ExtendedProperties in Get-AzSecurityAlerted into Variable in PowerShell
When i run the command get-azsecurityalert, i get the following result:
Id : /subscriptions/4b06/resour
iders/Microsoft.Security/l
4f77588f3f
Name : 4777-8ce0-00488f3f
ActionTaken : Undefined
AlertDisplayName : Azure Security Center test alert (not a threat)
AlertName : SCUBA_RULE_ASC_EICAR
AssociatedResource : /subscriptions/6e6ab4b06/r
iders/Microsoft.Compute/vi
CanBeInvestigated : True
CompromisedEntity : RAPP007
ConfidenceReasons : {}
ConfidenceScore :
Description : This is a test alert generated by Azure Security Center. No further action is needed.
DetectedTimeUtc : 25/09/2019 10:42:32
Entities : {Microsoft.Azure.Commands.
Microsoft.Azure.Commands.S
Microsoft.Azure.Commands.S
Microsoft.Azure.Commands.S
ExtendedProperties : {[compromised Host, AZRAPP007], [user Name, Kloud\KellyGarcia], [account
Session Id, 0x13ce9cc], [suspicious Process,
c:\users\Kelly.Garcia\desk
InstanceId : 2de8ba64-8ec8-4777-8ce0-00
RemediationSteps : No further action is needed.
ReportedSeverity : High
ReportedTimeUtc : 25/09/2019 10:43:11
State : Active
SubscriptionId : d7644790-4c1a-4a7c-8817-df
SystemSource : Azure
VendorName : Microsoft
WorkspaceArmId : /subscriptions/b68d365f314
s/microsoft.operationalins
i need the process name in a varialble which is under extended properties:
ExtendedProperties : {[compromised Host, RAPP007], [user Name, Kloud\KellyGarcia], [account
Session Id, 0x13ce9cc], [suspicious Process,
c:\users\Kelly.Garcia\desk
the gm for extended properties return me the following result:
TypeName: Selected.Microsoft.Azure.C
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
ExtendedProperties NoteProperty Dictionary[string,Object] ExtendedProperties=System.
how do i do this?
Id : /subscriptions/4b06/resour
iders/Microsoft.Security/l
4f77588f3f
Name : 4777-8ce0-00488f3f
ActionTaken : Undefined
AlertDisplayName : Azure Security Center test alert (not a threat)
AlertName : SCUBA_RULE_ASC_EICAR
AssociatedResource : /subscriptions/6e6ab4b06/r
iders/Microsoft.Compute/vi
CanBeInvestigated : True
CompromisedEntity : RAPP007
ConfidenceReasons : {}
ConfidenceScore :
Description : This is a test alert generated by Azure Security Center. No further action is needed.
DetectedTimeUtc : 25/09/2019 10:42:32
Entities : {Microsoft.Azure.Commands.
Microsoft.Azure.Commands.S
Microsoft.Azure.Commands.S
Microsoft.Azure.Commands.S
ExtendedProperties : {[compromised Host, AZRAPP007], [user Name, Kloud\KellyGarcia], [account
Session Id, 0x13ce9cc], [suspicious Process,
c:\users\Kelly.Garcia\desk
InstanceId : 2de8ba64-8ec8-4777-8ce0-00
RemediationSteps : No further action is needed.
ReportedSeverity : High
ReportedTimeUtc : 25/09/2019 10:43:11
State : Active
SubscriptionId : d7644790-4c1a-4a7c-8817-df
SystemSource : Azure
VendorName : Microsoft
WorkspaceArmId : /subscriptions/b68d365f314
s/microsoft.operationalins
i need the process name in a varialble which is under extended properties:
ExtendedProperties : {[compromised Host, RAPP007], [user Name, Kloud\KellyGarcia], [account
Session Id, 0x13ce9cc], [suspicious Process,
c:\users\Kelly.Garcia\desk
the gm for extended properties return me the following result:
TypeName: Selected.Microsoft.Azure.C
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
ExtendedProperties NoteProperty Dictionary[string,Object] ExtendedProperties=System.
how do i do this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.