: Create a Near Realtime Alert Rule
```powershell
PS C:> New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind NRT -Enabled -DisplayName "Break glass account accessed" -Severity High -Query "let Break_Glass_Account = _GetWatchlist('break_glass_account')\n|project UPN;\nSigninLogs\n| where UserPrincipalName in (Break_Glass_Account)"
New-AzSentinelAlertRule -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Kind NRT -Enabled -DisplayName "Break glass account accessed" -Severity High -Query "let Break_Glass_Account = _GetWatchlist('break_glass_account')\n|project UPN;\nSigninLogs\n| where UserPrincipalName in (Break_Glass_Account)"
```

This command creates an Alert Rule of the NRT kind. Please note that that query (parameter -Query) needs to be on a single line as as string.
6 changes: 1 addition & 5 deletions src/SecurityInsights/examples/New-AzSentinelDataConnector.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
<<<<<<< HEAD
### Example 1: Enables the Threat Intelligence data connector
=======
### Example 1: Enable a data connector.
>>>>>>> 16ff7bb8ad... Fixes per feedback
```powershell
New-AzSentinelDataConnector -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Kind 'MicrosoftThreatIntelligence' -BingSafetyPhishingURL Enabled -BingSafetyPhishingUrlLookbackPeriod All -MicrosoftEmergingThreatFeed Enabled -MicrosoftEmergingThreatFeedLookbackPeriod All
New-AzSentinelDataConnector -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Kind 'MicrosoftThreatIntelligence' -BingSafetyPhishingURL Enabled -BingSafetyPhishingUrlLookbackPeriod All -MicrosoftEmergingThreatFeed Enabled -MicrosoftEmergingThreatFeedLookbackPeriod All
```

This command enables the Threat Intelligence data connector
5 changes: 3 additions & 2 deletions src/SecurityInsights/examples/New-AzSentinelEntityQuery.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@
$template = Get-AzSentinelEntityQueryTemplate -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id "myEntityQueryTemplateId"
New-AzSentinelEntityQuery -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Kind Activity -Title ($template.title) -InputEntityType ($template.inputEntityType) -TemplateName ($template.Name)
```

```output
Title : The user has created an account
Name : 6d37a904-d199-43ff-892b-53653b784122
Content : The user {{InitiatedByAccount}} has created the account {{TargetAccount}} {{Count}} time(s)
Content : The user InitiatedByAccount has created the account TargetAccount Count time(s)
Description : This activity displays account creation events performed by the user
Enabled : True
Kind : Activity
Expand All @@ -18,7 +19,7 @@ This command creates an Entity Query by using a Template.

### Example 2: Create Entity Query from cmdlet inputs
```powershell
New-AzSentinelEntityQuery -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -Kind Activity -Title 'An account was deleted on this host' -InputEntityType 'Host' -Content "On '{{Computer}}' the account '{{TargetAccount}}' was deleted by '{{AddedBy}}'" -Description "Account deleted on host" -QueryDefinitionQuery 'let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has ''@'', tostring(split(Computer, ''@'')[0]),\nComputer has ''\\'', tostring(split(Computer, ''\\'')[1]),\nComputer has ''.'', tostring(split(Computer, ''.'')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has ''\\'', tostring(split(Computer, ''\\'')[0]), \nComputer has ''.'', tostring(split(Computer, ''.'')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has ''\\'', tostring(split(Computer, ''\\'')[0]), \nComputer has ''.'', strcat_array(array_slice(split(Computer,''.''),-2,-1),''.''), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions(''{{Host_HostName}}'', ''{{Host_NTDomain}}'', ''{{Host_DnsDomain}}'', ''{{Host_AzureID}}'', ''{{Host_OMSAgentID}}'')\n \n| where EventID == 4726' -RequiredInputFieldsSet @(@("Host_HostName","Host_NTDomain"),@("Host_HostName","Host_DnsDomain"),@("Host_AzureID"),@("Host_OMSAgentID")) -EntitiesFilter @{"Host_OsFamily" = @("Windows")}
New-AzSentinelEntityQuery -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -Kind Activity -Title 'An account was deleted on this host' -InputEntityType 'Host' -Content "On 'SomeCompute' the account 'SomeAccount' was deleted by 'SomeUser'" -Description "Account deleted on host" -QueryDefinitionQuery 'let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string){\nSecurityEvent\n| where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)\n// parsing for Host to handle variety of conventions coming from data\n| extend Host_HostName = case(\nComputer has ''@'', tostring(split(Computer, ''@'')[0]),\nComputer has ''\\'', tostring(split(Computer, ''\\'')[1]),\nComputer has ''.'', tostring(split(Computer, ''.'')[0]),\nComputer\n)\n| extend Host_NTDomain = case(\nComputer has ''\\'', tostring(split(Computer, ''\\'')[0]), \nComputer has ''.'', tostring(split(Computer, ''.'')[-2]), \nComputer\n)\n| extend Host_DnsDomain = case(\nComputer has ''\\'', tostring(split(Computer, ''\\'')[0]), \nComputer has ''.'', strcat_array(array_slice(split(Computer,''.''),-2,-1),''.''), \nComputer\n)\n| where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain) \nor (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain) \nor v_Host_AzureID =~ _ResourceId \nor v_Host_OMSAgentID == SourceComputerId\n| project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId\n| extend AddedBy = SubjectUserName\n// Future support for Activities\n| extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount\n};\nGetAccountActions(''someHost'', ''SomeNTDomain'', ''SomeDNSDomain'', ''SomeID'', ''SomeOMSAgentID'')\n \n| where EventID == 4726' -RequiredInputFieldsSet @(@("Host_HostName","Host_NTDomain"),@("Host_HostName","Host_DnsDomain"),@("Host_AzureID"),@("Host_OMSAgentID")) -EntitiesFilter @{"Host_OsFamily" = @("Windows")}
```

This command creates an Entity Query.
2 changes: 1 addition & 1 deletion src/SecurityInsights/examples/New-AzSentinelIncidentComment.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
### Example 1: Create an Incident Comment
```powershell
New-AzSentinelIncident -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -IncidentId "myIncidentId" -Message "IncidentCommentGoesHere"
New-AzSentinelIncidentComment -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -IncidentId "myIncidentId" -Message "IncidentCommentGoesHere"
```

This command creates an Incident Comment.
2 changes: 1 addition & 1 deletion src/SecurityInsights/examples/New-AzSentinelOnboardingState.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
### Example 1: Add Sentinel onboarding state
```powershell
AzSentinelOnboardingState -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Name "default"
New-AzSentinelOnboardingState -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Name "default"
```

This command configures the onboarding state of Sentinel
2 changes: 1 addition & 1 deletion src/SecurityInsights/examples/Remove-AzSentinelAlertRuleAction.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
### Example 1: Removes an alert rule action
```powershell
Remove-AzSentinelAlertRule -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -RuleId "29d2523f-84ce-42d3-b5f1-9e63c85aaed1" -Id "1a33301b-fb83-416a-8d58-3873c7c2dc86"
Remove-AzSentinelAlertRuleAction -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -RuleId "29d2523f-84ce-42d3-b5f1-9e63c85aaed1" -Id "1a33301b-fb83-416a-8d58-3873c7c2dc86"
```

This command removes an alert rule action.
2 changes: 1 addition & 1 deletion src/SecurityInsights/examples/Remove-AzSentinelIncidentRelation.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
### Example 1: Removes the incident relation
```powershell
Remove-AzSentinelIncidentRelation -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -IncidentId "7cc984fe-61a2-43c2-a1a4-3583c8a89da2" -RelatedResourceId "7cc984fe-61a2-43c2-a1a4-3583c8a89db4"
Remove-AzSentinelIncidentRelation -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -IncidentId "7cc984fe-61a2-43c2-a1a4-3583c8a89da2" -RelationName "7cc984fe-61a2-43c2-a1a4-3583c8a89db4"
```

This command removes the incident relation
4 changes: 2 additions & 2 deletions src/SecurityInsights/examples/Update-AzSentinelBookmark.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
### Example 1: Update Sentinel Bookmark
```powershell
$queryStartTime = (get-date).AddDays(-1).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$queryEndTime = (get-date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$queryStartTime = (Get-Date).AddDays(-1).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
$queryEndTime = (Get-Date).ToUniversalTime() | Get-Date -Format "yyyy-MM-ddThh:00:00.000Z"
Update-AzSentinelBookmark -ResourceGroupName "myResourceGroup" -WorkspaceName "myWorkspaceName" -Id ((New-Guid).Guid) -DisplayName "Incident Evidence" -Query "SecurityEvent | take 1" -QueryStartTime $queryStartTime -QueryEndTime $queryEndTime -EventTime $queryEndTime
```

Expand Down
2 changes: 1 addition & 1 deletion src/SecurityInsights/examples/Update-AzSentinelIncident.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
### Example 1: Update an Incident
```powershell
Update-AzSentinelEntityQuery -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Id "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" -OwnerAssignedTo "user@mydomain.local"
Update-AzSentinelIncident -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -Id "4a21e485-75ae-48b3-a7b9-e6a92bcfe434" -OwnerAssignedTo "user@mydomain.local"
```

This command updates an incident by assigning an owner.
5 changes: 2 additions & 3 deletions src/SecurityInsights/examples/Update-AzSentinelSetting.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
### Example 1: Update the Anomalies setting
```powershell
Update-AzSentinelSetting -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -SettingsName 'Anomalies' -Enabled $true
Update-AzSentinelSetting -ResourceGroupName "myResourceGroupName" -WorkspaceName "myWorkspaceName" -SettingsName "Anomalies" -Enabled $true
```

This command updates the Anomalies setting, other settings are:
EyesOn, EntityAnalytics and Ueba
This command updates the Anomalies setting, other settings are: EyesOn, EntityAnalytics and Ueba

4 changes: 2 additions & 2 deletions src/SecurityInsights/help/Get-AzSentinelEnrichment.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ Get geodata for a single IP address

### Example 1: Get a Domain Enrichment
```powershell
Get-AzSentinelEnrichment -ResourceGroupName "myResourceGroupName" -Domain "microsoft.com
Get-AzSentinelEnrichment -ResourceGroupName "myResourceGroupName" -Domain "microsoft.com"
```

```output
Expand All @@ -58,7 +58,7 @@ This command gets an enrichment for a domain.

### Example 2: Get a IP Enrichment
```powershell
Get-AzSentinelEnrichment -ResourceGroupName "myResourceGroupName" IPAddress "1.1.1.1"
Get-AzSentinelEnrichment -ResourceGroupName "myResourceGroupName" -IPAddress "1.1.1.1"
```

```output
Expand Down
2 changes: 1 addition & 1 deletion src/SecurityInsights/help/Get-AzSentinelEntityActivity.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Get Insights and Activities for an entity.

### Example 1: Get Insights and Activities for an Entity
```powershell
Get-AzSentinelEntityAcivity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId"
Get-AzSentinelEntityActivity -ResourceGroupName "myResourceGroupName" -workspaceName "myWorkspaceName" -EntityId "myEntityId"
```

```output
Expand Down
Loading

0 comments on commit 5124653

Please sign in to comment.