Docs
Packages
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi
azure-native.securityinsights.ScheduledAlertRule
Explore with Pulumi AI
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi
Represents scheduled alert rule. API Version: 2020-01-01.
Example Usage
Creates or updates a Fusion alert rule.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
{
ResourceGroupName = "myRg",
RuleId = "myFirstFusionRule",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
ResourceGroupName: pulumi.String("myRg"),
RuleId: pulumi.String("myFirstFusionRule"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
.resourceGroupName("myRg")
.ruleId("myFirstFusionRule")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
scheduled_alert_rule = azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule",
resource_group_name="myRg",
rule_id="myFirstFusionRule",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const scheduledAlertRule = new azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule", {
resourceGroupName: "myRg",
ruleId: "myFirstFusionRule",
workspaceName: "myWorkspace",
});
resources:
scheduledAlertRule:
type: azure-native:securityinsights:ScheduledAlertRule
properties:
resourceGroupName: myRg
ruleId: myFirstFusionRule
workspaceName: myWorkspace
Creates or updates a MicrosoftSecurityIncidentCreation rule.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
{
ResourceGroupName = "myRg",
RuleId = "microsoftSecurityIncidentCreationRuleExample",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
ResourceGroupName: pulumi.String("myRg"),
RuleId: pulumi.String("microsoftSecurityIncidentCreationRuleExample"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
.resourceGroupName("myRg")
.ruleId("microsoftSecurityIncidentCreationRuleExample")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
scheduled_alert_rule = azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule",
resource_group_name="myRg",
rule_id="microsoftSecurityIncidentCreationRuleExample",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const scheduledAlertRule = new azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule", {
resourceGroupName: "myRg",
ruleId: "microsoftSecurityIncidentCreationRuleExample",
workspaceName: "myWorkspace",
});
resources:
scheduledAlertRule:
type: azure-native:securityinsights:ScheduledAlertRule
properties:
resourceGroupName: myRg
ruleId: microsoftSecurityIncidentCreationRuleExample
workspaceName: myWorkspace
Creates or updates a Scheduled alert rule.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
{
Description = "",
DisplayName = "Rule2",
Enabled = true,
Kind = "Scheduled",
Query = "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden",
QueryFrequency = "PT1H",
QueryPeriod = "P2DT1H30M",
ResourceGroupName = "myRg",
RuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
Severity = "High",
SuppressionDuration = "PT1H",
SuppressionEnabled = false,
Tactics = new[]
{
"Persistence",
"LateralMovement",
},
TriggerOperator = AzureNative.SecurityInsights.TriggerOperator.GreaterThan,
TriggerThreshold = 0,
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
Description: pulumi.String(""),
DisplayName: pulumi.String("Rule2"),
Enabled: pulumi.Bool(true),
Kind: pulumi.String("Scheduled"),
Query: pulumi.String("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden"),
QueryFrequency: pulumi.String("PT1H"),
QueryPeriod: pulumi.String("P2DT1H30M"),
ResourceGroupName: pulumi.String("myRg"),
RuleId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
Severity: pulumi.String("High"),
SuppressionDuration: pulumi.String("PT1H"),
SuppressionEnabled: pulumi.Bool(false),
Tactics: pulumi.StringArray{
pulumi.String("Persistence"),
pulumi.String("LateralMovement"),
},
TriggerOperator: securityinsights.TriggerOperatorGreaterThan,
TriggerThreshold: pulumi.Int(0),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
.description("")
.displayName("Rule2")
.enabled(true)
.kind("Scheduled")
.query("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden")
.queryFrequency("PT1H")
.queryPeriod("P2DT1H30M")
.resourceGroupName("myRg")
.ruleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.severity("High")
.suppressionDuration("PT1H")
.suppressionEnabled(false)
.tactics(
"Persistence",
"LateralMovement")
.triggerOperator("GreaterThan")
.triggerThreshold(0)
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
scheduled_alert_rule = azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule",
description="",
display_name="Rule2",
enabled=True,
kind="Scheduled",
query="ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden",
query_frequency="PT1H",
query_period="P2DT1H30M",
resource_group_name="myRg",
rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
severity="High",
suppression_duration="PT1H",
suppression_enabled=False,
tactics=[
"Persistence",
"LateralMovement",
],
trigger_operator=azure_native.securityinsights.TriggerOperator.GREATER_THAN,
trigger_threshold=0,
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const scheduledAlertRule = new azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule", {
description: "",
displayName: "Rule2",
enabled: true,
kind: "Scheduled",
query: "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden",
queryFrequency: "PT1H",
queryPeriod: "P2DT1H30M",
resourceGroupName: "myRg",
ruleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
severity: "High",
suppressionDuration: "PT1H",
suppressionEnabled: false,
tactics: [
"Persistence",
"LateralMovement",
],
triggerOperator: azure_native.securityinsights.TriggerOperator.GreaterThan,
triggerThreshold: 0,
workspaceName: "myWorkspace",
});
resources:
scheduledAlertRule:
type: azure-native:securityinsights:ScheduledAlertRule
properties:
description:
displayName: Rule2
enabled: true
kind: Scheduled
query: ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden
queryFrequency: PT1H
queryPeriod: P2DT1H30M
resourceGroupName: myRg
ruleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
severity: High
suppressionDuration: PT1H
suppressionEnabled: false
tactics:
- Persistence
- LateralMovement
triggerOperator: GreaterThan
triggerThreshold: 0
workspaceName: myWorkspace
Create ScheduledAlertRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ScheduledAlertRule(name: string, args: ScheduledAlertRuleArgs, opts?: CustomResourceOptions);@overload
def ScheduledAlertRule(resource_name: str,
args: ScheduledAlertRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ScheduledAlertRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
workspace_name: Optional[str] = None,
enabled: Optional[bool] = None,
trigger_threshold: Optional[int] = None,
query: Optional[str] = None,
query_frequency: Optional[str] = None,
severity: Optional[Union[str, AlertSeverity]] = None,
display_name: Optional[str] = None,
trigger_operator: Optional[TriggerOperator] = None,
query_period: Optional[str] = None,
suppression_duration: Optional[str] = None,
suppression_enabled: Optional[bool] = None,
tactics: Optional[Sequence[Union[str, AttackTactic]]] = None,
description: Optional[str] = None,
rule_id: Optional[str] = None,
alert_rule_template_name: Optional[str] = None)func NewScheduledAlertRule(ctx *Context, name string, args ScheduledAlertRuleArgs, opts ...ResourceOption) (*ScheduledAlertRule, error)public ScheduledAlertRule(string name, ScheduledAlertRuleArgs args, CustomResourceOptions? opts = null)
public ScheduledAlertRule(String name, ScheduledAlertRuleArgs args)
public ScheduledAlertRule(String name, ScheduledAlertRuleArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:ScheduledAlertRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ScheduledAlertRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ScheduledAlertRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ScheduledAlertRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ScheduledAlertRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ScheduledAlertRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var scheduledAlertRuleResource = new AzureNative.Securityinsights.ScheduledAlertRule("scheduledAlertRuleResource", new()
{
ResourceGroupName = "string",
Kind = "string",
WorkspaceName = "string",
Enabled = false,
TriggerThreshold = 0,
Query = "string",
QueryFrequency = "string",
Severity = "string",
DisplayName = "string",
TriggerOperator = "GreaterThan",
QueryPeriod = "string",
SuppressionDuration = "string",
SuppressionEnabled = false,
Tactics = new[]
{
"string",
},
Description = "string",
RuleId = "string",
AlertRuleTemplateName = "string",
});
example, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRuleResource", &securityinsights.ScheduledAlertRuleArgs{
ResourceGroupName: "string",
Kind: "string",
WorkspaceName: "string",
Enabled: false,
TriggerThreshold: 0,
Query: "string",
QueryFrequency: "string",
Severity: "string",
DisplayName: "string",
TriggerOperator: "GreaterThan",
QueryPeriod: "string",
SuppressionDuration: "string",
SuppressionEnabled: false,
Tactics: []string{
"string",
},
Description: "string",
RuleId: "string",
AlertRuleTemplateName: "string",
})
var scheduledAlertRuleResource = new ScheduledAlertRule("scheduledAlertRuleResource", ScheduledAlertRuleArgs.builder()
.resourceGroupName("string")
.kind("string")
.workspaceName("string")
.enabled(false)
.triggerThreshold(0)
.query("string")
.queryFrequency("string")
.severity("string")
.displayName("string")
.triggerOperator("GreaterThan")
.queryPeriod("string")
.suppressionDuration("string")
.suppressionEnabled(false)
.tactics("string")
.description("string")
.ruleId("string")
.alertRuleTemplateName("string")
.build());
scheduled_alert_rule_resource = azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRuleResource",
resource_group_name=string,
kind=string,
workspace_name=string,
enabled=False,
trigger_threshold=0,
query=string,
query_frequency=string,
severity=string,
display_name=string,
trigger_operator=GreaterThan,
query_period=string,
suppression_duration=string,
suppression_enabled=False,
tactics=[string],
description=string,
rule_id=string,
alert_rule_template_name=string)
const scheduledAlertRuleResource = new azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRuleResource", {
resourceGroupName: "string",
kind: "string",
workspaceName: "string",
enabled: false,
triggerThreshold: 0,
query: "string",
queryFrequency: "string",
severity: "string",
displayName: "string",
triggerOperator: "GreaterThan",
queryPeriod: "string",
suppressionDuration: "string",
suppressionEnabled: false,
tactics: ["string"],
description: "string",
ruleId: "string",
alertRuleTemplateName: "string",
});
type: azure-native:securityinsights:ScheduledAlertRule
properties:
alertRuleTemplateName: string
description: string
displayName: string
enabled: false
kind: string
query: string
queryFrequency: string
queryPeriod: string
resourceGroupName: string
ruleId: string
severity: string
suppressionDuration: string
suppressionEnabled: false
tactics:
- string
triggerOperator: GreaterThan
triggerThreshold: 0
workspaceName: string
ScheduledAlertRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ScheduledAlertRule resource accepts the following input properties:
- Display
Name string - The display name for alerts created by this alert rule.
- Enabled bool
- Determines whether this alert rule is enabled or disabled.
- Query string
- The query that creates alerts for this rule.
- Query
Frequency string - The frequency (in ISO 8601 duration format) for this alert rule to run.
- Query
Period string - The period (in ISO 8601 duration format) that this alert rule looks at.
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Severity
string | Pulumi.
Azure Native. Security Insights. Alert Severity - The severity for alerts created by this alert rule.
- Suppression
Duration string - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
- Suppression
Enabled bool - Determines whether the suppression for this alert rule is enabled or disabled.
- Trigger
Operator Pulumi.Azure Native. Security Insights. Trigger Operator - The operation against the threshold that triggers alert rule.
- Trigger
Threshold int - The threshold triggers this alert rule.
- Workspace
Name string - The name of the workspace.
- Alert
Rule stringTemplate Name - The Name of the alert rule template used to create this rule.
- Description string
- The description of the alert rule.
- Rule
Id string - Alert rule ID
- Tactics
List<Union<string, Pulumi.
Azure Native. Security Insights. Attack Tactic>> - The tactics of the alert rule
- Display
Name string - The display name for alerts created by this alert rule.
- Enabled bool
- Determines whether this alert rule is enabled or disabled.
- Query string
- The query that creates alerts for this rule.
- Query
Frequency string - The frequency (in ISO 8601 duration format) for this alert rule to run.
- Query
Period string - The period (in ISO 8601 duration format) that this alert rule looks at.
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Severity
string | Alert
Severity - The severity for alerts created by this alert rule.
- Suppression
Duration string - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
- Suppression
Enabled bool - Determines whether the suppression for this alert rule is enabled or disabled.
- Trigger
Operator TriggerOperator - The operation against the threshold that triggers alert rule.
- Trigger
Threshold int - The threshold triggers this alert rule.
- Workspace
Name string - The name of the workspace.
- Alert
Rule stringTemplate Name - The Name of the alert rule template used to create this rule.
- Description string
- The description of the alert rule.
- Rule
Id string - Alert rule ID
- Tactics []string
- The tactics of the alert rule
- display
Name String - The display name for alerts created by this alert rule.
- enabled Boolean
- Determines whether this alert rule is enabled or disabled.
- query String
- The query that creates alerts for this rule.
- query
Frequency String - The frequency (in ISO 8601 duration format) for this alert rule to run.
- query
Period String - The period (in ISO 8601 duration format) that this alert rule looks at.
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- severity
String | Alert
Severity - The severity for alerts created by this alert rule.
- suppression
Duration String - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
- suppression
Enabled Boolean - Determines whether the suppression for this alert rule is enabled or disabled.
- trigger
Operator TriggerOperator - The operation against the threshold that triggers alert rule.
- trigger
Threshold Integer - The threshold triggers this alert rule.
- workspace
Name String - The name of the workspace.
- alert
Rule StringTemplate Name - The Name of the alert rule template used to create this rule.
- description String
- The description of the alert rule.
- rule
Id String - Alert rule ID
- tactics
List<Either<String,Attack
Tactic>> - The tactics of the alert rule
- display
Name string - The display name for alerts created by this alert rule.
- enabled boolean
- Determines whether this alert rule is enabled or disabled.
- query string
- The query that creates alerts for this rule.
- query
Frequency string - The frequency (in ISO 8601 duration format) for this alert rule to run.
- query
Period string - The period (in ISO 8601 duration format) that this alert rule looks at.
- resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- severity
string | Alert
Severity - The severity for alerts created by this alert rule.
- suppression
Duration string - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
- suppression
Enabled boolean - Determines whether the suppression for this alert rule is enabled or disabled.
- trigger
Operator TriggerOperator - The operation against the threshold that triggers alert rule.
- trigger
Threshold number - The threshold triggers this alert rule.
- workspace
Name string - The name of the workspace.
- alert
Rule stringTemplate Name - The Name of the alert rule template used to create this rule.
- description string
- The description of the alert rule.
- rule
Id string - Alert rule ID
- tactics
(string | Attack
Tactic)[] - The tactics of the alert rule
- display_
name str - The display name for alerts created by this alert rule.
- enabled bool
- Determines whether this alert rule is enabled or disabled.
- query str
- The query that creates alerts for this rule.
- query_
frequency str - The frequency (in ISO 8601 duration format) for this alert rule to run.
- query_
period str - The period (in ISO 8601 duration format) that this alert rule looks at.
- resource_
group_ strname - The name of the resource group within the user's subscription. The name is case insensitive.
- severity
str | Alert
Severity - The severity for alerts created by this alert rule.
- suppression_
duration str - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
- suppression_
enabled bool - Determines whether the suppression for this alert rule is enabled or disabled.
- trigger_
operator TriggerOperator - The operation against the threshold that triggers alert rule.
- trigger_
threshold int - The threshold triggers this alert rule.
- workspace_
name str - The name of the workspace.
- alert_
rule_ strtemplate_ name - The Name of the alert rule template used to create this rule.
- description str
- The description of the alert rule.
- rule_
id str - Alert rule ID
- tactics
Sequence[Union[str, Attack
Tactic]] - The tactics of the alert rule
- display
Name String - The display name for alerts created by this alert rule.
- enabled Boolean
- Determines whether this alert rule is enabled or disabled.
- query String
- The query that creates alerts for this rule.
- query
Frequency String - The frequency (in ISO 8601 duration format) for this alert rule to run.
- query
Period String - The period (in ISO 8601 duration format) that this alert rule looks at.
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- severity String | "High" | "Medium" | "Low" | "Informational"
- The severity for alerts created by this alert rule.
- suppression
Duration String - The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
- suppression
Enabled Boolean - Determines whether the suppression for this alert rule is enabled or disabled.
- trigger
Operator "GreaterThan" | "Less Than" | "Equal" | "Not Equal" - The operation against the threshold that triggers alert rule.
- trigger
Threshold Number - The threshold triggers this alert rule.
- workspace
Name String - The name of the workspace.
- alert
Rule StringTemplate Name - The Name of the alert rule template used to create this rule.
- description String
- The description of the alert rule.
- rule
Id String - Alert rule ID
- tactics
List<String | "Reconnaissance" | "Resource
Development" | "Initial Access" | "Execution" | "Persistence" | "Privilege Escalation" | "Defense Evasion" | "Credential Access" | "Discovery" | "Lateral Movement" | "Collection" | "Exfiltration" | "Command And Control" | "Impact" | "Pre Attack" | "Impair Process Control" | "Inhibit Response Function"> - The tactics of the alert rule
Outputs
All input properties are implicitly available as output properties. Additionally, the ScheduledAlertRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc - The last time that this alert rule has been modified.
- Name string
- Azure resource name
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc - The last time that this alert rule has been modified.
- Name string
- Azure resource name
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc - The last time that this alert rule has been modified.
- name String
- Azure resource name
- type String
- Azure resource type
- etag String
- Etag of the azure resource
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified stringUtc - The last time that this alert rule has been modified.
- name string
- Azure resource name
- type string
- Azure resource type
- etag string
- Etag of the azure resource
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified_ strutc - The last time that this alert rule has been modified.
- name str
- Azure resource name
- type str
- Azure resource type
- etag str
- Etag of the azure resource
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc - The last time that this alert rule has been modified.
- name String
- Azure resource name
- type String
- Azure resource type
- etag String
- Etag of the azure resource
Supporting Types
AlertSeverity, AlertSeverityArgs
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- Alert
Severity High - HighHigh severity
- Alert
Severity Medium - MediumMedium severity
- Alert
Severity Low - LowLow severity
- Alert
Severity Informational - InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- HIGH
- HighHigh severity
- MEDIUM
- MediumMedium severity
- LOW
- LowLow severity
- INFORMATIONAL
- InformationalInformational severity
- "High"
- HighHigh severity
- "Medium"
- MediumMedium severity
- "Low"
- LowLow severity
- "Informational"
- InformationalInformational severity
AttackTactic, AttackTacticArgs
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- Attack
Tactic Reconnaissance - Reconnaissance
- Attack
Tactic Resource Development - ResourceDevelopment
- Attack
Tactic Initial Access - InitialAccess
- Attack
Tactic Execution - Execution
- Attack
Tactic Persistence - Persistence
- Attack
Tactic Privilege Escalation - PrivilegeEscalation
- Attack
Tactic Defense Evasion - DefenseEvasion
- Attack
Tactic Credential Access - CredentialAccess
- Attack
Tactic Discovery - Discovery
- Attack
Tactic Lateral Movement - LateralMovement
- Attack
Tactic Collection - Collection
- Attack
Tactic Exfiltration - Exfiltration
- Attack
Tactic Command And Control - CommandAndControl
- Attack
Tactic Impact - Impact
- Attack
Tactic Pre Attack - PreAttack
- Attack
Tactic Impair Process Control - ImpairProcessControl
- Attack
Tactic Inhibit Response Function - InhibitResponseFunction
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- RECONNAISSANCE
- Reconnaissance
- RESOURCE_DEVELOPMENT
- ResourceDevelopment
- INITIAL_ACCESS
- InitialAccess
- EXECUTION
- Execution
- PERSISTENCE
- Persistence
- PRIVILEGE_ESCALATION
- PrivilegeEscalation
- DEFENSE_EVASION
- DefenseEvasion
- CREDENTIAL_ACCESS
- CredentialAccess
- DISCOVERY
- Discovery
- LATERAL_MOVEMENT
- LateralMovement
- COLLECTION
- Collection
- EXFILTRATION
- Exfiltration
- COMMAND_AND_CONTROL
- CommandAndControl
- IMPACT
- Impact
- PRE_ATTACK
- PreAttack
- IMPAIR_PROCESS_CONTROL
- ImpairProcessControl
- INHIBIT_RESPONSE_FUNCTION
- InhibitResponseFunction
- "Reconnaissance"
- Reconnaissance
- "Resource
Development" - ResourceDevelopment
- "Initial
Access" - InitialAccess
- "Execution"
- Execution
- "Persistence"
- Persistence
- "Privilege
Escalation" - PrivilegeEscalation
- "Defense
Evasion" - DefenseEvasion
- "Credential
Access" - CredentialAccess
- "Discovery"
- Discovery
- "Lateral
Movement" - LateralMovement
- "Collection"
- Collection
- "Exfiltration"
- Exfiltration
- "Command
And Control" - CommandAndControl
- "Impact"
- Impact
- "Pre
Attack" - PreAttack
- "Impair
Process Control" - ImpairProcessControl
- "Inhibit
Response Function" - InhibitResponseFunction
TriggerOperator, TriggerOperatorArgs
- Greater
Than - GreaterThan
- Less
Than - LessThan
- Equal
- Equal
- Not
Equal - NotEqual
- Trigger
Operator Greater Than - GreaterThan
- Trigger
Operator Less Than - LessThan
- Trigger
Operator Equal - Equal
- Trigger
Operator Not Equal - NotEqual
- Greater
Than - GreaterThan
- Less
Than - LessThan
- Equal
- Equal
- Not
Equal - NotEqual
- Greater
Than - GreaterThan
- Less
Than - LessThan
- Equal
- Equal
- Not
Equal - NotEqual
- GREATER_THAN
- GreaterThan
- LESS_THAN
- LessThan
- EQUAL
- Equal
- NOT_EQUAL
- NotEqual
- "Greater
Than" - GreaterThan
- "Less
Than" - LessThan
- "Equal"
- Equal
- "Not
Equal" - NotEqual
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:ScheduledAlertRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi