Kelly Garcia
asked on
ExtendedProperties in Get-AzSecurityAlerted into Variable in PowerShell
When i run the command get-azsecurityalert, i get the following result:
Id : /subscriptions/4b06/resour ceGroups/G UD01/prov
iders/Microsoft.Security/l ocations/c entralus/a lerts/2564 70605332_2 de8ba64-8e c8-47-8ce0 -00
4f77588f3f
Name : 4777-8ce0-00488f3f
ActionTaken : Undefined
AlertDisplayName : Azure Security Center test alert (not a threat)
AlertName : SCUBA_RULE_ASC_EICAR
AssociatedResource : /subscriptions/6e6ab4b06/r esourceGro ups/CCLOUD 01/prov
iders/Microsoft.Compute/vi rtualMachi nes/azrapp 007
CanBeInvestigated : True
CompromisedEntity : RAPP007
ConfidenceReasons : {}
ConfidenceScore :
Description : This is a test alert generated by Azure Security Center. No further action is needed.
DetectedTimeUtc : 25/09/2019 10:42:32
Entities : {Microsoft.Azure.Commands. Security.M odels.Aler ts.PSSecur ityAlertEn tity,
Microsoft.Azure.Commands.S ecurity.Mo dels.Alert s.PSSecuri tyAlertEnt ity,
Microsoft.Azure.Commands.S ecurity.Mo dels.Alert s.PSSecuri tyAlertEnt ity,
Microsoft.Azure.Commands.S ecurity.Mo dels.Alert s.PSSecuri tyAlertEnt ity...}
ExtendedProperties : {[compromised Host, AZRAPP007], [user Name, Kloud\KellyGarcia], [account
Session Id, 0x13ce9cc], [suspicious Process,
c:\users\Kelly.Garcia\desk top\asc_al erttest_66 2jfi039n.e xe]...}
InstanceId : 2de8ba64-8ec8-4777-8ce0-00 4f77588f3f
RemediationSteps : No further action is needed.
ReportedSeverity : High
ReportedTimeUtc : 25/09/2019 10:43:11
State : Active
SubscriptionId : d7644790-4c1a-4a7c-8817-df 76e6ab4b06
SystemSource : Azure
VendorName : Microsoft
WorkspaceArmId : /subscriptions/b68d365f314 ad67/resou rcegroups/ rg-dev-log analytics0 01/provide r
s/microsoft.operationalins ights/work spaces/god evopsla001
i need the process name in a varialble which is under extended properties:
ExtendedProperties : {[compromised Host, RAPP007], [user Name, Kloud\KellyGarcia], [account
Session Id, 0x13ce9cc], [suspicious Process,
c:\users\Kelly.Garcia\desk top\asc_al erttest_66 2jfi039n.e xe]...}
the gm for extended properties return me the following result:
TypeName: Selected.Microsoft.Azure.C ommands.Se curity.Mod els.Alerts .PSSecurit yAlert
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
ExtendedProperties NoteProperty Dictionary[string,Object] ExtendedProperties=System. Collection s.Generic. Dictionary `2...
how do i do this?
Id : /subscriptions/4b06/resour
iders/Microsoft.Security/l
4f77588f3f
Name : 4777-8ce0-00488f3f
ActionTaken : Undefined
AlertDisplayName : Azure Security Center test alert (not a threat)
AlertName : SCUBA_RULE_ASC_EICAR
AssociatedResource : /subscriptions/6e6ab4b06/r
iders/Microsoft.Compute/vi
CanBeInvestigated : True
CompromisedEntity : RAPP007
ConfidenceReasons : {}
ConfidenceScore :
Description : This is a test alert generated by Azure Security Center. No further action is needed.
DetectedTimeUtc : 25/09/2019 10:42:32
Entities : {Microsoft.Azure.Commands.
Microsoft.Azure.Commands.S
Microsoft.Azure.Commands.S
Microsoft.Azure.Commands.S
ExtendedProperties : {[compromised Host, AZRAPP007], [user Name, Kloud\KellyGarcia], [account
Session Id, 0x13ce9cc], [suspicious Process,
c:\users\Kelly.Garcia\desk
InstanceId : 2de8ba64-8ec8-4777-8ce0-00
RemediationSteps : No further action is needed.
ReportedSeverity : High
ReportedTimeUtc : 25/09/2019 10:43:11
State : Active
SubscriptionId : d7644790-4c1a-4a7c-8817-df
SystemSource : Azure
VendorName : Microsoft
WorkspaceArmId : /subscriptions/b68d365f314
s/microsoft.operationalins
i need the process name in a varialble which is under extended properties:
ExtendedProperties : {[compromised Host, RAPP007], [user Name, Kloud\KellyGarcia], [account
Session Id, 0x13ce9cc], [suspicious Process,
c:\users\Kelly.Garcia\desk
the gm for extended properties return me the following result:
TypeName: Selected.Microsoft.Azure.C
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
ExtendedProperties NoteProperty Dictionary[string,Object] ExtendedProperties=System.
how do i do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.