azure-native.securityinsights.AutomationRule
Explore with Pulumi AI
Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-01-01-preview.
Other available API versions: 2019-01-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01.
Example Usage
AutomationRules_CreateOrUpdate
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
{
AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
ResourceGroupName = "myRg",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
AutomationRuleId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
ResourceGroupName: pulumi.String("myRg"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()
.automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.resourceGroupName("myRg")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
resource_group_name="myRg",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
resourceGroupName: "myRg",
workspaceName: "myWorkspace",
});
resources:
automationRule:
type: azure-native:securityinsights:AutomationRule
properties:
automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
resourceGroupName: myRg
workspaceName: myWorkspace
Create AutomationRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
@overload
def AutomationRule(resource_name: str,
args: AutomationRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AutomationRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
display_name: Optional[str] = None,
order: Optional[int] = None,
resource_group_name: Optional[str] = None,
triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
workspace_name: Optional[str] = None,
automation_rule_id: Optional[str] = None)
func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var automationRuleResource = new AzureNative.SecurityInsights.AutomationRule("automationRuleResource", new()
{
Actions = new[]
{
new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
{
ActionType = "ModifyProperties",
Order = 0,
ActionConfiguration = new AzureNative.SecurityInsights.Inputs.IncidentPropertiesActionArgs
{
Classification = "string",
ClassificationComment = "string",
ClassificationReason = "string",
Labels = new[]
{
new AzureNative.SecurityInsights.Inputs.IncidentLabelArgs
{
LabelName = "string",
},
},
Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
{
AssignedTo = "string",
Email = "string",
ObjectId = "string",
OwnerType = "string",
UserPrincipalName = "string",
},
Severity = "string",
Status = "string",
},
},
},
DisplayName = "string",
Order = 0,
ResourceGroupName = "string",
TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
{
IsEnabled = false,
TriggersOn = "string",
TriggersWhen = "string",
Conditions = new[]
{
new AzureNative.SecurityInsights.Inputs.PropertyArrayChangedConditionPropertiesArgs
{
ConditionType = "PropertyArrayChanged",
ConditionProperties = new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesConditionArgs
{
ArrayType = "string",
ChangeType = "string",
},
},
},
ExpirationTimeUtc = "string",
},
WorkspaceName = "string",
AutomationRuleId = "string",
});
example, err := securityinsights.NewAutomationRule(ctx, "automationRuleResource", &securityinsights.AutomationRuleArgs{
Actions: pulumi.Array{
securityinsights.AutomationRuleModifyPropertiesAction{
ActionType: "ModifyProperties",
Order: 0,
ActionConfiguration: securityinsights.IncidentPropertiesAction{
Classification: "string",
ClassificationComment: "string",
ClassificationReason: "string",
Labels: []securityinsights.IncidentLabel{
{
LabelName: "string",
},
},
Owner: securityinsights.IncidentOwnerInfo{
AssignedTo: "string",
Email: "string",
ObjectId: "string",
OwnerType: "string",
UserPrincipalName: "string",
},
Severity: "string",
Status: "string",
},
},
},
DisplayName: pulumi.String("string"),
Order: pulumi.Int(0),
ResourceGroupName: pulumi.String("string"),
TriggeringLogic: &securityinsights.AutomationRuleTriggeringLogicArgs{
IsEnabled: pulumi.Bool(false),
TriggersOn: pulumi.String("string"),
TriggersWhen: pulumi.String("string"),
Conditions: pulumi.Array{
securityinsights.PropertyArrayChangedConditionProperties{
ConditionType: "PropertyArrayChanged",
ConditionProperties: securityinsights.AutomationRulePropertyArrayChangedValuesCondition{
ArrayType: "string",
ChangeType: "string",
},
},
},
ExpirationTimeUtc: pulumi.String("string"),
},
WorkspaceName: pulumi.String("string"),
AutomationRuleId: pulumi.String("string"),
})
var automationRuleResource = new AutomationRule("automationRuleResource", AutomationRuleArgs.builder()
.actions(AutomationRuleModifyPropertiesActionArgs.builder()
.actionType("ModifyProperties")
.order(0)
.actionConfiguration(IncidentPropertiesActionArgs.builder()
.classification("string")
.classificationComment("string")
.classificationReason("string")
.labels(IncidentLabelArgs.builder()
.labelName("string")
.build())
.owner(IncidentOwnerInfoArgs.builder()
.assignedTo("string")
.email("string")
.objectId("string")
.ownerType("string")
.userPrincipalName("string")
.build())
.severity("string")
.status("string")
.build())
.build())
.displayName("string")
.order(0)
.resourceGroupName("string")
.triggeringLogic(AutomationRuleTriggeringLogicArgs.builder()
.isEnabled(false)
.triggersOn("string")
.triggersWhen("string")
.conditions(PropertyArrayChangedConditionPropertiesArgs.builder()
.conditionType("PropertyArrayChanged")
.conditionProperties(AutomationRulePropertyArrayChangedValuesConditionArgs.builder()
.arrayType("string")
.changeType("string")
.build())
.build())
.expirationTimeUtc("string")
.build())
.workspaceName("string")
.automationRuleId("string")
.build());
automation_rule_resource = azure_native.securityinsights.AutomationRule("automationRuleResource",
actions=[azure_native.securityinsights.AutomationRuleModifyPropertiesActionArgs(
action_type="ModifyProperties",
order=0,
action_configuration=azure_native.securityinsights.IncidentPropertiesActionArgs(
classification="string",
classification_comment="string",
classification_reason="string",
labels=[azure_native.securityinsights.IncidentLabelArgs(
label_name="string",
)],
owner=azure_native.securityinsights.IncidentOwnerInfoArgs(
assigned_to="string",
email="string",
object_id="string",
owner_type="string",
user_principal_name="string",
),
severity="string",
status="string",
),
)],
display_name="string",
order=0,
resource_group_name="string",
triggering_logic=azure_native.securityinsights.AutomationRuleTriggeringLogicArgs(
is_enabled=False,
triggers_on="string",
triggers_when="string",
conditions=[azure_native.securityinsights.PropertyArrayChangedConditionPropertiesArgs(
condition_type="PropertyArrayChanged",
condition_properties=azure_native.securityinsights.AutomationRulePropertyArrayChangedValuesConditionArgs(
array_type="string",
change_type="string",
),
)],
expiration_time_utc="string",
),
workspace_name="string",
automation_rule_id="string")
const automationRuleResource = new azure_native.securityinsights.AutomationRule("automationRuleResource", {
actions: [{
actionType: "ModifyProperties",
order: 0,
actionConfiguration: {
classification: "string",
classificationComment: "string",
classificationReason: "string",
labels: [{
labelName: "string",
}],
owner: {
assignedTo: "string",
email: "string",
objectId: "string",
ownerType: "string",
userPrincipalName: "string",
},
severity: "string",
status: "string",
},
}],
displayName: "string",
order: 0,
resourceGroupName: "string",
triggeringLogic: {
isEnabled: false,
triggersOn: "string",
triggersWhen: "string",
conditions: [{
conditionType: "PropertyArrayChanged",
conditionProperties: {
arrayType: "string",
changeType: "string",
},
}],
expirationTimeUtc: "string",
},
workspaceName: "string",
automationRuleId: "string",
});
type: azure-native:securityinsights:AutomationRule
properties:
actions:
- actionConfiguration:
classification: string
classificationComment: string
classificationReason: string
labels:
- labelName: string
owner:
assignedTo: string
email: string
objectId: string
ownerType: string
userPrincipalName: string
severity: string
status: string
actionType: ModifyProperties
order: 0
automationRuleId: string
displayName: string
order: 0
resourceGroupName: string
triggeringLogic:
conditions:
- conditionProperties:
arrayType: string
changeType: string
conditionType: PropertyArrayChanged
expirationTimeUtc: string
isEnabled: false
triggersOn: string
triggersWhen: string
workspaceName: string
AutomationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AutomationRule resource accepts the following input properties:
- Actions
List<Union<Pulumi.
Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action, Pulumi. Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Args>> - The actions to execute when the automation rule is triggered.
- Display
Name string - The display name of the automation rule.
- Order int
- The order of execution of the automation rule.
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Triggering
Logic Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Triggering Logic - Describes automation rule triggering logic.
- Workspace
Name string - The name of the workspace.
- Automation
Rule stringId - Automation rule ID
- Actions []interface{}
- The actions to execute when the automation rule is triggered.
- Display
Name string - The display name of the automation rule.
- Order int
- The order of execution of the automation rule.
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Triggering
Logic AutomationRule Triggering Logic Args - Describes automation rule triggering logic.
- Workspace
Name string - The name of the workspace.
- Automation
Rule stringId - Automation rule ID
- actions
List<Either<Automation
Rule Modify Properties Action,Automation Rule Run Playbook Action Args>> - The actions to execute when the automation rule is triggered.
- display
Name String - The display name of the automation rule.
- order Integer
- The order of execution of the automation rule.
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- triggering
Logic AutomationRule Triggering Logic - Describes automation rule triggering logic.
- workspace
Name String - The name of the workspace.
- automation
Rule StringId - Automation rule ID
- actions
(Automation
Rule Modify Properties Action | Automation Rule Run Playbook Action Args)[] - The actions to execute when the automation rule is triggered.
- display
Name string - The display name of the automation rule.
- order number
- The order of execution of the automation rule.
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- triggering
Logic AutomationRule Triggering Logic - Describes automation rule triggering logic.
- workspace
Name string - The name of the workspace.
- automation
Rule stringId - Automation rule ID
- actions
Sequence[Union[Automation
Rule Modify Properties Action Args, Automation Rule Run Playbook Action Args]] - The actions to execute when the automation rule is triggered.
- display_
name str - The display name of the automation rule.
- order int
- The order of execution of the automation rule.
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- triggering_
logic AutomationRule Triggering Logic Args - Describes automation rule triggering logic.
- workspace_
name str - The name of the workspace.
- automation_
rule_ strid - Automation rule ID
- actions List<Property Map | Property Map>
- The actions to execute when the automation rule is triggered.
- display
Name String - The display name of the automation rule.
- order Number
- The order of execution of the automation rule.
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- triggering
Logic Property Map - Describes automation rule triggering logic.
- workspace
Name String - The name of the workspace.
- automation
Rule StringId - Automation rule ID
Outputs
All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:
- Created
By Pulumi.Azure Native. Security Insights. Outputs. Client Info Response - Information on the client (user or application) that made some action
- Created
Time stringUtc - The time the automation rule was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified Pulumi.By Azure Native. Security Insights. Outputs. Client Info Response - Information on the client (user or application) that made some action
- Last
Modified stringTime Utc - The last time the automation rule was updated.
- Name string
- The name of the resource
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- Created
By ClientInfo Response - Information on the client (user or application) that made some action
- Created
Time stringUtc - The time the automation rule was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified ClientBy Info Response - Information on the client (user or application) that made some action
- Last
Modified stringTime Utc - The last time the automation rule was updated.
- Name string
- The name of the resource
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- created
By ClientInfo Response - Information on the client (user or application) that made some action
- created
Time StringUtc - The time the automation rule was created.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified ClientBy Info Response - Information on the client (user or application) that made some action
- last
Modified StringTime Utc - The last time the automation rule was updated.
- name String
- The name of the resource
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
- created
By ClientInfo Response - Information on the client (user or application) that made some action
- created
Time stringUtc - The time the automation rule was created.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified ClientBy Info Response - Information on the client (user or application) that made some action
- last
Modified stringTime Utc - The last time the automation rule was updated.
- name string
- The name of the resource
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag string
- Etag of the azure resource
- created_
by ClientInfo Response - Information on the client (user or application) that made some action
- created_
time_ strutc - The time the automation rule was created.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified_ Clientby Info Response - Information on the client (user or application) that made some action
- last_
modified_ strtime_ utc - The last time the automation rule was updated.
- name str
- The name of the resource
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag str
- Etag of the azure resource
- created
By Property Map - Information on the client (user or application) that made some action
- created
Time StringUtc - The time the automation rule was created.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified Property MapBy - Information on the client (user or application) that made some action
- last
Modified StringTime Utc - The last time the automation rule was updated.
- name String
- The name of the resource
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
Supporting Types
AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs
AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs
AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs
- Alerts
- AlertsEvaluate the condition on the alerts
- Labels
- LabelsEvaluate the condition on the labels
- Tactics
- TacticsEvaluate the condition on the tactics
- Comments
- CommentsEvaluate the condition on the comments
- Automation
Rule Property Array Changed Condition Supported Array Type Alerts - AlertsEvaluate the condition on the alerts
- Automation
Rule Property Array Changed Condition Supported Array Type Labels - LabelsEvaluate the condition on the labels
- Automation
Rule Property Array Changed Condition Supported Array Type Tactics - TacticsEvaluate the condition on the tactics
- Automation
Rule Property Array Changed Condition Supported Array Type Comments - CommentsEvaluate the condition on the comments
- Alerts
- AlertsEvaluate the condition on the alerts
- Labels
- LabelsEvaluate the condition on the labels
- Tactics
- TacticsEvaluate the condition on the tactics
- Comments
- CommentsEvaluate the condition on the comments
- Alerts
- AlertsEvaluate the condition on the alerts
- Labels
- LabelsEvaluate the condition on the labels
- Tactics
- TacticsEvaluate the condition on the tactics
- Comments
- CommentsEvaluate the condition on the comments
- ALERTS
- AlertsEvaluate the condition on the alerts
- LABELS
- LabelsEvaluate the condition on the labels
- TACTICS
- TacticsEvaluate the condition on the tactics
- COMMENTS
- CommentsEvaluate the condition on the comments
- "Alerts"
- AlertsEvaluate the condition on the alerts
- "Labels"
- LabelsEvaluate the condition on the labels
- "Tactics"
- TacticsEvaluate the condition on the tactics
- "Comments"
- CommentsEvaluate the condition on the comments
AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs
- Added
- AddedEvaluate the condition on items added to the array
- Automation
Rule Property Array Changed Condition Supported Change Type Added - AddedEvaluate the condition on items added to the array
- Added
- AddedEvaluate the condition on items added to the array
- Added
- AddedEvaluate the condition on items added to the array
- ADDED
- AddedEvaluate the condition on items added to the array
- "Added"
- AddedEvaluate the condition on items added to the array
AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs
- array
Type String | "Alerts" | "Labels" | "Tactics" | "Comments" - change
Type String | "Added"
AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs
- Array
Type string - Change
Type string
- Array
Type string - Change
Type string
- array
Type String - change
Type String
- array
Type string - change
Type string
- array_
type str - change_
type str
- array
Type String - change
Type String
AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs
- Changed
From - ChangedFromEvaluate the condition on the previous value of the property
- Changed
To - ChangedToEvaluate the condition on the updated value of the property
- Automation
Rule Property Changed Condition Supported Changed Type Changed From - ChangedFromEvaluate the condition on the previous value of the property
- Automation
Rule Property Changed Condition Supported Changed Type Changed To - ChangedToEvaluate the condition on the updated value of the property
- Changed
From - ChangedFromEvaluate the condition on the previous value of the property
- Changed
To - ChangedToEvaluate the condition on the updated value of the property
- Changed
From - ChangedFromEvaluate the condition on the previous value of the property
- Changed
To - ChangedToEvaluate the condition on the updated value of the property
- CHANGED_FROM
- ChangedFromEvaluate the condition on the previous value of the property
- CHANGED_TO
- ChangedToEvaluate the condition on the updated value of the property
- "Changed
From" - ChangedFromEvaluate the condition on the previous value of the property
- "Changed
To" - ChangedToEvaluate the condition on the updated value of the property
AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs
- Incident
Severity - IncidentSeverityEvaluate the condition on the incident severity
- Incident
Status - IncidentStatusEvaluate the condition on the incident status
- Incident
Owner - IncidentOwnerEvaluate the condition on the incident owner
- Automation
Rule Property Changed Condition Supported Property Type Incident Severity - IncidentSeverityEvaluate the condition on the incident severity
- Automation
Rule Property Changed Condition Supported Property Type Incident Status - IncidentStatusEvaluate the condition on the incident status
- Automation
Rule Property Changed Condition Supported Property Type Incident Owner - IncidentOwnerEvaluate the condition on the incident owner
- Incident
Severity - IncidentSeverityEvaluate the condition on the incident severity
- Incident
Status - IncidentStatusEvaluate the condition on the incident status
- Incident
Owner - IncidentOwnerEvaluate the condition on the incident owner
- Incident
Severity - IncidentSeverityEvaluate the condition on the incident severity
- Incident
Status - IncidentStatusEvaluate the condition on the incident status
- Incident
Owner - IncidentOwnerEvaluate the condition on the incident owner
- INCIDENT_SEVERITY
- IncidentSeverityEvaluate the condition on the incident severity
- INCIDENT_STATUS
- IncidentStatusEvaluate the condition on the incident status
- INCIDENT_OWNER
- IncidentOwnerEvaluate the condition on the incident owner
- "Incident
Severity" - IncidentSeverityEvaluate the condition on the incident severity
- "Incident
Status" - IncidentStatusEvaluate the condition on the incident status
- "Incident
Owner" - IncidentOwnerEvaluate the condition on the incident owner
AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs
- Equals
Value - EqualsEvaluates if the property equals at least one of the condition values
- Not
Equals - NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- Not
Contains - NotContainsEvaluates if the property does not contain any of the condition values
- Starts
With - StartsWithEvaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWithEvaluates if the property does not start with any of the condition values
- Ends
With - EndsWithEvaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWithEvaluates if the property does not end with any of the condition values
- Automation
Rule Property Condition Supported Operator Equals - EqualsEvaluates if the property equals at least one of the condition values
- Automation
Rule Property Condition Supported Operator Not Equals - NotEqualsEvaluates if the property does not equal any of the condition values
- Automation
Rule Property Condition Supported Operator Contains - ContainsEvaluates if the property contains at least one of the condition values
- Automation
Rule Property Condition Supported Operator Not Contains - NotContainsEvaluates if the property does not contain any of the condition values
- Automation
Rule Property Condition Supported Operator Starts With - StartsWithEvaluates if the property starts with any of the condition values
- Automation
Rule Property Condition Supported Operator Not Starts With - NotStartsWithEvaluates if the property does not start with any of the condition values
- Automation
Rule Property Condition Supported Operator Ends With - EndsWithEvaluates if the property ends with any of the condition values
- Automation
Rule Property Condition Supported Operator Not Ends With - NotEndsWithEvaluates if the property does not end with any of the condition values
- Equals
- EqualsEvaluates if the property equals at least one of the condition values
- Not
Equals - NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- Not
Contains - NotContainsEvaluates if the property does not contain any of the condition values
- Starts
With - StartsWithEvaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWithEvaluates if the property does not start with any of the condition values
- Ends
With - EndsWithEvaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWithEvaluates if the property does not end with any of the condition values
- Equals
- EqualsEvaluates if the property equals at least one of the condition values
- Not
Equals - NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- Not
Contains - NotContainsEvaluates if the property does not contain any of the condition values
- Starts
With - StartsWithEvaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWithEvaluates if the property does not start with any of the condition values
- Ends
With - EndsWithEvaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWithEvaluates if the property does not end with any of the condition values
- EQUALS
- EqualsEvaluates if the property equals at least one of the condition values
- NOT_EQUALS
- NotEqualsEvaluates if the property does not equal any of the condition values
- CONTAINS
- ContainsEvaluates if the property contains at least one of the condition values
- NOT_CONTAINS
- NotContainsEvaluates if the property does not contain any of the condition values
- STARTS_WITH
- StartsWithEvaluates if the property starts with any of the condition values
- NOT_STARTS_WITH
- NotStartsWithEvaluates if the property does not start with any of the condition values
- ENDS_WITH
- EndsWithEvaluates if the property ends with any of the condition values
- NOT_ENDS_WITH
- NotEndsWithEvaluates if the property does not end with any of the condition values
- "Equals"
- EqualsEvaluates if the property equals at least one of the condition values
- "Not
Equals" - NotEqualsEvaluates if the property does not equal any of the condition values
- "Contains"
- ContainsEvaluates if the property contains at least one of the condition values
- "Not
Contains" - NotContainsEvaluates if the property does not contain any of the condition values
- "Starts
With" - StartsWithEvaluates if the property starts with any of the condition values
- "Not
Starts With" - NotStartsWithEvaluates if the property does not start with any of the condition values
- "Ends
With" - EndsWithEvaluates if the property ends with any of the condition values
- "Not
Ends With" - NotEndsWithEvaluates if the property does not end with any of the condition values
AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs
- Incident
Title - IncidentTitleThe title of the incident
- Incident
Description - IncidentDescriptionThe description of the incident
- Incident
Severity - IncidentSeverityThe severity of the incident
- Incident
Status - IncidentStatusThe status of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- Incident
Tactics - IncidentTacticsThe tactics of the incident
- Incident
Label - IncidentLabelThe labels of the incident
- Incident
Provider Name - IncidentProviderNameThe provider name of the incident
- Incident
Updated By Source - IncidentUpdatedBySourceThe update source of the incident
- Account
Aad Tenant Id - AccountAadTenantIdThe account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserIdThe account Azure Active Directory user id
- Account
Name - AccountNameThe account name
- Account
NTDomain - AccountNTDomainThe account NetBIOS domain name
- Account
PUID - AccountPUIDThe account Azure Active Directory Passport User ID
- Account
Sid - AccountSidThe account security identifier
- Account
Object Guid - AccountObjectGuidThe account unique identifier
- Account
UPNSuffix - AccountUPNSuffixThe account user principal name suffix
- Alert
Product Names - AlertProductNamesThe name of the product of the alert
- Alert
Analytic Rule Ids - AlertAnalyticRuleIdsThe analytic rule ids of the alert
- Azure
Resource Resource Id - AzureResourceResourceIdThe Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionIdThe Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppIdThe cloud application identifier
- Cloud
Application App Name - CloudApplicationAppNameThe cloud application name
- DNSDomain
Name - DNSDomainNameThe dns record domain name
- File
Directory - FileDirectoryThe file directory full path
- File
Name - FileNameThe file name without path
- File
Hash Value - FileHashValueThe file hash value
- Host
Azure ID - HostAzureIDThe host Azure resource id
- Host
Name - HostNameThe host name without domain
- Host
Net Bios Name - HostNetBiosNameThe host NetBIOS name
- Host
NTDomain - HostNTDomainThe host NT domain
- Host
OSVersion - HostOSVersionThe host operating system
- Io
TDevice Id - IoTDeviceId"The IoT device id
- Io
TDevice Name - IoTDeviceNameThe IoT device name
- Io
TDevice Type - IoTDeviceTypeThe IoT device type
- Io
TDevice Vendor - IoTDeviceVendorThe IoT device vendor
- Io
TDevice Model - IoTDeviceModelThe IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- Mailbox
Display Name - MailboxDisplayNameThe mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddressThe mailbox primary address
- Mailbox
UPN - MailboxUPNThe mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryActionThe mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocationThe mail message delivery location
- Mail
Message Recipient - MailMessageRecipientThe mail message recipient
- Mail
Message Sender IP - MailMessageSenderIPThe mail message sender IP address
- Mail
Message Subject - MailMessageSubjectThe mail message subject
- Mail
Message P1Sender - MailMessageP1SenderThe mail message P1 sender
- Mail
Message P2Sender - MailMessageP2SenderThe mail message P2 sender
- Malware
Category - MalwareCategoryThe malware category
- Malware
Name - MalwareNameThe malware name
- Process
Command Line - ProcessCommandLineThe process execution command line
- Process
Id - ProcessIdThe process id
- Registry
Key - RegistryKeyThe registry key path
- Registry
Value Data - RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- Automation
Rule Property Condition Supported Property Incident Title - IncidentTitleThe title of the incident
- Automation
Rule Property Condition Supported Property Incident Description - IncidentDescriptionThe description of the incident
- Automation
Rule Property Condition Supported Property Incident Severity - IncidentSeverityThe severity of the incident
- Automation
Rule Property Condition Supported Property Incident Status - IncidentStatusThe status of the incident
- Automation
Rule Property Condition Supported Property Incident Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- Automation
Rule Property Condition Supported Property Incident Tactics - IncidentTacticsThe tactics of the incident
- Automation
Rule Property Condition Supported Property Incident Label - IncidentLabelThe labels of the incident
- Automation
Rule Property Condition Supported Property Incident Provider Name - IncidentProviderNameThe provider name of the incident
- Automation
Rule Property Condition Supported Property Incident Updated By Source - IncidentUpdatedBySourceThe update source of the incident
- Automation
Rule Property Condition Supported Property Account Aad Tenant Id - AccountAadTenantIdThe account Azure Active Directory tenant id
- Automation
Rule Property Condition Supported Property Account Aad User Id - AccountAadUserIdThe account Azure Active Directory user id
- Automation
Rule Property Condition Supported Property Account Name - AccountNameThe account name
- Automation
Rule Property Condition Supported Property Account NTDomain - AccountNTDomainThe account NetBIOS domain name
- Automation
Rule Property Condition Supported Property Account PUID - AccountPUIDThe account Azure Active Directory Passport User ID
- Automation
Rule Property Condition Supported Property Account Sid - AccountSidThe account security identifier
- Automation
Rule Property Condition Supported Property Account Object Guid - AccountObjectGuidThe account unique identifier
- Automation
Rule Property Condition Supported Property Account UPNSuffix - AccountUPNSuffixThe account user principal name suffix
- Automation
Rule Property Condition Supported Property Alert Product Names - AlertProductNamesThe name of the product of the alert
- Automation
Rule Property Condition Supported Property Alert Analytic Rule Ids - AlertAnalyticRuleIdsThe analytic rule ids of the alert
- Automation
Rule Property Condition Supported Property Azure Resource Resource Id - AzureResourceResourceIdThe Azure resource id
- Automation
Rule Property Condition Supported Property Azure Resource Subscription Id - AzureResourceSubscriptionIdThe Azure resource subscription id
- Automation
Rule Property Condition Supported Property Cloud Application App Id - CloudApplicationAppIdThe cloud application identifier
- Automation
Rule Property Condition Supported Property Cloud Application App Name - CloudApplicationAppNameThe cloud application name
- Automation
Rule Property Condition Supported Property DNSDomain Name - DNSDomainNameThe dns record domain name
- Automation
Rule Property Condition Supported Property File Directory - FileDirectoryThe file directory full path
- Automation
Rule Property Condition Supported Property File Name - FileNameThe file name without path
- Automation
Rule Property Condition Supported Property File Hash Value - FileHashValueThe file hash value
- Automation
Rule Property Condition Supported Property Host Azure ID - HostAzureIDThe host Azure resource id
- Automation
Rule Property Condition Supported Property Host Name - HostNameThe host name without domain
- Automation
Rule Property Condition Supported Property Host Net Bios Name - HostNetBiosNameThe host NetBIOS name
- Automation
Rule Property Condition Supported Property Host NTDomain - HostNTDomainThe host NT domain
- Automation
Rule Property Condition Supported Property Host OSVersion - HostOSVersionThe host operating system
- Automation
Rule Property Condition Supported Property Io TDevice Id - IoTDeviceId"The IoT device id
- Automation
Rule Property Condition Supported Property Io TDevice Name - IoTDeviceNameThe IoT device name
- Automation
Rule Property Condition Supported Property Io TDevice Type - IoTDeviceTypeThe IoT device type
- Automation
Rule Property Condition Supported Property Io TDevice Vendor - IoTDeviceVendorThe IoT device vendor
- Automation
Rule Property Condition Supported Property Io TDevice Model - IoTDeviceModelThe IoT device model
- Automation
Rule Property Condition Supported Property Io TDevice Operating System - IoTDeviceOperatingSystemThe IoT device operating system
- Automation
Rule Property Condition Supported Property IPAddress - IPAddressThe IP address
- Automation
Rule Property Condition Supported Property Mailbox Display Name - MailboxDisplayNameThe mailbox display name
- Automation
Rule Property Condition Supported Property Mailbox Primary Address - MailboxPrimaryAddressThe mailbox primary address
- Automation
Rule Property Condition Supported Property Mailbox UPN - MailboxUPNThe mailbox user principal name
- Automation
Rule Property Condition Supported Property Mail Message Delivery Action - MailMessageDeliveryActionThe mail message delivery action
- Automation
Rule Property Condition Supported Property Mail Message Delivery Location - MailMessageDeliveryLocationThe mail message delivery location
- Automation
Rule Property Condition Supported Property Mail Message Recipient - MailMessageRecipientThe mail message recipient
- Automation
Rule Property Condition Supported Property Mail Message Sender IP - MailMessageSenderIPThe mail message sender IP address
- Automation
Rule Property Condition Supported Property Mail Message Subject - MailMessageSubjectThe mail message subject
- Automation
Rule Property Condition Supported Property Mail Message P1Sender - MailMessageP1SenderThe mail message P1 sender
- Automation
Rule Property Condition Supported Property Mail Message P2Sender - MailMessageP2SenderThe mail message P2 sender
- Automation
Rule Property Condition Supported Property Malware Category - MalwareCategoryThe malware category
- Automation
Rule Property Condition Supported Property Malware Name - MalwareNameThe malware name
- Automation
Rule Property Condition Supported Property Process Command Line - ProcessCommandLineThe process execution command line
- Automation
Rule Property Condition Supported Property Process Id - ProcessIdThe process id
- Automation
Rule Property Condition Supported Property Registry Key - RegistryKeyThe registry key path
- Automation
Rule Property Condition Supported Property Registry Value Data - RegistryValueDataThe registry key value in string formatted representation
- Automation
Rule Property Condition Supported Property Url - UrlThe url
- Incident
Title - IncidentTitleThe title of the incident
- Incident
Description - IncidentDescriptionThe description of the incident
- Incident
Severity - IncidentSeverityThe severity of the incident
- Incident
Status - IncidentStatusThe status of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- Incident
Tactics - IncidentTacticsThe tactics of the incident
- Incident
Label - IncidentLabelThe labels of the incident
- Incident
Provider Name - IncidentProviderNameThe provider name of the incident
- Incident
Updated By Source - IncidentUpdatedBySourceThe update source of the incident
- Account
Aad Tenant Id - AccountAadTenantIdThe account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserIdThe account Azure Active Directory user id
- Account
Name - AccountNameThe account name
- Account
NTDomain - AccountNTDomainThe account NetBIOS domain name
- Account
PUID - AccountPUIDThe account Azure Active Directory Passport User ID
- Account
Sid - AccountSidThe account security identifier
- Account
Object Guid - AccountObjectGuidThe account unique identifier
- Account
UPNSuffix - AccountUPNSuffixThe account user principal name suffix
- Alert
Product Names - AlertProductNamesThe name of the product of the alert
- Alert
Analytic Rule Ids - AlertAnalyticRuleIdsThe analytic rule ids of the alert
- Azure
Resource Resource Id - AzureResourceResourceIdThe Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionIdThe Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppIdThe cloud application identifier
- Cloud
Application App Name - CloudApplicationAppNameThe cloud application name
- DNSDomain
Name - DNSDomainNameThe dns record domain name
- File
Directory - FileDirectoryThe file directory full path
- File
Name - FileNameThe file name without path
- File
Hash Value - FileHashValueThe file hash value
- Host
Azure ID - HostAzureIDThe host Azure resource id
- Host
Name - HostNameThe host name without domain
- Host
Net Bios Name - HostNetBiosNameThe host NetBIOS name
- Host
NTDomain - HostNTDomainThe host NT domain
- Host
OSVersion - HostOSVersionThe host operating system
- Io
TDevice Id - IoTDeviceId"The IoT device id
- Io
TDevice Name - IoTDeviceNameThe IoT device name
- Io
TDevice Type - IoTDeviceTypeThe IoT device type
- Io
TDevice Vendor - IoTDeviceVendorThe IoT device vendor
- Io
TDevice Model - IoTDeviceModelThe IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- Mailbox
Display Name - MailboxDisplayNameThe mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddressThe mailbox primary address
- Mailbox
UPN - MailboxUPNThe mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryActionThe mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocationThe mail message delivery location
- Mail
Message Recipient - MailMessageRecipientThe mail message recipient
- Mail
Message Sender IP - MailMessageSenderIPThe mail message sender IP address
- Mail
Message Subject - MailMessageSubjectThe mail message subject
- Mail
Message P1Sender - MailMessageP1SenderThe mail message P1 sender
- Mail
Message P2Sender - MailMessageP2SenderThe mail message P2 sender
- Malware
Category - MalwareCategoryThe malware category
- Malware
Name - MalwareNameThe malware name
- Process
Command Line - ProcessCommandLineThe process execution command line
- Process
Id - ProcessIdThe process id
- Registry
Key - RegistryKeyThe registry key path
- Registry
Value Data - RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- Incident
Title - IncidentTitleThe title of the incident
- Incident
Description - IncidentDescriptionThe description of the incident
- Incident
Severity - IncidentSeverityThe severity of the incident
- Incident
Status - IncidentStatusThe status of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- Incident
Tactics - IncidentTacticsThe tactics of the incident
- Incident
Label - IncidentLabelThe labels of the incident
- Incident
Provider Name - IncidentProviderNameThe provider name of the incident
- Incident
Updated By Source - IncidentUpdatedBySourceThe update source of the incident
- Account
Aad Tenant Id - AccountAadTenantIdThe account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserIdThe account Azure Active Directory user id
- Account
Name - AccountNameThe account name
- Account
NTDomain - AccountNTDomainThe account NetBIOS domain name
- Account
PUID - AccountPUIDThe account Azure Active Directory Passport User ID
- Account
Sid - AccountSidThe account security identifier
- Account
Object Guid - AccountObjectGuidThe account unique identifier
- Account
UPNSuffix - AccountUPNSuffixThe account user principal name suffix
- Alert
Product Names - AlertProductNamesThe name of the product of the alert
- Alert
Analytic Rule Ids - AlertAnalyticRuleIdsThe analytic rule ids of the alert
- Azure
Resource Resource Id - AzureResourceResourceIdThe Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionIdThe Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppIdThe cloud application identifier
- Cloud
Application App Name - CloudApplicationAppNameThe cloud application name
- DNSDomain
Name - DNSDomainNameThe dns record domain name
- File
Directory - FileDirectoryThe file directory full path
- File
Name - FileNameThe file name without path
- File
Hash Value - FileHashValueThe file hash value
- Host
Azure ID - HostAzureIDThe host Azure resource id
- Host
Name - HostNameThe host name without domain
- Host
Net Bios Name - HostNetBiosNameThe host NetBIOS name
- Host
NTDomain - HostNTDomainThe host NT domain
- Host
OSVersion - HostOSVersionThe host operating system
- Io
TDevice Id - IoTDeviceId"The IoT device id
- Io
TDevice Name - IoTDeviceNameThe IoT device name
- Io
TDevice Type - IoTDeviceTypeThe IoT device type
- Io
TDevice Vendor - IoTDeviceVendorThe IoT device vendor
- Io
TDevice Model - IoTDeviceModelThe IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- Mailbox
Display Name - MailboxDisplayNameThe mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddressThe mailbox primary address
- Mailbox
UPN - MailboxUPNThe mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryActionThe mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocationThe mail message delivery location
- Mail
Message Recipient - MailMessageRecipientThe mail message recipient
- Mail
Message Sender IP - MailMessageSenderIPThe mail message sender IP address
- Mail
Message Subject - MailMessageSubjectThe mail message subject
- Mail
Message P1Sender - MailMessageP1SenderThe mail message P1 sender
- Mail
Message P2Sender - MailMessageP2SenderThe mail message P2 sender
- Malware
Category - MalwareCategoryThe malware category
- Malware
Name - MalwareNameThe malware name
- Process
Command Line - ProcessCommandLineThe process execution command line
- Process
Id - ProcessIdThe process id
- Registry
Key - RegistryKeyThe registry key path
- Registry
Value Data - RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- INCIDENT_TITLE
- IncidentTitleThe title of the incident
- INCIDENT_DESCRIPTION
- IncidentDescriptionThe description of the incident
- INCIDENT_SEVERITY
- IncidentSeverityThe severity of the incident
- INCIDENT_STATUS
- IncidentStatusThe status of the incident
- INCIDENT_RELATED_ANALYTIC_RULE_IDS
- IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- INCIDENT_TACTICS
- IncidentTacticsThe tactics of the incident
- INCIDENT_LABEL
- IncidentLabelThe labels of the incident
- INCIDENT_PROVIDER_NAME
- IncidentProviderNameThe provider name of the incident
- INCIDENT_UPDATED_BY_SOURCE
- IncidentUpdatedBySourceThe update source of the incident
- ACCOUNT_AAD_TENANT_ID
- AccountAadTenantIdThe account Azure Active Directory tenant id
- ACCOUNT_AAD_USER_ID
- AccountAadUserIdThe account Azure Active Directory user id
- ACCOUNT_NAME
- AccountNameThe account name
- ACCOUNT_NT_DOMAIN
- AccountNTDomainThe account NetBIOS domain name
- ACCOUNT_PUID
- AccountPUIDThe account Azure Active Directory Passport User ID
- ACCOUNT_SID
- AccountSidThe account security identifier
- ACCOUNT_OBJECT_GUID
- AccountObjectGuidThe account unique identifier
- ACCOUNT_UPN_SUFFIX
- AccountUPNSuffixThe account user principal name suffix
- ALERT_PRODUCT_NAMES
- AlertProductNamesThe name of the product of the alert
- ALERT_ANALYTIC_RULE_IDS
- AlertAnalyticRuleIdsThe analytic rule ids of the alert
- AZURE_RESOURCE_RESOURCE_ID
- AzureResourceResourceIdThe Azure resource id
- AZURE_RESOURCE_SUBSCRIPTION_ID
- AzureResourceSubscriptionIdThe Azure resource subscription id
- CLOUD_APPLICATION_APP_ID
- CloudApplicationAppIdThe cloud application identifier
- CLOUD_APPLICATION_APP_NAME
- CloudApplicationAppNameThe cloud application name
- DNS_DOMAIN_NAME
- DNSDomainNameThe dns record domain name
- FILE_DIRECTORY
- FileDirectoryThe file directory full path
- FILE_NAME
- FileNameThe file name without path
- FILE_HASH_VALUE
- FileHashValueThe file hash value
- HOST_AZURE_ID
- HostAzureIDThe host Azure resource id
- HOST_NAME
- HostNameThe host name without domain
- HOST_NET_BIOS_NAME
- HostNetBiosNameThe host NetBIOS name
- HOST_NT_DOMAIN
- HostNTDomainThe host NT domain
- HOST_OS_VERSION
- HostOSVersionThe host operating system
- IO_T_DEVICE_ID
- IoTDeviceId"The IoT device id
- IO_T_DEVICE_NAME
- IoTDeviceNameThe IoT device name
- IO_T_DEVICE_TYPE
- IoTDeviceTypeThe IoT device type
- IO_T_DEVICE_VENDOR
- IoTDeviceVendorThe IoT device vendor
- IO_T_DEVICE_MODEL
- IoTDeviceModelThe IoT device model
- IO_T_DEVICE_OPERATING_SYSTEM
- IoTDeviceOperatingSystemThe IoT device operating system
- IP_ADDRESS
- IPAddressThe IP address
- MAILBOX_DISPLAY_NAME
- MailboxDisplayNameThe mailbox display name
- MAILBOX_PRIMARY_ADDRESS
- MailboxPrimaryAddressThe mailbox primary address
- MAILBOX_UPN
- MailboxUPNThe mailbox user principal name
- MAIL_MESSAGE_DELIVERY_ACTION
- MailMessageDeliveryActionThe mail message delivery action
- MAIL_MESSAGE_DELIVERY_LOCATION
- MailMessageDeliveryLocationThe mail message delivery location
- MAIL_MESSAGE_RECIPIENT
- MailMessageRecipientThe mail message recipient
- MAIL_MESSAGE_SENDER_IP
- MailMessageSenderIPThe mail message sender IP address
- MAIL_MESSAGE_SUBJECT
- MailMessageSubjectThe mail message subject
- MAIL_MESSAGE_P1_SENDER
- MailMessageP1SenderThe mail message P1 sender
- MAIL_MESSAGE_P2_SENDER
- MailMessageP2SenderThe mail message P2 sender
- MALWARE_CATEGORY
- MalwareCategoryThe malware category
- MALWARE_NAME
- MalwareNameThe malware name
- PROCESS_COMMAND_LINE
- ProcessCommandLineThe process execution command line
- PROCESS_ID
- ProcessIdThe process id
- REGISTRY_KEY
- RegistryKeyThe registry key path
- REGISTRY_VALUE_DATA
- RegistryValueDataThe registry key value in string formatted representation
- URL
- UrlThe url
- "Incident
Title" - IncidentTitleThe title of the incident
- "Incident
Description" - IncidentDescriptionThe description of the incident
- "Incident
Severity" - IncidentSeverityThe severity of the incident
- "Incident
Status" - IncidentStatusThe status of the incident
- "Incident
Related Analytic Rule Ids" - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- "Incident
Tactics" - IncidentTacticsThe tactics of the incident
- "Incident
Label" - IncidentLabelThe labels of the incident
- "Incident
Provider Name" - IncidentProviderNameThe provider name of the incident
- "Incident
Updated By Source" - IncidentUpdatedBySourceThe update source of the incident
- "Account
Aad Tenant Id" - AccountAadTenantIdThe account Azure Active Directory tenant id
- "Account
Aad User Id" - AccountAadUserIdThe account Azure Active Directory user id
- "Account
Name" - AccountNameThe account name
- "Account
NTDomain" - AccountNTDomainThe account NetBIOS domain name
- "Account
PUID" - AccountPUIDThe account Azure Active Directory Passport User ID
- "Account
Sid" - AccountSidThe account security identifier
- "Account
Object Guid" - AccountObjectGuidThe account unique identifier
- "Account
UPNSuffix" - AccountUPNSuffixThe account user principal name suffix
- "Alert
Product Names" - AlertProductNamesThe name of the product of the alert
- "Alert
Analytic Rule Ids" - AlertAnalyticRuleIdsThe analytic rule ids of the alert
- "Azure
Resource Resource Id" - AzureResourceResourceIdThe Azure resource id
- "Azure
Resource Subscription Id" - AzureResourceSubscriptionIdThe Azure resource subscription id
- "Cloud
Application App Id" - CloudApplicationAppIdThe cloud application identifier
- "Cloud
Application App Name" - CloudApplicationAppNameThe cloud application name
- "DNSDomain
Name" - DNSDomainNameThe dns record domain name
- "File
Directory" - FileDirectoryThe file directory full path
- "File
Name" - FileNameThe file name without path
- "File
Hash Value" - FileHashValueThe file hash value
- "Host
Azure ID" - HostAzureIDThe host Azure resource id
- "Host
Name" - HostNameThe host name without domain
- "Host
Net Bios Name" - HostNetBiosNameThe host NetBIOS name
- "Host
NTDomain" - HostNTDomainThe host NT domain
- "Host
OSVersion" - HostOSVersionThe host operating system
- "Io
TDevice Id" - IoTDeviceId"The IoT device id
- "Io
TDevice Name" - IoTDeviceNameThe IoT device name
- "Io
TDevice Type" - IoTDeviceTypeThe IoT device type
- "Io
TDevice Vendor" - IoTDeviceVendorThe IoT device vendor
- "Io
TDevice Model" - IoTDeviceModelThe IoT device model
- "Io
TDevice Operating System" - IoTDeviceOperatingSystemThe IoT device operating system
- "IPAddress"
- IPAddressThe IP address
- "Mailbox
Display Name" - MailboxDisplayNameThe mailbox display name
- "Mailbox
Primary Address" - MailboxPrimaryAddressThe mailbox primary address
- "Mailbox
UPN" - MailboxUPNThe mailbox user principal name
- "Mail
Message Delivery Action" - MailMessageDeliveryActionThe mail message delivery action
- "Mail
Message Delivery Location" - MailMessageDeliveryLocationThe mail message delivery location
- "Mail
Message Recipient" - MailMessageRecipientThe mail message recipient
- "Mail
Message Sender IP" - MailMessageSenderIPThe mail message sender IP address
- "Mail
Message Subject" - MailMessageSubjectThe mail message subject
- "Mail
Message P1Sender" - MailMessageP1SenderThe mail message P1 sender
- "Mail
Message P2Sender" - MailMessageP2SenderThe mail message P2 sender
- "Malware
Category" - MalwareCategoryThe malware category
- "Malware
Name" - MalwareNameThe malware name
- "Process
Command Line" - ProcessCommandLineThe process execution command line
- "Process
Id" - ProcessIdThe process id
- "Registry
Key" - RegistryKeyThe registry key path
- "Registry
Value Data" - RegistryValueDataThe registry key value in string formatted representation
- "Url"
- UrlThe url
AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs
- Change
Type string | Pulumi.Azure Native. Security Insights. Automation Rule Property Changed Condition Supported Changed Type - Operator
string | Pulumi.
Azure Native. Security Insights. Automation Rule Property Condition Supported Operator - Property
Name string | Pulumi.Azure Native. Security Insights. Automation Rule Property Changed Condition Supported Property Type - Property
Values List<string>
AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs
- Change
Type string - Operator string
- Property
Name string - Property
Values List<string>
- Change
Type string - Operator string
- Property
Name string - Property
Values []string
- change
Type String - operator String
- property
Name String - property
Values List<String>
- change
Type string - operator string
- property
Name string - property
Values string[]
- change_
type str - operator str
- property_
name str - property_
values Sequence[str]
- change
Type String - operator String
- property
Name String - property
Values List<String>
AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs
- Operator
string | Pulumi.
Azure Native. Security Insights. Automation Rule Property Condition Supported Operator - Property
Name string | Pulumi.Azure Native. Security Insights. Automation Rule Property Condition Supported Property - The property to evaluate in an automation rule property condition.
- Property
Values List<string>
- Operator
string | Automation
Rule Property Condition Supported Operator - Property
Name string | AutomationRule Property Condition Supported Property - The property to evaluate in an automation rule property condition.
- Property
Values []string
- operator
String | Automation
Rule Property Condition Supported Operator - property
Name String | AutomationRule Property Condition Supported Property - The property to evaluate in an automation rule property condition.
- property
Values List<String>
- operator
string | Automation
Rule Property Condition Supported Operator - property
Name string | AutomationRule Property Condition Supported Property - The property to evaluate in an automation rule property condition.
- property
Values string[]
- operator
str | Automation
Rule Property Condition Supported Operator - property_
name str | AutomationRule Property Condition Supported Property - The property to evaluate in an automation rule property condition.
- property_
values Sequence[str]
- operator
String | "Equals" | "Not
Equals" | "Contains" | "Not Contains" | "Starts With" | "Not Starts With" | "Ends With" | "Not Ends With" - property
Name String | "IncidentTitle" | "Incident Description" | "Incident Severity" | "Incident Status" | "Incident Related Analytic Rule Ids" | "Incident Tactics" | "Incident Label" | "Incident Provider Name" | "Incident Updated By Source" | "Account Aad Tenant Id" | "Account Aad User Id" | "Account Name" | "Account NTDomain" | "Account PUID" | "Account Sid" | "Account Object Guid" | "Account UPNSuffix" | "Alert Product Names" | "Alert Analytic Rule Ids" | "Azure Resource Resource Id" | "Azure Resource Subscription Id" | "Cloud Application App Id" | "Cloud Application App Name" | "DNSDomain Name" | "File Directory" | "File Name" | "File Hash Value" | "Host Azure ID" | "Host Name" | "Host Net Bios Name" | "Host NTDomain" | "Host OSVersion" | "Io TDevice Id" | "Io TDevice Name" | "Io TDevice Type" | "Io TDevice Vendor" | "Io TDevice Model" | "Io TDevice Operating System" | "IPAddress" | "Mailbox Display Name" | "Mailbox Primary Address" | "Mailbox UPN" | "Mail Message Delivery Action" | "Mail Message Delivery Location" | "Mail Message Recipient" | "Mail Message Sender IP" | "Mail Message Subject" | "Mail Message P1Sender" | "Mail Message P2Sender" | "Malware Category" | "Malware Name" | "Process Command Line" | "Process Id" | "Registry Key" | "Registry Value Data" | "Url" - The property to evaluate in an automation rule property condition.
- property
Values List<String>
AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs
- Operator string
- Property
Name string - The property to evaluate in an automation rule property condition.
- Property
Values List<string>
- Operator string
- Property
Name string - The property to evaluate in an automation rule property condition.
- Property
Values []string
- operator String
- property
Name String - The property to evaluate in an automation rule property condition.
- property
Values List<String>
- operator string
- property
Name string - The property to evaluate in an automation rule property condition.
- property
Values string[]
- operator str
- property_
name str - The property to evaluate in an automation rule property condition.
- property_
values Sequence[str]
- operator String
- property
Name String - The property to evaluate in an automation rule property condition.
- property
Values List<String>
AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs
AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs
AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs
- Is
Enabled bool - Determines whether the automation rule is enabled or disabled.
- Triggers
On string | Pulumi.Azure Native. Security Insights. Triggers On - Triggers
When string | Pulumi.Azure Native. Security Insights. Triggers When - Conditions List<object>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- Expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- Is
Enabled bool - Determines whether the automation rule is enabled or disabled.
- Triggers
On string | TriggersOn - Triggers
When string | TriggersWhen - Conditions []interface{}
- The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- Expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On String | TriggersOn - triggers
When String | TriggersWhen - conditions List<Object>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time StringUtc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On string | TriggersOn - triggers
When string | TriggersWhen - conditions
(Property
Array Changed Condition Properties | Property Changed Condition Properties | Property Condition Properties)[] - The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- is_
enabled bool - Determines whether the automation rule is enabled or disabled.
- triggers_
on str | TriggersOn - triggers_
when str | TriggersWhen - conditions
Sequence[Union[Property
Array Changed Condition Properties, Property Changed Condition Properties, Property Condition Properties]] - The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration_
time_ strutc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On String | "Incidents" | "Alerts" - triggers
When String | "Created" | "Updated" - conditions List<Property Map | Property Map | Property Map>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time StringUtc - Determines when the automation rule should automatically expire and be disabled.
AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs
- Is
Enabled bool - Determines whether the automation rule is enabled or disabled.
- Triggers
On string - Triggers
When string - Conditions List<object>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- Expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- Is
Enabled bool - Determines whether the automation rule is enabled or disabled.
- Triggers
On string - Triggers
When string - Conditions []interface{}
- The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- Expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On String - triggers
When String - conditions List<Object>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time StringUtc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On string - triggers
When string - conditions
(Property
Array Changed Condition Properties Response | Property Changed Condition Properties Response | Property Condition Properties Response)[] - The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- is_
enabled bool - Determines whether the automation rule is enabled or disabled.
- triggers_
on str - triggers_
when str - conditions
Sequence[Union[Property
Array Changed Condition Properties Response, Property Changed Condition Properties Response, Property Condition Properties Response]] - The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration_
time_ strutc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On String - triggers
When String - conditions List<Property Map | Property Map | Property Map>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time StringUtc - Determines when the automation rule should automatically expire and be disabled.
ClientInfoResponse, ClientInfoResponseArgs
- Email string
- The email of the client.
- Name string
- The name of the client.
- Object
Id string - The object id of the client.
- User
Principal stringName - The user principal name of the client.
- Email string
- The email of the client.
- Name string
- The name of the client.
- Object
Id string - The object id of the client.
- User
Principal stringName - The user principal name of the client.
- email String
- The email of the client.
- name String
- The name of the client.
- object
Id String - The object id of the client.
- user
Principal StringName - The user principal name of the client.
- email string
- The email of the client.
- name string
- The name of the client.
- object
Id string - The object id of the client.
- user
Principal stringName - The user principal name of the client.
- email str
- The email of the client.
- name str
- The name of the client.
- object_
id str - The object id of the client.
- user_
principal_ strname - The user principal name of the client.
- email String
- The email of the client.
- name String
- The name of the client.
- object
Id String - The object id of the client.
- user
Principal StringName - The user principal name of the client.
IncidentClassification, IncidentClassificationArgs
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- Incident
Classification Undetermined - UndeterminedIncident classification was undetermined
- Incident
Classification True Positive - TruePositiveIncident was true positive
- Incident
Classification Benign Positive - BenignPositiveIncident was benign positive
- Incident
Classification False Positive - FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- UNDETERMINED
- UndeterminedIncident classification was undetermined
- TRUE_POSITIVE
- TruePositiveIncident was true positive
- BENIGN_POSITIVE
- BenignPositiveIncident was benign positive
- FALSE_POSITIVE
- FalsePositiveIncident was false positive
- "Undetermined"
- UndeterminedIncident classification was undetermined
- "True
Positive" - TruePositiveIncident was true positive
- "Benign
Positive" - BenignPositiveIncident was benign positive
- "False
Positive" - FalsePositiveIncident was false positive
IncidentClassificationReason, IncidentClassificationReasonArgs
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- Incident
Classification Reason Suspicious Activity - SuspiciousActivityClassification reason was suspicious activity
- Incident
Classification Reason Suspicious But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incident
Classification Reason Incorrect Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Incident
Classification Reason Inaccurate Data - InaccurateDataClassification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- SUSPICIOUS_ACTIVITY
- SuspiciousActivityClassification reason was suspicious activity
- SUSPICIOUS_BUT_EXPECTED
- SuspiciousButExpectedClassification reason was suspicious but expected
- INCORRECT_ALERT_LOGIC
- IncorrectAlertLogicClassification reason was incorrect alert logic
- INACCURATE_DATA
- InaccurateDataClassification reason was inaccurate data
- "Suspicious
Activity" - SuspiciousActivityClassification reason was suspicious activity
- "Suspicious
But Expected" - SuspiciousButExpectedClassification reason was suspicious but expected
- "Incorrect
Alert Logic" - IncorrectAlertLogicClassification reason was incorrect alert logic
- "Inaccurate
Data" - InaccurateDataClassification reason was inaccurate data
IncidentLabel, IncidentLabelArgs
- Label
Name string - The name of the label
- Label
Name string - The name of the label
- label
Name String - The name of the label
- label
Name string - The name of the label
- label_
name str - The name of the label
- label
Name String - The name of the label
IncidentLabelResponse, IncidentLabelResponseArgs
- label_
name str - The name of the label
- label_
type str - The type of the label
IncidentOwnerInfo, IncidentOwnerInfoArgs
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string | Pulumi.Azure Native. Security Insights. Owner Type - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string | OwnerType - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String | OwnerType - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- owner
Type string | OwnerType - The type of the owner the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- owner_
type str | OwnerType - The type of the owner the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String | "Unknown" | "User" | "Group" - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- owner
Type string - The type of the owner the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- owner_
type str - The type of the owner the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
IncidentPropertiesAction, IncidentPropertiesActionArgs
- Classification
string | Pulumi.
Azure Native. Security Insights. Incident Classification - The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed.
- Classification
Reason string | Pulumi.Azure Native. Security Insights. Incident Classification Reason - The classification reason the incident was closed with
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label> - List of labels to add to the incident.
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info - Information on the user an incident is assigned to
- Severity
string | Pulumi.
Azure Native. Security Insights. Incident Severity - The severity of the incident
- Status
string | Pulumi.
Azure Native. Security Insights. Incident Status - The status of the incident
- Classification
string | Incident
Classification - The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed.
- Classification
Reason string | IncidentClassification Reason - The classification reason the incident was closed with
- Labels
[]Incident
Label - List of labels to add to the incident.
- Owner
Incident
Owner Info - Information on the user an incident is assigned to
- Severity
string | Incident
Severity - The severity of the incident
- Status
string | Incident
Status - The status of the incident
- classification
String | Incident
Classification - The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed.
- classification
Reason String | IncidentClassification Reason - The classification reason the incident was closed with
- labels
List<Incident
Label> - List of labels to add to the incident.
- owner
Incident
Owner Info - Information on the user an incident is assigned to
- severity
String | Incident
Severity - The severity of the incident
- status
String | Incident
Status - The status of the incident
- classification
string | Incident
Classification - The reason the incident was closed
- classification
Comment string - Describes the reason the incident was closed.
- classification
Reason string | IncidentClassification Reason - The classification reason the incident was closed with
- labels
Incident
Label[] - List of labels to add to the incident.
- owner
Incident
Owner Info - Information on the user an incident is assigned to
- severity
string | Incident
Severity - The severity of the incident
- status
string | Incident
Status - The status of the incident
- classification
str | Incident
Classification - The reason the incident was closed
- classification_
comment str - Describes the reason the incident was closed.
- classification_
reason str | IncidentClassification Reason - The classification reason the incident was closed with
- labels
Sequence[Incident
Label] - List of labels to add to the incident.
- owner
Incident
Owner Info - Information on the user an incident is assigned to
- severity
str | Incident
Severity - The severity of the incident
- status
str | Incident
Status - The status of the incident
- classification
String | "Undetermined" | "True
Positive" | "Benign Positive" | "False Positive" - The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed.
- classification
Reason String | "SuspiciousActivity" | "Suspicious But Expected" | "Incorrect Alert Logic" | "Inaccurate Data" - The classification reason the incident was closed with
- labels List<Property Map>
- List of labels to add to the incident.
- owner Property Map
- Information on the user an incident is assigned to
- severity String | "High" | "Medium" | "Low" | "Informational"
- The severity of the incident
- status String | "New" | "Active" | "Closed"
- The status of the incident
IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs
- Classification string
- The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed.
- Classification
Reason string - The classification reason the incident was closed with
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label Response> - List of labels to add to the incident.
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info Response - Information on the user an incident is assigned to
- Severity string
- The severity of the incident
- Status string
- The status of the incident
- Classification string
- The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed.
- Classification
Reason string - The classification reason the incident was closed with
- Labels
[]Incident
Label Response - List of labels to add to the incident.
- Owner
Incident
Owner Info Response - Information on the user an incident is assigned to
- Severity string
- The severity of the incident
- Status string
- The status of the incident
- classification String
- The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed.
- classification
Reason String - The classification reason the incident was closed with
- labels
List<Incident
Label Response> - List of labels to add to the incident.
- owner
Incident
Owner Info Response - Information on the user an incident is assigned to
- severity String
- The severity of the incident
- status String
- The status of the incident
- classification string
- The reason the incident was closed
- classification
Comment string - Describes the reason the incident was closed.
- classification
Reason string - The classification reason the incident was closed with
- labels
Incident
Label Response[] - List of labels to add to the incident.
- owner
Incident
Owner Info Response - Information on the user an incident is assigned to
- severity string
- The severity of the incident
- status string
- The status of the incident
- classification str
- The reason the incident was closed
- classification_
comment str - Describes the reason the incident was closed.
- classification_
reason str - The classification reason the incident was closed with
- labels
Sequence[Incident
Label Response] - List of labels to add to the incident.
- owner
Incident
Owner Info Response - Information on the user an incident is assigned to
- severity str
- The severity of the incident
- status str
- The status of the incident
- classification String
- The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed.
- classification
Reason String - The classification reason the incident was closed with
- labels List<Property Map>
- List of labels to add to the incident.
- owner Property Map
- Information on the user an incident is assigned to
- severity String
- The severity of the incident
- status String
- The status of the incident
IncidentSeverity, IncidentSeverityArgs
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- Incident
Severity High - HighHigh severity
- Incident
Severity Medium - MediumMedium severity
- Incident
Severity Low - LowLow severity
- Incident
Severity Informational - InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- HIGH
- HighHigh severity
- MEDIUM
- MediumMedium severity
- LOW
- LowLow severity
- INFORMATIONAL
- InformationalInformational severity
- "High"
- HighHigh severity
- "Medium"
- MediumMedium severity
- "Low"
- LowLow severity
- "Informational"
- InformationalInformational severity
IncidentStatus, IncidentStatusArgs
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- Incident
Status New - NewAn active incident which isn't being handled currently
- Incident
Status Active - ActiveAn active incident which is being handled
- Incident
Status Closed - ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- NEW
- NewAn active incident which isn't being handled currently
- ACTIVE
- ActiveAn active incident which is being handled
- CLOSED
- ClosedA non-active incident
- "New"
- NewAn active incident which isn't being handled currently
- "Active"
- ActiveAn active incident which is being handled
- "Closed"
- ClosedA non-active incident
OwnerType, OwnerTypeArgs
- Unknown
- UnknownThe incident owner type is unknown
- User
- UserThe incident owner type is an AAD user
- Group
- GroupThe incident owner type is an AAD group
- Owner
Type Unknown - UnknownThe incident owner type is unknown
- Owner
Type User - UserThe incident owner type is an AAD user
- Owner
Type Group - GroupThe incident owner type is an AAD group
- Unknown
- UnknownThe incident owner type is unknown
- User
- UserThe incident owner type is an AAD user
- Group
- GroupThe incident owner type is an AAD group
- Unknown
- UnknownThe incident owner type is unknown
- User
- UserThe incident owner type is an AAD user
- Group
- GroupThe incident owner type is an AAD group
- UNKNOWN
- UnknownThe incident owner type is unknown
- USER
- UserThe incident owner type is an AAD user
- GROUP
- GroupThe incident owner type is an AAD group
- "Unknown"
- UnknownThe incident owner type is unknown
- "User"
- UserThe incident owner type is an AAD user
- "Group"
- GroupThe incident owner type is an AAD group
PlaybookActionProperties, PlaybookActionPropertiesArgs
- Logic
App stringResource Id - The resource id of the playbook resource.
- Tenant
Id string - The tenant id of the playbook resource.
- Logic
App stringResource Id - The resource id of the playbook resource.
- Tenant
Id string - The tenant id of the playbook resource.
- logic
App StringResource Id - The resource id of the playbook resource.
- tenant
Id String - The tenant id of the playbook resource.
- logic
App stringResource Id - The resource id of the playbook resource.
- tenant
Id string - The tenant id of the playbook resource.
- logic_
app_ strresource_ id - The resource id of the playbook resource.
- tenant_
id str - The tenant id of the playbook resource.
- logic
App StringResource Id - The resource id of the playbook resource.
- tenant
Id String - The tenant id of the playbook resource.
PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs
- Logic
App stringResource Id - The resource id of the playbook resource.
- Tenant
Id string - The tenant id of the playbook resource.
- Logic
App stringResource Id - The resource id of the playbook resource.
- Tenant
Id string - The tenant id of the playbook resource.
- logic
App StringResource Id - The resource id of the playbook resource.
- tenant
Id String - The tenant id of the playbook resource.
- logic
App stringResource Id - The resource id of the playbook resource.
- tenant
Id string - The tenant id of the playbook resource.
- logic_
app_ strresource_ id - The resource id of the playbook resource.
- tenant_
id str - The tenant id of the playbook resource.
- logic
App StringResource Id - The resource id of the playbook resource.
- tenant
Id String - The tenant id of the playbook resource.
PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs
PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs
PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs
PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs
PropertyConditionProperties, PropertyConditionPropertiesArgs
PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
TriggersOn, TriggersOnArgs
- Incidents
- IncidentsTrigger on Incidents
- Alerts
- AlertsTrigger on Alerts
- Triggers
On Incidents - IncidentsTrigger on Incidents
- Triggers
On Alerts - AlertsTrigger on Alerts
- Incidents
- IncidentsTrigger on Incidents
- Alerts
- AlertsTrigger on Alerts
- Incidents
- IncidentsTrigger on Incidents
- Alerts
- AlertsTrigger on Alerts
- INCIDENTS
- IncidentsTrigger on Incidents
- ALERTS
- AlertsTrigger on Alerts
- "Incidents"
- IncidentsTrigger on Incidents
- "Alerts"
- AlertsTrigger on Alerts
TriggersWhen, TriggersWhenArgs
- Created
- CreatedTrigger on created objects
- Updated
- UpdatedTrigger on updated objects
- Triggers
When Created - CreatedTrigger on created objects
- Triggers
When Updated - UpdatedTrigger on updated objects
- Created
- CreatedTrigger on created objects
- Updated
- UpdatedTrigger on updated objects
- Created
- CreatedTrigger on created objects
- Updated
- UpdatedTrigger on updated objects
- CREATED
- CreatedTrigger on created objects
- UPDATED
- UpdatedTrigger on updated objects
- "Created"
- CreatedTrigger on created objects
- "Updated"
- UpdatedTrigger on updated objects
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0