1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. MicrosoftSecurityIncidentCreationAlertRule
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi

azure-native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi

    Represents MicrosoftSecurityIncidentCreation rule. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-01-01.

    Example Usage

    Creates or updates a Fusion alert rule.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var microsoftSecurityIncidentCreationAlertRule = new AzureNative.SecurityInsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", new()
        {
            ResourceGroupName = "myRg",
            RuleId = "myFirstFusionRule",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewMicrosoftSecurityIncidentCreationAlertRule(ctx, "microsoftSecurityIncidentCreationAlertRule", &securityinsights.MicrosoftSecurityIncidentCreationAlertRuleArgs{
    			ResourceGroupName: pulumi.String("myRg"),
    			RuleId:            pulumi.String("myFirstFusionRule"),
    			WorkspaceName:     pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.MicrosoftSecurityIncidentCreationAlertRule;
    import com.pulumi.azurenative.securityinsights.MicrosoftSecurityIncidentCreationAlertRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var microsoftSecurityIncidentCreationAlertRule = new MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", MicrosoftSecurityIncidentCreationAlertRuleArgs.builder()
                .resourceGroupName("myRg")
                .ruleId("myFirstFusionRule")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    microsoft_security_incident_creation_alert_rule = azure_native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule",
        resource_group_name="myRg",
        rule_id="myFirstFusionRule",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const microsoftSecurityIncidentCreationAlertRule = new azure_native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", {
        resourceGroupName: "myRg",
        ruleId: "myFirstFusionRule",
        workspaceName: "myWorkspace",
    });
    
    resources:
      microsoftSecurityIncidentCreationAlertRule:
        type: azure-native:securityinsights:MicrosoftSecurityIncidentCreationAlertRule
        properties:
          resourceGroupName: myRg
          ruleId: myFirstFusionRule
          workspaceName: myWorkspace
    

    Creates or updates a MicrosoftSecurityIncidentCreation rule.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var microsoftSecurityIncidentCreationAlertRule = new AzureNative.SecurityInsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", new()
        {
            DisplayName = "testing displayname",
            Enabled = true,
            Kind = "MicrosoftSecurityIncidentCreation",
            ProductFilter = AzureNative.SecurityInsights.MicrosoftSecurityProductName.Microsoft_Cloud_App_Security,
            ResourceGroupName = "myRg",
            RuleId = "microsoftSecurityIncidentCreationRuleExample",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewMicrosoftSecurityIncidentCreationAlertRule(ctx, "microsoftSecurityIncidentCreationAlertRule", &securityinsights.MicrosoftSecurityIncidentCreationAlertRuleArgs{
    			DisplayName:       pulumi.String("testing displayname"),
    			Enabled:           pulumi.Bool(true),
    			Kind:              pulumi.String("MicrosoftSecurityIncidentCreation"),
    			ProductFilter:     pulumi.String(securityinsights.MicrosoftSecurityProductName_Microsoft_Cloud_App_Security),
    			ResourceGroupName: pulumi.String("myRg"),
    			RuleId:            pulumi.String("microsoftSecurityIncidentCreationRuleExample"),
    			WorkspaceName:     pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.MicrosoftSecurityIncidentCreationAlertRule;
    import com.pulumi.azurenative.securityinsights.MicrosoftSecurityIncidentCreationAlertRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var microsoftSecurityIncidentCreationAlertRule = new MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", MicrosoftSecurityIncidentCreationAlertRuleArgs.builder()
                .displayName("testing displayname")
                .enabled(true)
                .kind("MicrosoftSecurityIncidentCreation")
                .productFilter("Microsoft Cloud App Security")
                .resourceGroupName("myRg")
                .ruleId("microsoftSecurityIncidentCreationRuleExample")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    microsoft_security_incident_creation_alert_rule = azure_native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule",
        display_name="testing displayname",
        enabled=True,
        kind="MicrosoftSecurityIncidentCreation",
        product_filter=azure_native.securityinsights.MicrosoftSecurityProductName.MICROSOFT_CLOUD_APP_SECURITY,
        resource_group_name="myRg",
        rule_id="microsoftSecurityIncidentCreationRuleExample",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const microsoftSecurityIncidentCreationAlertRule = new azure_native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", {
        displayName: "testing displayname",
        enabled: true,
        kind: "MicrosoftSecurityIncidentCreation",
        productFilter: azure_native.securityinsights.MicrosoftSecurityProductName.Microsoft_Cloud_App_Security,
        resourceGroupName: "myRg",
        ruleId: "microsoftSecurityIncidentCreationRuleExample",
        workspaceName: "myWorkspace",
    });
    
    resources:
      microsoftSecurityIncidentCreationAlertRule:
        type: azure-native:securityinsights:MicrosoftSecurityIncidentCreationAlertRule
        properties:
          displayName: testing displayname
          enabled: true
          kind: MicrosoftSecurityIncidentCreation
          productFilter: Microsoft Cloud App Security
          resourceGroupName: myRg
          ruleId: microsoftSecurityIncidentCreationRuleExample
          workspaceName: myWorkspace
    

    Creates or updates a Scheduled alert rule.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var microsoftSecurityIncidentCreationAlertRule = new AzureNative.SecurityInsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", new()
        {
            ResourceGroupName = "myRg",
            RuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewMicrosoftSecurityIncidentCreationAlertRule(ctx, "microsoftSecurityIncidentCreationAlertRule", &securityinsights.MicrosoftSecurityIncidentCreationAlertRuleArgs{
    			ResourceGroupName: pulumi.String("myRg"),
    			RuleId:            pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
    			WorkspaceName:     pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.MicrosoftSecurityIncidentCreationAlertRule;
    import com.pulumi.azurenative.securityinsights.MicrosoftSecurityIncidentCreationAlertRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var microsoftSecurityIncidentCreationAlertRule = new MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", MicrosoftSecurityIncidentCreationAlertRuleArgs.builder()
                .resourceGroupName("myRg")
                .ruleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    microsoft_security_incident_creation_alert_rule = azure_native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule",
        resource_group_name="myRg",
        rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const microsoftSecurityIncidentCreationAlertRule = new azure_native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRule", {
        resourceGroupName: "myRg",
        ruleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        workspaceName: "myWorkspace",
    });
    
    resources:
      microsoftSecurityIncidentCreationAlertRule:
        type: azure-native:securityinsights:MicrosoftSecurityIncidentCreationAlertRule
        properties:
          resourceGroupName: myRg
          ruleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
          workspaceName: myWorkspace
    

    Create MicrosoftSecurityIncidentCreationAlertRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new MicrosoftSecurityIncidentCreationAlertRule(name: string, args: MicrosoftSecurityIncidentCreationAlertRuleArgs, opts?: CustomResourceOptions);
    @overload
    def MicrosoftSecurityIncidentCreationAlertRule(resource_name: str,
                                                   args: MicrosoftSecurityIncidentCreationAlertRuleArgs,
                                                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def MicrosoftSecurityIncidentCreationAlertRule(resource_name: str,
                                                   opts: Optional[ResourceOptions] = None,
                                                   display_name: Optional[str] = None,
                                                   enabled: Optional[bool] = None,
                                                   product_filter: Optional[Union[str, MicrosoftSecurityProductName]] = None,
                                                   resource_group_name: Optional[str] = None,
                                                   workspace_name: Optional[str] = None,
                                                   alert_rule_template_name: Optional[str] = None,
                                                   description: Optional[str] = None,
                                                   display_names_exclude_filter: Optional[Sequence[str]] = None,
                                                   display_names_filter: Optional[Sequence[str]] = None,
                                                   rule_id: Optional[str] = None,
                                                   severities_filter: Optional[Sequence[Union[str, AlertSeverity]]] = None)
    func NewMicrosoftSecurityIncidentCreationAlertRule(ctx *Context, name string, args MicrosoftSecurityIncidentCreationAlertRuleArgs, opts ...ResourceOption) (*MicrosoftSecurityIncidentCreationAlertRule, error)
    public MicrosoftSecurityIncidentCreationAlertRule(string name, MicrosoftSecurityIncidentCreationAlertRuleArgs args, CustomResourceOptions? opts = null)
    public MicrosoftSecurityIncidentCreationAlertRule(String name, MicrosoftSecurityIncidentCreationAlertRuleArgs args)
    public MicrosoftSecurityIncidentCreationAlertRule(String name, MicrosoftSecurityIncidentCreationAlertRuleArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:MicrosoftSecurityIncidentCreationAlertRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args MicrosoftSecurityIncidentCreationAlertRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args MicrosoftSecurityIncidentCreationAlertRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args MicrosoftSecurityIncidentCreationAlertRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args MicrosoftSecurityIncidentCreationAlertRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args MicrosoftSecurityIncidentCreationAlertRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var microsoftSecurityIncidentCreationAlertRuleResource = new AzureNative.SecurityInsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRuleResource", new()
    {
        DisplayName = "string",
        Enabled = false,
        Kind = "string",
        ProductFilter = "string",
        ResourceGroupName = "string",
        WorkspaceName = "string",
        AlertRuleTemplateName = "string",
        Description = "string",
        DisplayNamesExcludeFilter = new[]
        {
            "string",
        },
        DisplayNamesFilter = new[]
        {
            "string",
        },
        RuleId = "string",
        SeveritiesFilter = new[]
        {
            "string",
        },
    });
    
    example, err := securityinsights.NewMicrosoftSecurityIncidentCreationAlertRule(ctx, "microsoftSecurityIncidentCreationAlertRuleResource", &securityinsights.MicrosoftSecurityIncidentCreationAlertRuleArgs{
    DisplayName: pulumi.String("string"),
    Enabled: pulumi.Bool(false),
    Kind: pulumi.String("string"),
    ProductFilter: pulumi.String("string"),
    ResourceGroupName: pulumi.String("string"),
    WorkspaceName: pulumi.String("string"),
    AlertRuleTemplateName: pulumi.String("string"),
    Description: pulumi.String("string"),
    DisplayNamesExcludeFilter: pulumi.StringArray{
    pulumi.String("string"),
    },
    DisplayNamesFilter: pulumi.StringArray{
    pulumi.String("string"),
    },
    RuleId: pulumi.String("string"),
    SeveritiesFilter: pulumi.StringArray{
    pulumi.String("string"),
    },
    })
    
    var microsoftSecurityIncidentCreationAlertRuleResource = new MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRuleResource", MicrosoftSecurityIncidentCreationAlertRuleArgs.builder()
        .displayName("string")
        .enabled(false)
        .kind("string")
        .productFilter("string")
        .resourceGroupName("string")
        .workspaceName("string")
        .alertRuleTemplateName("string")
        .description("string")
        .displayNamesExcludeFilter("string")
        .displayNamesFilter("string")
        .ruleId("string")
        .severitiesFilter("string")
        .build());
    
    microsoft_security_incident_creation_alert_rule_resource = azure_native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRuleResource",
        display_name="string",
        enabled=False,
        kind="string",
        product_filter="string",
        resource_group_name="string",
        workspace_name="string",
        alert_rule_template_name="string",
        description="string",
        display_names_exclude_filter=["string"],
        display_names_filter=["string"],
        rule_id="string",
        severities_filter=["string"])
    
    const microsoftSecurityIncidentCreationAlertRuleResource = new azure_native.securityinsights.MicrosoftSecurityIncidentCreationAlertRule("microsoftSecurityIncidentCreationAlertRuleResource", {
        displayName: "string",
        enabled: false,
        kind: "string",
        productFilter: "string",
        resourceGroupName: "string",
        workspaceName: "string",
        alertRuleTemplateName: "string",
        description: "string",
        displayNamesExcludeFilter: ["string"],
        displayNamesFilter: ["string"],
        ruleId: "string",
        severitiesFilter: ["string"],
    });
    
    type: azure-native:securityinsights:MicrosoftSecurityIncidentCreationAlertRule
    properties:
        alertRuleTemplateName: string
        description: string
        displayName: string
        displayNamesExcludeFilter:
            - string
        displayNamesFilter:
            - string
        enabled: false
        kind: string
        productFilter: string
        resourceGroupName: string
        ruleId: string
        severitiesFilter:
            - string
        workspaceName: string
    

    MicrosoftSecurityIncidentCreationAlertRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The MicrosoftSecurityIncidentCreationAlertRule resource accepts the following input properties:

    DisplayName string
    The display name for alerts created by this alert rule.
    Enabled bool
    Determines whether this alert rule is enabled or disabled.
    ProductFilter string | Pulumi.AzureNative.SecurityInsights.MicrosoftSecurityProductName
    The alerts' productName on which the cases will be generated
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    WorkspaceName string
    The name of the workspace.
    AlertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    Description string
    The description of the alert rule.
    DisplayNamesExcludeFilter List<string>
    the alerts' displayNames on which the cases will not be generated
    DisplayNamesFilter List<string>
    the alerts' displayNames on which the cases will be generated
    RuleId string
    Alert rule ID
    SeveritiesFilter List<Union<string, Pulumi.AzureNative.SecurityInsights.AlertSeverity>>
    the alerts' severities on which the cases will be generated
    DisplayName string
    The display name for alerts created by this alert rule.
    Enabled bool
    Determines whether this alert rule is enabled or disabled.
    ProductFilter string | MicrosoftSecurityProductName
    The alerts' productName on which the cases will be generated
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    WorkspaceName string
    The name of the workspace.
    AlertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    Description string
    The description of the alert rule.
    DisplayNamesExcludeFilter []string
    the alerts' displayNames on which the cases will not be generated
    DisplayNamesFilter []string
    the alerts' displayNames on which the cases will be generated
    RuleId string
    Alert rule ID
    SeveritiesFilter []string
    the alerts' severities on which the cases will be generated
    displayName String
    The display name for alerts created by this alert rule.
    enabled Boolean
    Determines whether this alert rule is enabled or disabled.
    productFilter String | MicrosoftSecurityProductName
    The alerts' productName on which the cases will be generated
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    workspaceName String
    The name of the workspace.
    alertRuleTemplateName String
    The Name of the alert rule template used to create this rule.
    description String
    The description of the alert rule.
    displayNamesExcludeFilter List<String>
    the alerts' displayNames on which the cases will not be generated
    displayNamesFilter List<String>
    the alerts' displayNames on which the cases will be generated
    ruleId String
    Alert rule ID
    severitiesFilter List<Either<String,AlertSeverity>>
    the alerts' severities on which the cases will be generated
    displayName string
    The display name for alerts created by this alert rule.
    enabled boolean
    Determines whether this alert rule is enabled or disabled.
    productFilter string | MicrosoftSecurityProductName
    The alerts' productName on which the cases will be generated
    resourceGroupName string
    The name of the resource group. The name is case insensitive.
    workspaceName string
    The name of the workspace.
    alertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    description string
    The description of the alert rule.
    displayNamesExcludeFilter string[]
    the alerts' displayNames on which the cases will not be generated
    displayNamesFilter string[]
    the alerts' displayNames on which the cases will be generated
    ruleId string
    Alert rule ID
    severitiesFilter (string | AlertSeverity)[]
    the alerts' severities on which the cases will be generated
    display_name str
    The display name for alerts created by this alert rule.
    enabled bool
    Determines whether this alert rule is enabled or disabled.
    product_filter str | MicrosoftSecurityProductName
    The alerts' productName on which the cases will be generated
    resource_group_name str
    The name of the resource group. The name is case insensitive.
    workspace_name str
    The name of the workspace.
    alert_rule_template_name str
    The Name of the alert rule template used to create this rule.
    description str
    The description of the alert rule.
    display_names_exclude_filter Sequence[str]
    the alerts' displayNames on which the cases will not be generated
    display_names_filter Sequence[str]
    the alerts' displayNames on which the cases will be generated
    rule_id str
    Alert rule ID
    severities_filter Sequence[Union[str, AlertSeverity]]
    the alerts' severities on which the cases will be generated
    displayName String
    The display name for alerts created by this alert rule.
    enabled Boolean
    Determines whether this alert rule is enabled or disabled.
    productFilter String | "Microsoft Cloud App Security" | "Azure Security Center" | "Azure Advanced Threat Protection" | "Azure Active Directory Identity Protection" | "Azure Security Center for IoT"
    The alerts' productName on which the cases will be generated
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    workspaceName String
    The name of the workspace.
    alertRuleTemplateName String
    The Name of the alert rule template used to create this rule.
    description String
    The description of the alert rule.
    displayNamesExcludeFilter List<String>
    the alerts' displayNames on which the cases will not be generated
    displayNamesFilter List<String>
    the alerts' displayNames on which the cases will be generated
    ruleId String
    Alert rule ID
    severitiesFilter List<String | "High" | "Medium" | "Low" | "Informational">
    the alerts' severities on which the cases will be generated

    Outputs

    All input properties are implicitly available as output properties. Additionally, the MicrosoftSecurityIncidentCreationAlertRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedUtc string
    The last time that this alert has been modified.
    Name string
    The name of the resource
    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedUtc string
    The last time that this alert has been modified.
    Name string
    The name of the resource
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc String
    The last time that this alert has been modified.
    name String
    The name of the resource
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc string
    The last time that this alert has been modified.
    name string
    The name of the resource
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag string
    Etag of the azure resource
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_utc str
    The last time that this alert has been modified.
    name str
    The name of the resource
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag str
    Etag of the azure resource
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc String
    The last time that this alert has been modified.
    name String
    The name of the resource
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource

    Supporting Types

    AlertSeverity, AlertSeverityArgs

    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    AlertSeverityHigh
    HighHigh severity
    AlertSeverityMedium
    MediumMedium severity
    AlertSeverityLow
    LowLow severity
    AlertSeverityInformational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    HIGH
    HighHigh severity
    MEDIUM
    MediumMedium severity
    LOW
    LowLow severity
    INFORMATIONAL
    InformationalInformational severity
    "High"
    HighHigh severity
    "Medium"
    MediumMedium severity
    "Low"
    LowLow severity
    "Informational"
    InformationalInformational severity

    MicrosoftSecurityProductName, MicrosoftSecurityProductNameArgs

    Microsoft_Cloud_App_Security
    Microsoft Cloud App Security
    Azure_Security_Center
    Azure Security Center
    Azure_Advanced_Threat_Protection
    Azure Advanced Threat Protection
    Azure_Active_Directory_Identity_Protection
    Azure Active Directory Identity Protection
    Azure_Security_Center_for_IoT
    Azure Security Center for IoT
    MicrosoftSecurityProductName_Microsoft_Cloud_App_Security
    Microsoft Cloud App Security
    MicrosoftSecurityProductName_Azure_Security_Center
    Azure Security Center
    MicrosoftSecurityProductName_Azure_Advanced_Threat_Protection
    Azure Advanced Threat Protection
    MicrosoftSecurityProductName_Azure_Active_Directory_Identity_Protection
    Azure Active Directory Identity Protection
    MicrosoftSecurityProductName_Azure_Security_Center_for_IoT
    Azure Security Center for IoT
    Microsoft_Cloud_App_Security
    Microsoft Cloud App Security
    Azure_Security_Center
    Azure Security Center
    Azure_Advanced_Threat_Protection
    Azure Advanced Threat Protection
    Azure_Active_Directory_Identity_Protection
    Azure Active Directory Identity Protection
    Azure_Security_Center_for_IoT
    Azure Security Center for IoT
    Microsoft_Cloud_App_Security
    Microsoft Cloud App Security
    Azure_Security_Center
    Azure Security Center
    Azure_Advanced_Threat_Protection
    Azure Advanced Threat Protection
    Azure_Active_Directory_Identity_Protection
    Azure Active Directory Identity Protection
    Azure_Security_Center_for_IoT
    Azure Security Center for IoT
    MICROSOFT_CLOUD_APP_SECURITY
    Microsoft Cloud App Security
    AZURE_SECURITY_CENTER
    Azure Security Center
    AZURE_ADVANCED_THREAT_PROTECTION
    Azure Advanced Threat Protection
    AZURE_ACTIVE_DIRECTORY_IDENTITY_PROTECTION
    Azure Active Directory Identity Protection
    AZURE_SECURITY_CENTER_FOR_IO_T
    Azure Security Center for IoT
    "Microsoft Cloud App Security"
    Microsoft Cloud App Security
    "Azure Security Center"
    Azure Security Center
    "Azure Advanced Threat Protection"
    Azure Advanced Threat Protection
    "Azure Active Directory Identity Protection"
    Azure Active Directory Identity Protection
    "Azure Security Center for IoT"
    Azure Security Center for IoT

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:MicrosoftSecurityIncidentCreationAlertRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.47.1 published on Monday, Jun 24, 2024 by Pulumi