Update-MgBetaSecurityRule

Module:: Microsoft.Graph.Beta.Security Module

Update the navigation property rules in security

Syntax

UpdateExpanded (Default)

Update-MgBetaSecurityRule
    [-ResponseHeadersVariable <string>]
    [-AdditionalProperties <hashtable>]
    [-DetectionRules <IMicrosoftGraphSecurityDetectionRule[]>]
    [-Id <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Update

Update-MgBetaSecurityRule
    -BodyParameter <IMicrosoftGraphSecurityRulesRoot>
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Parameters

-AdditionalProperties

Additional Parameters

Parameter properties

Type:	System.Collections.Hashtable
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-BodyParameter

rulesRoot To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityRulesRoot
Supports wildcards:	False
DontShow:	False

Parameter sets

Update

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Break

Wait for .NET debugger to attach

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Supports wildcards:	False
DontShow:	False
Aliases:	cf

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-DetectionRules

To construct, see NOTES section for DETECTIONRULES properties and create a hash table.

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityDetectionRule[]
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Headers

Optional headers that will be added to the request.

Parameter properties

Type:	System.Collections.IDictionary
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-HttpPipelineAppend

SendAsync Pipeline Steps to be appended to the front of the pipeline

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-HttpPipelinePrepend

SendAsync Pipeline Steps to be prepended to the front of the pipeline

Parameter properties

Type:	Microsoft.Graph.Beta.PowerShell.Runtime.SendAsyncStep[]
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Id

The unique identifier for an entity. Read-only.

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False

Parameter sets

UpdateExpanded

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Proxy

The URI for the proxy server to use

Parameter properties

Type:	System.Uri
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ProxyCredential

Credentials for a proxy server to use for the remote call

Parameter properties

Type:	System.Management.Automation.PSCredential
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ProxyUseDefaultCredentials

Use the default credentials for the proxy

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResponseHeadersVariable

Optional Response Headers Variable.

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False
Aliases:	RHV

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-WhatIf

Runs the command in a mode that only reports what would happen without performing the actions.

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Supports wildcards:	False
DontShow:	False
Aliases:	wi

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityRulesRoot

System.Collections.IDictionary

Outputs

Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphSecurityRulesRoot

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphSecurityRulesRoot>: rulesRoot [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique identifier for an entity. Read-only. [DetectionRules <IMicrosoftGraphSecurityDetectionRule[]>]: [CreatedBy <String>]: Name of the user or application that created the rule. [CreatedDateTime <DateTime?>]: Timestamp of rule creation. [DisplayName <String>]: Name of the rule. [IsEnabled <Boolean?>]: Whether rule is turned on for the tenant. [LastModifiedBy <String>]: Name of the user or application who last updated the rule. [LastModifiedDateTime <DateTime?>]: Timestamp of when the rule was last updated. [Id <String>]: The unique identifier for an entity. Read-only. [DetectionAction <IMicrosoftGraphSecurityDetectionAction>]: detectionAction [(Any) <Object>]: This indicates any property can be added to this object. [AlertTemplate <IMicrosoftGraphSecurityAlertTemplate>]: alertTemplate [(Any) <Object>]: This indicates any property can be added to this object. [Category <String>]: Category assigned to the alert triggered by the custom detection rule. [Description <String>]: Description of the alert triggered by the custom detection rule. [ImpactedAssets <IMicrosoftGraphSecurityImpactedAsset[]>]: Which asset or assets were impacted based on the alert triggered by the custom detection rule. [MitreTechniques <String[]>]: MITRE technique assigned to the alert triggered by the custom detection rule. [RecommendedActions <String>]: Recommended actions to mitigate the threat related to the alert triggered by the custom detection rule. [Severity <String>]: alertSeverity [Title <String>]: Name of the alert triggered by the custom detection rule. [OrganizationalScope <IMicrosoftGraphSecurityOrganizationalScope>]: organizationalScope [(Any) <Object>]: This indicates any property can be added to this object. [ScopeNames <String[]>]: List of groups to which the custom detection rule applies. [ScopeType <String>]: scopeType [ResponseActions <IMicrosoftGraphSecurityResponseAction[]>]: Actions taken on impacted assets as set in the custom detection rule. [DetectorId <String>]: The ID of the detector that triggered the alert. Also see the 'detectorId' field in microsoft.graph.security.alert. [LastRunDetails <IMicrosoftGraphSecurityRunDetails>]: runDetails [(Any) <Object>]: This indicates any property can be added to this object. [ErrorCode <String>]: huntingRuleErrorCode [FailureReason <String>]: Reason for failure when the custom detection last ran and failed. See the table below. [LastRunDateTime <DateTime?>]: Timestamp when the custom detection was last run. [Status <String>]: huntingRuleRunStatus [QueryCondition <IMicrosoftGraphSecurityQueryCondition>]: queryCondition [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedDateTime <DateTime?>]: Timestamp of when the query in the custom detection rule was last updated. [QueryText <String>]: Contents of the query. [Schedule <IMicrosoftGraphSecurityRuleSchedule>]: ruleSchedule [(Any) <Object>]: This indicates any property can be added to this object. [NextRunDateTime <DateTime?>]: Timestamp of the custom detection rule's next scheduled run. [Period <String>]: How often the detection rule is set to run. The allowed values are: 0, 1H, 3H, 12H, or 24H. '0' signifies the rule is run continuously.

DETECTIONRULES <IMicrosoftGraphSecurityDetectionRule[]>: . [CreatedBy <String>]: Name of the user or application that created the rule. [CreatedDateTime <DateTime?>]: Timestamp of rule creation. [DisplayName <String>]: Name of the rule. [IsEnabled <Boolean?>]: Whether rule is turned on for the tenant. [LastModifiedBy <String>]: Name of the user or application who last updated the rule. [LastModifiedDateTime <DateTime?>]: Timestamp of when the rule was last updated. [Id <String>]: The unique identifier for an entity. Read-only. [DetectionAction <IMicrosoftGraphSecurityDetectionAction>]: detectionAction [(Any) <Object>]: This indicates any property can be added to this object. [AlertTemplate <IMicrosoftGraphSecurityAlertTemplate>]: alertTemplate [(Any) <Object>]: This indicates any property can be added to this object. [Category <String>]: Category assigned to the alert triggered by the custom detection rule. [Description <String>]: Description of the alert triggered by the custom detection rule. [ImpactedAssets <IMicrosoftGraphSecurityImpactedAsset[]>]: Which asset or assets were impacted based on the alert triggered by the custom detection rule. [MitreTechniques <String[]>]: MITRE technique assigned to the alert triggered by the custom detection rule. [RecommendedActions <String>]: Recommended actions to mitigate the threat related to the alert triggered by the custom detection rule. [Severity <String>]: alertSeverity [Title <String>]: Name of the alert triggered by the custom detection rule. [OrganizationalScope <IMicrosoftGraphSecurityOrganizationalScope>]: organizationalScope [(Any) <Object>]: This indicates any property can be added to this object. [ScopeNames <String[]>]: List of groups to which the custom detection rule applies. [ScopeType <String>]: scopeType [ResponseActions <IMicrosoftGraphSecurityResponseAction[]>]: Actions taken on impacted assets as set in the custom detection rule. [DetectorId <String>]: The ID of the detector that triggered the alert. Also see the 'detectorId' field in microsoft.graph.security.alert. [LastRunDetails <IMicrosoftGraphSecurityRunDetails>]: runDetails [(Any) <Object>]: This indicates any property can be added to this object. [ErrorCode <String>]: huntingRuleErrorCode [FailureReason <String>]: Reason for failure when the custom detection last ran and failed. See the table below. [LastRunDateTime <DateTime?>]: Timestamp when the custom detection was last run. [Status <String>]: huntingRuleRunStatus [QueryCondition <IMicrosoftGraphSecurityQueryCondition>]: queryCondition [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedDateTime <DateTime?>]: Timestamp of when the query in the custom detection rule was last updated. [QueryText <String>]: Contents of the query. [Schedule <IMicrosoftGraphSecurityRuleSchedule>]: ruleSchedule [(Any) <Object>]: This indicates any property can be added to this object. [NextRunDateTime <DateTime?>]: Timestamp of the custom detection rule's next scheduled run. [Period <String>]: How often the detection rule is set to run. The allowed values are: 0, 1H, 3H, 12H, or 24H. '0' signifies the rule is run continuously.