Bendrinti naudojant

az security automation

View your security automations.


Name Description Type Status
az security automation create_or_update

Creates or update a security automation.

Core GA
az security automation delete

Deletes a security automation.

Core GA
az security automation list

List all security automations under subscription/resource group.

Core GA
az security automation show

Shows a security automation.

Core GA
az security automation validate

Validates a security automation model before create or update.

Core GA

az security automation create_or_update

Creates or update a security automation.

az security automation create_or_update --actions


Creates a security automation.

az security automation create_or_update -g Sample-RG -n sampleAutomation -l eastus --scopes '[{"description": "Scope for 487bb485-b5b0-471e-9c0d-10717612f869", "scopePath": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869"}]' --sources '[{"eventSource":"SubAssessments","ruleSets":null}]' --actions '[{"actionType":"EventHub","eventHubResourceId":"subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ContosoSiemPipeRg/providers/Microsoft.EventHub/namespaces/contososiempipe-ns/eventhubs/surashed-test","connectionString":"Endpoint=sb://;SharedAccessKeyName=Send;SharedAccessKey=dummy=;EntityPath=dummy","SasPolicyName":"dummy"}]'

Required Parameters


A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.

--name -n

Name of the resource to be fetched.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.


A collection of scopes on which the security automations logic is applied.


A collection of the source event types which evaluate the security automation set of rules.

Optional Parameters


The security automation description.


Entity tag is used for comparing two or more entities from the same requested resource.


Indicates whether the security automation is enabled.

--location -l

Location of the resource.


A list of key value pairs that describe the resource.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.

az security automation delete

Deletes a security automation.

az security automation delete --name


Deletes a security automation.

az security automation delete -g 'sampleRg' -n 'sampleAutomation'

Required Parameters

--name -n

Name of the resource to be fetched.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.

az security automation list

List all security automations under subscription/resource group.

az security automation list [--resource-group]


List all security automations under subscription

az security automation list

List all security automations under resource group

az security automation list -g 'sampleRg'

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.

az security automation show

Shows a security automation.

az security automation show --name


Shows a security automation.

az security automation show -g Sample-RG -n 'sampleAutomation'

Required Parameters

--name -n

Name of the resource to be fetched.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.

az security automation validate

Validates a security automation model before create or update.

az security automation validate --actions


Validates a security automation model before create or update.

az security automation validate -g Sample-RG -n sampleAutomation -l eastus --scopes '[{"description": "Scope for 487bb485-b5b0-471e-9c0d-10717612f869", "scopePath": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869"}]' --sources '[{"eventSource":"SubAssessments","ruleSets":null}]' --actions '[{"actionType":"EventHub","eventHubResourceId":"subscriptions/212f9889-769e-45ae-ab43-6da33674bd26/resourceGroups/ContosoSiemPipeRg/providers/Microsoft.EventHub/namespaces/contososiempipe-ns/eventhubs/surashed-test","connectionString":"Endpoint=sb://;SharedAccessKeyName=Send;SharedAccessKey=dummy=;EntityPath=dummy","SasPolicyName":"dummy"}]'

Required Parameters


A collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.

--name -n

Name of the resource to be fetched.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.


A collection of scopes on which the security automations logic is applied.


A collection of the source event types which evaluate the security automation set of rules.

Optional Parameters


The security automation description.


Entity tag is used for comparing two or more entities from the same requested resource.


Indicates whether the security automation is enabled.

--location -l

Location of the resource.


A list of key value pairs that describe the resource.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.