1. Packages
  2. Azure Native v1
  3. API Docs
  4. security
  5. AlertsSuppressionRule
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi

azure-native.security.AlertsSuppressionRule

Explore with Pulumi AI

azure-native-v1 logo
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi

    Describes the suppression rule API Version: 2019-01-01-preview.

    Example Usage

    Update or create suppression rule for subscription

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var alertsSuppressionRule = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRule", new()
        {
            AlertType = "IpAnomaly",
            AlertsSuppressionRuleName = "dismissIpAnomalyAlerts",
            Comment = "Test VM",
            ExpirationDateUtc = "2019-12-01T19:50:47.083633Z",
            Reason = "FalsePositive",
            State = "Enabled",
            SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
            {
                AllOf = new[]
                {
                    new AzureNative.Security.Inputs.ScopeElementArgs
                    {
                        Field = "entities.ip.address",
                    },
                    new AzureNative.Security.Inputs.ScopeElementArgs
                    {
                        Field = "entities.process.commandline",
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	security "github.com/pulumi/pulumi-azure-native-sdk/security"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRule", &security.AlertsSuppressionRuleArgs{
    			AlertType:                 pulumi.String("IpAnomaly"),
    			AlertsSuppressionRuleName: pulumi.String("dismissIpAnomalyAlerts"),
    			Comment:                   pulumi.String("Test VM"),
    			ExpirationDateUtc:         pulumi.String("2019-12-01T19:50:47.083633Z"),
    			Reason:                    pulumi.String("FalsePositive"),
    			State:                     pulumi.String("Enabled"),
    			SuppressionAlertsScope: security.SuppressionAlertsScopeResponse{
    				AllOf: security.ScopeElementArray{
    					&security.ScopeElementArgs{
    						Field: pulumi.String("entities.ip.address"),
    					},
    					&security.ScopeElementArgs{
    						Field: pulumi.String("entities.process.commandline"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.security.AlertsSuppressionRule;
    import com.pulumi.azurenative.security.AlertsSuppressionRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var alertsSuppressionRule = new AlertsSuppressionRule("alertsSuppressionRule", AlertsSuppressionRuleArgs.builder()        
                .alertType("IpAnomaly")
                .alertsSuppressionRuleName("dismissIpAnomalyAlerts")
                .comment("Test VM")
                .expirationDateUtc("2019-12-01T19:50:47.083633Z")
                .reason("FalsePositive")
                .state("Enabled")
                .suppressionAlertsScope(Map.of("allOf",             
                    Map.of("field", "entities.ip.address"),
                    Map.of("field", "entities.process.commandline")))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    alerts_suppression_rule = azure_native.security.AlertsSuppressionRule("alertsSuppressionRule",
        alert_type="IpAnomaly",
        alerts_suppression_rule_name="dismissIpAnomalyAlerts",
        comment="Test VM",
        expiration_date_utc="2019-12-01T19:50:47.083633Z",
        reason="FalsePositive",
        state="Enabled",
        suppression_alerts_scope=azure_native.security.SuppressionAlertsScopeResponseArgs(
            all_of=[
                azure_native.security.ScopeElementArgs(
                    field="entities.ip.address",
                ),
                azure_native.security.ScopeElementArgs(
                    field="entities.process.commandline",
                ),
            ],
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const alertsSuppressionRule = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRule", {
        alertType: "IpAnomaly",
        alertsSuppressionRuleName: "dismissIpAnomalyAlerts",
        comment: "Test VM",
        expirationDateUtc: "2019-12-01T19:50:47.083633Z",
        reason: "FalsePositive",
        state: "Enabled",
        suppressionAlertsScope: {
            allOf: [
                {
                    field: "entities.ip.address",
                },
                {
                    field: "entities.process.commandline",
                },
            ],
        },
    });
    
    resources:
      alertsSuppressionRule:
        type: azure-native:security:AlertsSuppressionRule
        properties:
          alertType: IpAnomaly
          alertsSuppressionRuleName: dismissIpAnomalyAlerts
          comment: Test VM
          expirationDateUtc: 2019-12-01T19:50:47.083633Z
          reason: FalsePositive
          state: Enabled
          suppressionAlertsScope:
            allOf:
              - field: entities.ip.address
              - field: entities.process.commandline
    

    Create AlertsSuppressionRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AlertsSuppressionRule(name: string, args: AlertsSuppressionRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AlertsSuppressionRule(resource_name: str,
                              args: AlertsSuppressionRuleArgs,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def AlertsSuppressionRule(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              alert_type: Optional[str] = None,
                              reason: Optional[str] = None,
                              state: Optional[Union[str, RuleState]] = None,
                              alerts_suppression_rule_name: Optional[str] = None,
                              comment: Optional[str] = None,
                              expiration_date_utc: Optional[str] = None,
                              suppression_alerts_scope: Optional[SuppressionAlertsScopeArgs] = None)
    func NewAlertsSuppressionRule(ctx *Context, name string, args AlertsSuppressionRuleArgs, opts ...ResourceOption) (*AlertsSuppressionRule, error)
    public AlertsSuppressionRule(string name, AlertsSuppressionRuleArgs args, CustomResourceOptions? opts = null)
    public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args)
    public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args, CustomResourceOptions options)
    
    type: azure-native:security:AlertsSuppressionRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var alertsSuppressionRuleResource = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRuleResource", new()
    {
        AlertType = "string",
        Reason = "string",
        State = "string",
        AlertsSuppressionRuleName = "string",
        Comment = "string",
        ExpirationDateUtc = "string",
        SuppressionAlertsScope = 
        {
            { "allOf", new[]
            {
                
                {
                    { "field", "string" },
                },
            } },
        },
    });
    
    example, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRuleResource", &security.AlertsSuppressionRuleArgs{
    	AlertType:                 "string",
    	Reason:                    "string",
    	State:                     "string",
    	AlertsSuppressionRuleName: "string",
    	Comment:                   "string",
    	ExpirationDateUtc:         "string",
    	SuppressionAlertsScope: map[string]interface{}{
    		"allOf": []map[string]interface{}{
    			map[string]interface{}{
    				"field": "string",
    			},
    		},
    	},
    })
    
    var alertsSuppressionRuleResource = new AlertsSuppressionRule("alertsSuppressionRuleResource", AlertsSuppressionRuleArgs.builder()
        .alertType("string")
        .reason("string")
        .state("string")
        .alertsSuppressionRuleName("string")
        .comment("string")
        .expirationDateUtc("string")
        .suppressionAlertsScope(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .build());
    
    alerts_suppression_rule_resource = azure_native.security.AlertsSuppressionRule("alertsSuppressionRuleResource",
        alert_type=string,
        reason=string,
        state=string,
        alerts_suppression_rule_name=string,
        comment=string,
        expiration_date_utc=string,
        suppression_alerts_scope={
            allOf: [{
                field: string,
            }],
        })
    
    const alertsSuppressionRuleResource = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRuleResource", {
        alertType: "string",
        reason: "string",
        state: "string",
        alertsSuppressionRuleName: "string",
        comment: "string",
        expirationDateUtc: "string",
        suppressionAlertsScope: {
            allOf: [{
                field: "string",
            }],
        },
    });
    
    type: azure-native:security:AlertsSuppressionRule
    properties:
        alertType: string
        alertsSuppressionRuleName: string
        comment: string
        expirationDateUtc: string
        reason: string
        state: string
        suppressionAlertsScope:
            allOf:
                - field: string
    

    AlertsSuppressionRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AlertsSuppressionRule resource accepts the following input properties:

    AlertType string
    Type of the alert to automatically suppress. For all alert types, use '*'
    Reason string
    The reason for dismissing the alert
    State string | Pulumi.AzureNative.Security.RuleState
    Possible states of the rule
    AlertsSuppressionRuleName string
    The unique name of the suppression alert rule
    Comment string
    Any comment regarding the rule
    ExpirationDateUtc string
    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
    SuppressionAlertsScope Pulumi.AzureNative.Security.Inputs.SuppressionAlertsScope
    The suppression conditions
    AlertType string
    Type of the alert to automatically suppress. For all alert types, use '*'
    Reason string
    The reason for dismissing the alert
    State string | RuleState
    Possible states of the rule
    AlertsSuppressionRuleName string
    The unique name of the suppression alert rule
    Comment string
    Any comment regarding the rule
    ExpirationDateUtc string
    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
    SuppressionAlertsScope SuppressionAlertsScopeArgs
    The suppression conditions
    alertType String
    Type of the alert to automatically suppress. For all alert types, use '*'
    reason String
    The reason for dismissing the alert
    state String | RuleState
    Possible states of the rule
    alertsSuppressionRuleName String
    The unique name of the suppression alert rule
    comment String
    Any comment regarding the rule
    expirationDateUtc String
    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
    suppressionAlertsScope SuppressionAlertsScope
    The suppression conditions
    alertType string
    Type of the alert to automatically suppress. For all alert types, use '*'
    reason string
    The reason for dismissing the alert
    state string | RuleState
    Possible states of the rule
    alertsSuppressionRuleName string
    The unique name of the suppression alert rule
    comment string
    Any comment regarding the rule
    expirationDateUtc string
    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
    suppressionAlertsScope SuppressionAlertsScope
    The suppression conditions
    alert_type str
    Type of the alert to automatically suppress. For all alert types, use '*'
    reason str
    The reason for dismissing the alert
    state str | RuleState
    Possible states of the rule
    alerts_suppression_rule_name str
    The unique name of the suppression alert rule
    comment str
    Any comment regarding the rule
    expiration_date_utc str
    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
    suppression_alerts_scope SuppressionAlertsScopeArgs
    The suppression conditions
    alertType String
    Type of the alert to automatically suppress. For all alert types, use '*'
    reason String
    The reason for dismissing the alert
    state String | "Enabled" | "Disabled" | "Expired"
    Possible states of the rule
    alertsSuppressionRuleName String
    The unique name of the suppression alert rule
    comment String
    Any comment regarding the rule
    expirationDateUtc String
    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
    suppressionAlertsScope Property Map
    The suppression conditions

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AlertsSuppressionRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedUtc string
    The last time this rule was modified
    Name string
    Resource name
    Type string
    Resource type
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedUtc string
    The last time this rule was modified
    Name string
    Resource name
    Type string
    Resource type
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc String
    The last time this rule was modified
    name String
    Resource name
    type String
    Resource type
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc string
    The last time this rule was modified
    name string
    Resource name
    type string
    Resource type
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_utc str
    The last time this rule was modified
    name str
    Resource name
    type str
    Resource type
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc String
    The last time this rule was modified
    name String
    Resource name
    type String
    Resource type

    Supporting Types

    RuleState, RuleStateArgs

    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    RuleStateEnabled
    Enabled
    RuleStateDisabled
    Disabled
    RuleStateExpired
    Expired
    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    ENABLED
    Enabled
    DISABLED
    Disabled
    EXPIRED
    Expired
    "Enabled"
    Enabled
    "Disabled"
    Disabled
    "Expired"
    Expired

    ScopeElement, ScopeElementArgs

    Field string
    The alert entity type to suppress by.
    Field string
    The alert entity type to suppress by.
    field String
    The alert entity type to suppress by.
    field string
    The alert entity type to suppress by.
    field str
    The alert entity type to suppress by.
    field String
    The alert entity type to suppress by.

    ScopeElementResponse, ScopeElementResponseArgs

    Field string
    The alert entity type to suppress by.
    Field string
    The alert entity type to suppress by.
    field String
    The alert entity type to suppress by.
    field string
    The alert entity type to suppress by.
    field str
    The alert entity type to suppress by.
    field String
    The alert entity type to suppress by.

    SuppressionAlertsScope, SuppressionAlertsScopeArgs

    AllOf List<Pulumi.AzureNative.Security.Inputs.ScopeElement>
    All the conditions inside need to be true in order to suppress the alert
    AllOf []ScopeElement
    All the conditions inside need to be true in order to suppress the alert
    allOf List<ScopeElement>
    All the conditions inside need to be true in order to suppress the alert
    allOf ScopeElement[]
    All the conditions inside need to be true in order to suppress the alert
    all_of Sequence[ScopeElement]
    All the conditions inside need to be true in order to suppress the alert
    allOf List<Property Map>
    All the conditions inside need to be true in order to suppress the alert

    SuppressionAlertsScopeResponse, SuppressionAlertsScopeResponseArgs

    AllOf List<Pulumi.AzureNative.Security.Inputs.ScopeElementResponse>
    All the conditions inside need to be true in order to suppress the alert
    AllOf []ScopeElementResponse
    All the conditions inside need to be true in order to suppress the alert
    allOf List<ScopeElementResponse>
    All the conditions inside need to be true in order to suppress the alert
    allOf ScopeElementResponse[]
    All the conditions inside need to be true in order to suppress the alert
    all_of Sequence[ScopeElementResponse]
    All the conditions inside need to be true in order to suppress the alert
    allOf List<Property Map>
    All the conditions inside need to be true in order to suppress the alert

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:security:AlertsSuppressionRule dismissIpAnomalyAlerts /subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules/dismissIpAnomalyAlerts 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    azure-native-v1 pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native-v1 logo
    These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
    Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi