New-MgBetaSecurityRuleDetectionRule

New-MgBetaSecurityRuleDetectionRule
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-CreatedBy <string>]
    [-CreatedDateTime <datetime>]
    [-DetectionAction <IMicrosoftGraphSecurityDetectionAction>]
    [-DetectorId <string>]
    [-DisplayName <string>]
    [-Id <string>]
    [-IsEnabled]
    [-LastModifiedBy <string>]
    [-LastModifiedDateTime <datetime>]
    [-LastRunDetails <IMicrosoftGraphSecurityRunDetails>]
    [-QueryCondition <IMicrosoftGraphSecurityQueryCondition>]
    [-Schedule <IMicrosoftGraphSecurityRuleSchedule>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

New-MgBetaSecurityRuleDetectionRule
    -BodyParameter <IMicrosoftGraphSecurityDetectionRule>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

{{ Fill in the Description }}

{{ Fill in the Description }}

{{ Fill in the Description }}

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphSecurityDetectionRule>: detectionRule [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <String>]: Name of the user or application that created the rule. [CreatedDateTime <DateTime?>]: Timestamp of rule creation. [DisplayName <String>]: Name of the rule. [IsEnabled <Boolean?>]: Whether rule is turned on for the tenant. [LastModifiedBy <String>]: Name of the user or application who last updated the rule. [LastModifiedDateTime <DateTime?>]: Timestamp of when the rule was last updated. [Id <String>]: The unique identifier for an entity. Read-only. [DetectionAction <IMicrosoftGraphSecurityDetectionAction>]: detectionAction [(Any) <Object>]: This indicates any property can be added to this object. [AlertTemplate <IMicrosoftGraphSecurityAlertTemplate>]: alertTemplate [(Any) <Object>]: This indicates any property can be added to this object. [Category <String>]: Category assigned to the alert triggered by the custom detection rule. [Description <String>]: Description of the alert triggered by the custom detection rule. [ImpactedAssets <IMicrosoftGraphSecurityImpactedAsset[]>]: Which asset or assets were impacted based on the alert triggered by the custom detection rule. [MitreTechniques <String[]>]: MITRE technique assigned to the alert triggered by the custom detection rule. [RecommendedActions <String>]: Recommended actions to mitigate the threat related to the alert triggered by the custom detection rule. [Severity <String>]: alertSeverity [Title <String>]: Name of the alert triggered by the custom detection rule. [OrganizationalScope <IMicrosoftGraphSecurityOrganizationalScope>]: organizationalScope [(Any) <Object>]: This indicates any property can be added to this object. [ScopeNames <String[]>]: List of groups to which the custom detection rule applies. [ScopeType <String>]: scopeType [ResponseActions <IMicrosoftGraphSecurityResponseAction[]>]: Actions taken on impacted assets as set in the custom detection rule. [DetectorId <String>]: The ID of the detector that triggered the alert. Also see the 'detectorId' field in microsoft.graph.security.alert. [LastRunDetails <IMicrosoftGraphSecurityRunDetails>]: runDetails [(Any) <Object>]: This indicates any property can be added to this object. [ErrorCode <String>]: huntingRuleErrorCode [FailureReason <String>]: Reason for failure when the custom detection last ran and failed. See the table below. [LastRunDateTime <DateTime?>]: Timestamp when the custom detection was last run. [Status <String>]: huntingRuleRunStatus [QueryCondition <IMicrosoftGraphSecurityQueryCondition>]: queryCondition [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedDateTime <DateTime?>]: Timestamp of when the query in the custom detection rule was last updated. [QueryText <String>]: Contents of the query. [Schedule <IMicrosoftGraphSecurityRuleSchedule>]: ruleSchedule [(Any) <Object>]: This indicates any property can be added to this object. [NextRunDateTime <DateTime?>]: Timestamp of the custom detection rule's next scheduled run. [Period <String>]: How often the detection rule is set to run. The allowed values are: 0, 1H, 3H, 12H, or 24H. '0' signifies the rule is run continuously.

DETECTIONACTION <IMicrosoftGraphSecurityDetectionAction>: detectionAction [(Any) <Object>]: This indicates any property can be added to this object. [AlertTemplate <IMicrosoftGraphSecurityAlertTemplate>]: alertTemplate [(Any) <Object>]: This indicates any property can be added to this object. [Category <String>]: Category assigned to the alert triggered by the custom detection rule. [Description <String>]: Description of the alert triggered by the custom detection rule. [ImpactedAssets <IMicrosoftGraphSecurityImpactedAsset[]>]: Which asset or assets were impacted based on the alert triggered by the custom detection rule. [MitreTechniques <String[]>]: MITRE technique assigned to the alert triggered by the custom detection rule. [RecommendedActions <String>]: Recommended actions to mitigate the threat related to the alert triggered by the custom detection rule. [Severity <String>]: alertSeverity [Title <String>]: Name of the alert triggered by the custom detection rule. [OrganizationalScope <IMicrosoftGraphSecurityOrganizationalScope>]: organizationalScope [(Any) <Object>]: This indicates any property can be added to this object. [ScopeNames <String[]>]: List of groups to which the custom detection rule applies. [ScopeType <String>]: scopeType [ResponseActions <IMicrosoftGraphSecurityResponseAction[]>]: Actions taken on impacted assets as set in the custom detection rule.

LASTRUNDETAILS <IMicrosoftGraphSecurityRunDetails>: runDetails [(Any) <Object>]: This indicates any property can be added to this object. [ErrorCode <String>]: huntingRuleErrorCode [FailureReason <String>]: Reason for failure when the custom detection last ran and failed. See the table below. [LastRunDateTime <DateTime?>]: Timestamp when the custom detection was last run. [Status <String>]: huntingRuleRunStatus

QUERYCONDITION <IMicrosoftGraphSecurityQueryCondition>: queryCondition [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedDateTime <DateTime?>]: Timestamp of when the query in the custom detection rule was last updated. [QueryText <String>]: Contents of the query.

SCHEDULE <IMicrosoftGraphSecurityRuleSchedule>: ruleSchedule [(Any) <Object>]: This indicates any property can be added to this object. [NextRunDateTime <DateTime?>]: Timestamp of the custom detection rule's next scheduled run. [Period <String>]: How often the detection rule is set to run. The allowed values are: 0, 1H, 3H, 12H, or 24H. '0' signifies the rule is run continuously.