az sentinel bookmark

Note

This reference is part of the sentinel extension for the Azure CLI (version 2.37.0 or higher). The extension will automatically install the first time you run an az sentinel bookmark command. Learn more about extensions.

Manage bookmark with sentinel.

Commands

Name	Description	Type	Status
az sentinel bookmark create	Create the bookmark.	Extension	Experimental
az sentinel bookmark delete	Delete the bookmark.	Extension	Experimental
az sentinel bookmark expand	Expand an bookmark.	Extension	Experimental
az sentinel bookmark list	Get all bookmarks.	Extension	Experimental
az sentinel bookmark relation	Manage bookmark relation with sentinel.	Extension	GA
az sentinel bookmark relation create	Create the bookmark relation.	Extension	Experimental
az sentinel bookmark relation delete	Delete the bookmark relation.	Extension	Experimental
az sentinel bookmark relation list	Get all bookmark relations.	Extension	Experimental
az sentinel bookmark relation show	Get a bookmark relation.	Extension	Experimental
az sentinel bookmark relation update	Update the bookmark relation.	Extension	Experimental
az sentinel bookmark show	Get a bookmark.	Extension	Experimental
az sentinel bookmark update	Update the bookmark.	Extension	Experimental

az sentinel bookmark create

Experimental

This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create the bookmark.

az sentinel bookmark create --bookmark-id --name
                            --resource-group
                            --workspace-name
                            [--created]
                            [--created-by]
                            [--display-name]
                            [--entity-mappings]
                            [--etag]
                            [--event-time]
                            [--incident-info]
                            [--labels]
                            [--notes]
                            [--query-content]
                            [--query-end-time]
                            [--query-result]
                            [--query-start-time]
                            [--tactics]
                            [--techniques]
                            [--updated]
                            [--updated-by]

Required Parameters

--bookmark-id --name -n

Experimental

ID of bookmark.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--workspace-name -w

Experimental

The name of the workspace.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--created

The time the bookmark was created.

Property	Value
Parameter group:	Properties Arguments

--created-by

Describes a user that created the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--display-name

The display name of the bookmark.

Property	Value
Parameter group:	Properties Arguments

--entity-mappings

Describes the entity mappings of the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--etag

Etag of the azure resource.

Property	Value
Parameter group:	Bookmark Arguments

--event-time

The bookmark event time.

Property	Value
Parameter group:	Properties Arguments

--incident-info

Describes an incident that relates to bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--labels

List of labels relevant to this bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--notes

The notes of the bookmark.

Property	Value
Parameter group:	Properties Arguments

--query-content

Experimental

The query of the bookmark.

Property	Value
Parameter group:	Properties Arguments

--query-end-time

The end time for the query.

Property	Value
Parameter group:	Properties Arguments

--query-result

The query result of the bookmark.

Property	Value
Parameter group:	Properties Arguments

--query-start-time

The start time for the query.

Property	Value
Parameter group:	Properties Arguments

--tactics

A list of relevant mitre attacks Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--techniques

A list of relevant mitre techniques Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--updated

The last time the bookmark was updated.

Property	Value
Parameter group:	Properties Arguments

--updated-by

Describes a user that updated the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az sentinel bookmark delete

Experimental

This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Delete the bookmark.

az sentinel bookmark delete [--bookmark-id --name]
                            [--ids]
                            [--resource-group]
                            [--subscription]
                            [--workspace-name]
                            [--yes]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--bookmark-id --name -n

Experimental

ID of bookmark.

Property	Value
Parameter group:	Resource Id Arguments

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--workspace-name -w

Experimental

The name of the workspace.

Property	Value
Parameter group:	Resource Id Arguments

--yes -y

Do not prompt for confirmation.

Property	Value
Default value:	False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az sentinel bookmark expand

Experimental

This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Expand an bookmark.

az sentinel bookmark expand --bookmark-id --name
                            --resource-group
                            --workspace-name
                            [--end-time]
                            [--expansion-id]
                            [--start-time]

Required Parameters

--bookmark-id --name -n

Experimental

ID of bookmark.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--workspace-name -w

Experimental

The name of the workspace.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--end-time

The end date filter, so the only expansion results returned are before this date.

Property	Value
Parameter group:	Parameters Arguments

--expansion-id

The Id of the expansion to perform.

Property	Value
Parameter group:	Parameters Arguments

--start-time

The start date filter, so the only expansion results returned are after this date.

Property	Value
Parameter group:	Parameters Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az sentinel bookmark list

Experimental

This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get all bookmarks.

az sentinel bookmark list --resource-group
                          --workspace-name

Required Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--workspace-name -w

Experimental

The name of the workspace.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az sentinel bookmark show

Experimental

This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get a bookmark.

az sentinel bookmark show [--bookmark-id --name]
                          [--ids]
                          [--resource-group]
                          [--subscription]
                          [--workspace-name]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--bookmark-id --name -n

Experimental

ID of bookmark.

Property	Value
Parameter group:	Resource Id Arguments

--ids

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--workspace-name -w

Experimental

The name of the workspace.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az sentinel bookmark update

Experimental

This command is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Update the bookmark.

az sentinel bookmark update [--add]
                            [--bookmark-id --name]
                            [--created]
                            [--created-by]
                            [--display-name]
                            [--entity-mappings]
                            [--etag]
                            [--event-time]
                            [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                            [--ids]
                            [--incident-info]
                            [--labels]
                            [--notes]
                            [--query-content]
                            [--query-end-time]
                            [--query-result]
                            [--query-start-time]
                            [--remove]
                            [--resource-group]
                            [--set]
                            [--subscription]
                            [--tactics]
                            [--techniques]
                            [--updated]
                            [--updated-by]
                            [--workspace-name]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Property	Value
Parameter group:	Generic Update Arguments

--bookmark-id --name -n

Experimental

ID of bookmark.

Property	Value
Parameter group:	Resource Id Arguments

--created

The time the bookmark was created.

Property	Value
Parameter group:	Properties Arguments

--created-by

Describes a user that created the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--display-name

The display name of the bookmark.

Property	Value
Parameter group:	Properties Arguments

--entity-mappings

Describes the entity mappings of the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--etag

Etag of the azure resource.

Property	Value
Parameter group:	Bookmark Arguments

--event-time

The bookmark event time.

Property	Value
Parameter group:	Properties Arguments

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Property	Value
Parameter group:	Generic Update Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--ids

Property	Value
Parameter group:	Resource Id Arguments

--incident-info

Describes an incident that relates to bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--labels

List of labels relevant to this bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--notes

The notes of the bookmark.

Property	Value
Parameter group:	Properties Arguments

--query-content

Experimental

The query of the bookmark.

Property	Value
Parameter group:	Properties Arguments

--query-end-time

The end time for the query.

Property	Value
Parameter group:	Properties Arguments

--query-result

The query result of the bookmark.

Property	Value
Parameter group:	Properties Arguments

--query-start-time

The start time for the query.

Property	Value
Parameter group:	Properties Arguments

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Property	Value
Parameter group:	Generic Update Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Property	Value
Parameter group:	Generic Update Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--tactics

A list of relevant mitre attacks Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--techniques

A list of relevant mitre techniques Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--updated

The last time the bookmark was updated.

Property	Value
Parameter group:	Properties Arguments

--updated-by

Describes a user that updated the bookmark Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Properties Arguments

--workspace-name -w

Experimental

The name of the workspace.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

Feedback

Was this page helpful?

Share via

az sentinel bookmark

Commands

az sentinel bookmark create

Required Parameters

Optional Parameters

az sentinel bookmark delete

Optional Parameters

az sentinel bookmark expand

Required Parameters

Optional Parameters

az sentinel bookmark list

Required Parameters

az sentinel bookmark show

Optional Parameters

az sentinel bookmark update

Optional Parameters

Feedback