azure-native.securityinsights.AutomationRule
Explore with Pulumi AI
Represents an automation rule. API Version: 2019-01-01-preview.
Example Usage
Creates or updates an automation rule.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
{
Actions = new[]
{
new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
{
ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfigurationArgs
{
Severity = "High",
},
ActionType = "ModifyProperties",
Order = 1,
},
new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs
{
ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfigurationArgs
{
LogicAppResourceId = "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
TenantId = "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
},
ActionType = "RunPlaybook",
Order = 2,
},
},
AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
DisplayName = "High severity incidents escalation",
OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
Order = 1,
ResourceGroupName = "myRg",
TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
{
Conditions = new[]
{
{
{ "conditionProperties", new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionPropertiesArgs
{
Operator = "Contains",
PropertyName = "IncidentRelatedAnalyticRuleIds",
PropertyValues = new[]
{
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
},
} },
{ "conditionType", "Property" },
},
},
IsEnabled = true,
TriggersOn = "Incidents",
TriggersWhen = "Created",
},
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
Actions: pulumi.AnyArray{
securityinsights.AutomationRuleModifyPropertiesAction{
ActionConfiguration: securityinsights.AutomationRuleModifyPropertiesActionActionConfiguration{
Severity: "High",
},
ActionType: "ModifyProperties",
Order: 1,
},
securityinsights.AutomationRuleRunPlaybookAction{
ActionConfiguration: securityinsights.AutomationRuleRunPlaybookActionActionConfiguration{
LogicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
TenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
},
ActionType: "RunPlaybook",
Order: 2,
},
},
AutomationRuleId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
DisplayName: pulumi.String("High severity incidents escalation"),
OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
Order: pulumi.Int(1),
ResourceGroupName: pulumi.String("myRg"),
TriggeringLogic: securityinsights.AutomationRuleTriggeringLogicResponse{
Conditions: []securityinsights.AutomationRulePropertyValuesConditionArgs{
{
ConditionProperties: {
Operator: pulumi.String("Contains"),
PropertyName: pulumi.String("IncidentRelatedAnalyticRuleIds"),
PropertyValues: pulumi.StringArray{
pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"),
},
},
ConditionType: pulumi.String("Property"),
},
},
IsEnabled: pulumi.Bool(true),
TriggersOn: pulumi.String("Incidents"),
TriggersWhen: pulumi.String("Created"),
},
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()
.actions(
Map.ofEntries(
Map.entry("actionConfiguration", Map.of("severity", "High")),
Map.entry("actionType", "ModifyProperties"),
Map.entry("order", 1)
),
Map.ofEntries(
Map.entry("actionConfiguration", Map.ofEntries(
Map.entry("logicAppResourceId", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
Map.entry("tenantId", "ee48efaf-50c6-411b-9345-b2bdc3eb4abc")
)),
Map.entry("actionType", "RunPlaybook"),
Map.entry("order", 2)
))
.automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.displayName("High severity incidents escalation")
.operationalInsightsResourceProvider("Microsoft.OperationalInsights")
.order(1)
.resourceGroupName("myRg")
.triggeringLogic(Map.ofEntries(
Map.entry("conditions", Map.ofEntries(
Map.entry("conditionProperties", Map.ofEntries(
Map.entry("operator", "Contains"),
Map.entry("propertyName", "IncidentRelatedAnalyticRuleIds"),
Map.entry("propertyValues",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")
)),
Map.entry("conditionType", "Property")
)),
Map.entry("isEnabled", true),
Map.entry("triggersOn", "Incidents"),
Map.entry("triggersWhen", "Created")
))
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
actions=[
azure_native.securityinsights.AutomationRuleModifyPropertiesActionArgs(
action_configuration=azure_native.securityinsights.AutomationRuleModifyPropertiesActionActionConfigurationArgs(
severity="High",
),
action_type="ModifyProperties",
order=1,
),
azure_native.securityinsights.AutomationRuleRunPlaybookActionArgs(
action_configuration=azure_native.securityinsights.AutomationRuleRunPlaybookActionActionConfigurationArgs(
logic_app_resource_id="/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
tenant_id="ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
),
action_type="RunPlaybook",
order=2,
),
],
automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
display_name="High severity incidents escalation",
operational_insights_resource_provider="Microsoft.OperationalInsights",
order=1,
resource_group_name="myRg",
triggering_logic=azure_native.securityinsights.AutomationRuleTriggeringLogicResponseArgs(
conditions=[azure_native.securityinsights.AutomationRulePropertyValuesConditionResponseArgs(
condition_properties=azure_native.securityinsights.AutomationRulePropertyValuesConditionConditionPropertiesArgs(
operator="Contains",
property_name="IncidentRelatedAnalyticRuleIds",
property_values=[
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
],
),
condition_type="Property",
)],
is_enabled=True,
triggers_on="Incidents",
triggers_when="Created",
),
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
actions: [
{
actionConfiguration: {
severity: "High",
},
actionType: "ModifyProperties",
order: 1,
},
{
actionConfiguration: {
logicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
tenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
},
actionType: "RunPlaybook",
order: 2,
},
],
automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
displayName: "High severity incidents escalation",
operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
order: 1,
resourceGroupName: "myRg",
triggeringLogic: {
conditions: [{
conditionProperties: {
operator: "Contains",
propertyName: "IncidentRelatedAnalyticRuleIds",
propertyValues: [
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
],
},
conditionType: "Property",
}],
isEnabled: true,
triggersOn: "Incidents",
triggersWhen: "Created",
},
workspaceName: "myWorkspace",
});
resources:
automationRule:
type: azure-native:securityinsights:AutomationRule
properties:
actions:
- actionConfiguration:
severity: High
actionType: ModifyProperties
order: 1
- actionConfiguration:
logicAppResourceId: /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook
tenantId: ee48efaf-50c6-411b-9345-b2bdc3eb4abc
actionType: RunPlaybook
order: 2
automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
displayName: High severity incidents escalation
operationalInsightsResourceProvider: Microsoft.OperationalInsights
order: 1
resourceGroupName: myRg
triggeringLogic:
conditions:
- conditionProperties:
operator: Contains
propertyName: IncidentRelatedAnalyticRuleIds
propertyValues:
- /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7
- /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a
conditionType: Property
isEnabled: true
triggersOn: Incidents
triggersWhen: Created
workspaceName: myWorkspace
Create AutomationRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
@overload
def AutomationRule(resource_name: str,
args: AutomationRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AutomationRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
display_name: Optional[str] = None,
operational_insights_resource_provider: Optional[str] = None,
order: Optional[int] = None,
resource_group_name: Optional[str] = None,
triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
workspace_name: Optional[str] = None,
automation_rule_id: Optional[str] = None)
func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var automationRuleResource = new AzureNative.Securityinsights.AutomationRule("automationRuleResource", new()
{
Actions = new[]
{
{
{ "actionConfiguration",
{
{ "classification", "string" },
{ "classificationComment", "string" },
{ "classificationReason", "string" },
{ "labels", new[]
{
{
{ "labelName", "string" },
},
} },
{ "owner",
{
{ "assignedTo", "string" },
{ "email", "string" },
{ "objectId", "string" },
{ "userPrincipalName", "string" },
} },
{ "severity", "string" },
{ "status", "string" },
} },
{ "actionType", "ModifyProperties" },
{ "order", 0 },
},
},
DisplayName = "string",
OperationalInsightsResourceProvider = "string",
Order = 0,
ResourceGroupName = "string",
TriggeringLogic =
{
{ "isEnabled", false },
{ "triggersOn", "string" },
{ "triggersWhen", "string" },
{ "conditions", new[]
{
{
{ "conditionProperties",
{
{ "operator", "string" },
{ "propertyName", "string" },
{ "propertyValues", new[]
{
"string",
} },
} },
{ "conditionType", "Property" },
},
} },
{ "expirationTimeUtc", "string" },
},
WorkspaceName = "string",
AutomationRuleId = "string",
});
example, err := securityinsights.NewAutomationRule(ctx, "automationRuleResource", &securityinsights.AutomationRuleArgs{
Actions: []map[string]interface{}{
map[string]interface{}{
"actionConfiguration": map[string]interface{}{
"classification": "string",
"classificationComment": "string",
"classificationReason": "string",
"labels": []map[string]interface{}{
map[string]interface{}{
"labelName": "string",
},
},
"owner": map[string]interface{}{
"assignedTo": "string",
"email": "string",
"objectId": "string",
"userPrincipalName": "string",
},
"severity": "string",
"status": "string",
},
"actionType": "ModifyProperties",
"order": 0,
},
},
DisplayName: "string",
OperationalInsightsResourceProvider: "string",
Order: 0,
ResourceGroupName: "string",
TriggeringLogic: map[string]interface{}{
"isEnabled": false,
"triggersOn": "string",
"triggersWhen": "string",
"conditions": []map[string]interface{}{
map[string]interface{}{
"conditionProperties": map[string]interface{}{
"operator": "string",
"propertyName": "string",
"propertyValues": []string{
"string",
},
},
"conditionType": "Property",
},
},
"expirationTimeUtc": "string",
},
WorkspaceName: "string",
AutomationRuleId: "string",
})
var automationRuleResource = new AutomationRule("automationRuleResource", AutomationRuleArgs.builder()
.actions(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.displayName("string")
.operationalInsightsResourceProvider("string")
.order(0)
.resourceGroupName("string")
.triggeringLogic(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.workspaceName("string")
.automationRuleId("string")
.build());
automation_rule_resource = azure_native.securityinsights.AutomationRule("automationRuleResource",
actions=[{
actionConfiguration: {
classification: string,
classificationComment: string,
classificationReason: string,
labels: [{
labelName: string,
}],
owner: {
assignedTo: string,
email: string,
objectId: string,
userPrincipalName: string,
},
severity: string,
status: string,
},
actionType: ModifyProperties,
order: 0,
}],
display_name=string,
operational_insights_resource_provider=string,
order=0,
resource_group_name=string,
triggering_logic={
isEnabled: False,
triggersOn: string,
triggersWhen: string,
conditions: [{
conditionProperties: {
operator: string,
propertyName: string,
propertyValues: [string],
},
conditionType: Property,
}],
expirationTimeUtc: string,
},
workspace_name=string,
automation_rule_id=string)
const automationRuleResource = new azure_native.securityinsights.AutomationRule("automationRuleResource", {
actions: [{
actionConfiguration: {
classification: "string",
classificationComment: "string",
classificationReason: "string",
labels: [{
labelName: "string",
}],
owner: {
assignedTo: "string",
email: "string",
objectId: "string",
userPrincipalName: "string",
},
severity: "string",
status: "string",
},
actionType: "ModifyProperties",
order: 0,
}],
displayName: "string",
operationalInsightsResourceProvider: "string",
order: 0,
resourceGroupName: "string",
triggeringLogic: {
isEnabled: false,
triggersOn: "string",
triggersWhen: "string",
conditions: [{
conditionProperties: {
operator: "string",
propertyName: "string",
propertyValues: ["string"],
},
conditionType: "Property",
}],
expirationTimeUtc: "string",
},
workspaceName: "string",
automationRuleId: "string",
});
type: azure-native:securityinsights:AutomationRule
properties:
actions:
- actionConfiguration:
classification: string
classificationComment: string
classificationReason: string
labels:
- labelName: string
owner:
assignedTo: string
email: string
objectId: string
userPrincipalName: string
severity: string
status: string
actionType: ModifyProperties
order: 0
automationRuleId: string
displayName: string
operationalInsightsResourceProvider: string
order: 0
resourceGroupName: string
triggeringLogic:
conditions:
- conditionProperties:
operator: string
propertyName: string
propertyValues:
- string
conditionType: Property
expirationTimeUtc: string
isEnabled: false
triggersOn: string
triggersWhen: string
workspaceName: string
AutomationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AutomationRule resource accepts the following input properties:
- Actions
List<Union<Pulumi.
Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action, Pulumi. Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Args>> - The actions to execute when the automation rule is triggered
- Display
Name string - The display name of the automation rule
- Operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Order int
- The order of execution of the automation rule
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Triggering
Logic Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Triggering Logic - The triggering logic of the automation rule
- Workspace
Name string - The name of the workspace.
- Automation
Rule stringId - Automation rule ID
- Actions []interface{}
- The actions to execute when the automation rule is triggered
- Display
Name string - The display name of the automation rule
- Operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Order int
- The order of execution of the automation rule
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Triggering
Logic AutomationRule Triggering Logic Args - The triggering logic of the automation rule
- Workspace
Name string - The name of the workspace.
- Automation
Rule stringId - Automation rule ID
- actions
List<Either<Automation
Rule Modify Properties Action,Automation Rule Run Playbook Action Args>> - The actions to execute when the automation rule is triggered
- display
Name String - The display name of the automation rule
- operational
Insights StringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order Integer
- The order of execution of the automation rule
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- triggering
Logic AutomationRule Triggering Logic - The triggering logic of the automation rule
- workspace
Name String - The name of the workspace.
- automation
Rule StringId - Automation rule ID
- actions
(Automation
Rule Modify Properties Action | Automation Rule Run Playbook Action Args)[] - The actions to execute when the automation rule is triggered
- display
Name string - The display name of the automation rule
- operational
Insights stringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order number
- The order of execution of the automation rule
- resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- triggering
Logic AutomationRule Triggering Logic - The triggering logic of the automation rule
- workspace
Name string - The name of the workspace.
- automation
Rule stringId - Automation rule ID
- actions
Sequence[Union[Automation
Rule Modify Properties Action Args, Automation Rule Run Playbook Action Args]] - The actions to execute when the automation rule is triggered
- display_
name str - The display name of the automation rule
- operational_
insights_ strresource_ provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order int
- The order of execution of the automation rule
- resource_
group_ strname - The name of the resource group within the user's subscription. The name is case insensitive.
- triggering_
logic AutomationRule Triggering Logic Args - The triggering logic of the automation rule
- workspace_
name str - The name of the workspace.
- automation_
rule_ strid - Automation rule ID
- actions List<Property Map | Property Map>
- The actions to execute when the automation rule is triggered
- display
Name String - The display name of the automation rule
- operational
Insights StringResource Provider - The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order Number
- The order of execution of the automation rule
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- triggering
Logic Property Map - The triggering logic of the automation rule
- workspace
Name String - The name of the workspace.
- automation
Rule StringId - Automation rule ID
Outputs
All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:
- Created
By Pulumi.Azure Native. Security Insights. Outputs. Client Info Response - Describes the client that created the automation rule
- Created
Time stringUtc - The time the automation rule was created
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified Pulumi.By Azure Native. Security Insights. Outputs. Client Info Response - Describes the client that last updated the automation rule
- Last
Modified stringTime Utc - The last time the automation rule was updated
- Name string
- Azure resource name
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- Created
By ClientInfo Response - Describes the client that created the automation rule
- Created
Time stringUtc - The time the automation rule was created
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified ClientBy Info Response - Describes the client that last updated the automation rule
- Last
Modified stringTime Utc - The last time the automation rule was updated
- Name string
- Azure resource name
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- created
By ClientInfo Response - Describes the client that created the automation rule
- created
Time StringUtc - The time the automation rule was created
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified ClientBy Info Response - Describes the client that last updated the automation rule
- last
Modified StringTime Utc - The last time the automation rule was updated
- name String
- Azure resource name
- type String
- Azure resource type
- etag String
- Etag of the azure resource
- created
By ClientInfo Response - Describes the client that created the automation rule
- created
Time stringUtc - The time the automation rule was created
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified ClientBy Info Response - Describes the client that last updated the automation rule
- last
Modified stringTime Utc - The last time the automation rule was updated
- name string
- Azure resource name
- type string
- Azure resource type
- etag string
- Etag of the azure resource
- created_
by ClientInfo Response - Describes the client that created the automation rule
- created_
time_ strutc - The time the automation rule was created
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified_ Clientby Info Response - Describes the client that last updated the automation rule
- last_
modified_ strtime_ utc - The last time the automation rule was updated
- name str
- Azure resource name
- type str
- Azure resource type
- etag str
- Etag of the azure resource
- created
By Property Map - Describes the client that created the automation rule
- created
Time StringUtc - The time the automation rule was created
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified Property MapBy - Describes the client that last updated the automation rule
- last
Modified StringTime Utc - The last time the automation rule was updated
- name String
- Azure resource name
- type String
- Azure resource type
- etag String
- Etag of the azure resource
Supporting Types
AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs
- Action
Configuration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action Action Configuration - The configuration of the modify properties automation rule action
- Order int
- The order of execution of the automation rule action
- Action
Configuration AutomationRule Modify Properties Action Action Configuration - The configuration of the modify properties automation rule action
- Order int
- The order of execution of the automation rule action
- action
Configuration AutomationRule Modify Properties Action Action Configuration - The configuration of the modify properties automation rule action
- order Integer
- The order of execution of the automation rule action
- action
Configuration AutomationRule Modify Properties Action Action Configuration - The configuration of the modify properties automation rule action
- order number
- The order of execution of the automation rule action
- action_
configuration AutomationRule Modify Properties Action Action Configuration - The configuration of the modify properties automation rule action
- order int
- The order of execution of the automation rule action
- action
Configuration Property Map - The configuration of the modify properties automation rule action
- order Number
- The order of execution of the automation rule action
AutomationRuleModifyPropertiesActionActionConfiguration, AutomationRuleModifyPropertiesActionActionConfigurationArgs
- Classification
string | Pulumi.
Azure Native. Security Insights. Incident Classification - The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string | Pulumi.Azure Native. Security Insights. Incident Classification Reason - The classification reason to close the incident with
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label> - List of labels to add to the incident
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info - Describes a user that the incident is assigned to
- Severity
string | Pulumi.
Azure Native. Security Insights. Incident Severity - The severity of the incident
- Status
string | Pulumi.
Azure Native. Security Insights. Incident Status - The status of the incident
- Classification
string | Incident
Classification - The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string | IncidentClassification Reason - The classification reason to close the incident with
- Labels
[]Incident
Label - List of labels to add to the incident
- Owner
Incident
Owner Info - Describes a user that the incident is assigned to
- Severity
string | Incident
Severity - The severity of the incident
- Status
string | Incident
Status - The status of the incident
- classification
String | Incident
Classification - The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String | IncidentClassification Reason - The classification reason to close the incident with
- labels
List<Incident
Label> - List of labels to add to the incident
- owner
Incident
Owner Info - Describes a user that the incident is assigned to
- severity
String | Incident
Severity - The severity of the incident
- status
String | Incident
Status - The status of the incident
- classification
string | Incident
Classification - The reason the incident was closed
- classification
Comment string - Describes the reason the incident was closed
- classification
Reason string | IncidentClassification Reason - The classification reason to close the incident with
- labels
Incident
Label[] - List of labels to add to the incident
- owner
Incident
Owner Info - Describes a user that the incident is assigned to
- severity
string | Incident
Severity - The severity of the incident
- status
string | Incident
Status - The status of the incident
- classification
str | Incident
Classification - The reason the incident was closed
- classification_
comment str - Describes the reason the incident was closed
- classification_
reason str | IncidentClassification Reason - The classification reason to close the incident with
- labels
Sequence[Incident
Label] - List of labels to add to the incident
- owner
Incident
Owner Info - Describes a user that the incident is assigned to
- severity
str | Incident
Severity - The severity of the incident
- status
str | Incident
Status - The status of the incident
- classification
String | "Undetermined" | "True
Positive" | "Benign Positive" | "False Positive" - The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String | "SuspiciousActivity" | "Suspicious But Expected" | "Incorrect Alert Logic" | "Inaccurate Data" - The classification reason to close the incident with
- labels List<Property Map>
- List of labels to add to the incident
- owner Property Map
- Describes a user that the incident is assigned to
- severity String | "High" | "Medium" | "Low" | "Informational"
- The severity of the incident
- status String | "New" | "Active" | "Closed"
- The status of the incident
AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs
- Action
Configuration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action Response Action Configuration - The configuration of the modify properties automation rule action
- Order int
- The order of execution of the automation rule action
- Action
Configuration AutomationRule Modify Properties Action Response Action Configuration - The configuration of the modify properties automation rule action
- Order int
- The order of execution of the automation rule action
- action
Configuration AutomationRule Modify Properties Action Response Action Configuration - The configuration of the modify properties automation rule action
- order Integer
- The order of execution of the automation rule action
- action
Configuration AutomationRule Modify Properties Action Response Action Configuration - The configuration of the modify properties automation rule action
- order number
- The order of execution of the automation rule action
- action_
configuration AutomationRule Modify Properties Action Response Action Configuration - The configuration of the modify properties automation rule action
- order int
- The order of execution of the automation rule action
- action
Configuration Property Map - The configuration of the modify properties automation rule action
- order Number
- The order of execution of the automation rule action
AutomationRuleModifyPropertiesActionResponseActionConfiguration, AutomationRuleModifyPropertiesActionResponseActionConfigurationArgs
- Classification string
- The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string - The classification reason to close the incident with
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label Response> - List of labels to add to the incident
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info Response - Describes a user that the incident is assigned to
- Severity string
- The severity of the incident
- Status string
- The status of the incident
- Classification string
- The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string - The classification reason to close the incident with
- Labels
[]Incident
Label Response - List of labels to add to the incident
- Owner
Incident
Owner Info Response - Describes a user that the incident is assigned to
- Severity string
- The severity of the incident
- Status string
- The status of the incident
- classification String
- The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String - The classification reason to close the incident with
- labels
List<Incident
Label Response> - List of labels to add to the incident
- owner
Incident
Owner Info Response - Describes a user that the incident is assigned to
- severity String
- The severity of the incident
- status String
- The status of the incident
- classification string
- The reason the incident was closed
- classification
Comment string - Describes the reason the incident was closed
- classification
Reason string - The classification reason to close the incident with
- labels
Incident
Label Response[] - List of labels to add to the incident
- owner
Incident
Owner Info Response - Describes a user that the incident is assigned to
- severity string
- The severity of the incident
- status string
- The status of the incident
- classification str
- The reason the incident was closed
- classification_
comment str - Describes the reason the incident was closed
- classification_
reason str - The classification reason to close the incident with
- labels
Sequence[Incident
Label Response] - List of labels to add to the incident
- owner
Incident
Owner Info Response - Describes a user that the incident is assigned to
- severity str
- The severity of the incident
- status str
- The status of the incident
- classification String
- The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String - The classification reason to close the incident with
- labels List<Property Map>
- List of labels to add to the incident
- owner Property Map
- Describes a user that the incident is assigned to
- severity String
- The severity of the incident
- status String
- The status of the incident
AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs
- Equals
Value - EqualsEvaluates if the property equals at least one of the condition values
- Not
Equals - NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- Not
Contains - NotContainsEvaluates if the property does not contain any of the condition values
- Starts
With - StartsWithEvaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWithEvaluates if the property does not start with any of the condition values
- Ends
With - EndsWithEvaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWithEvaluates if the property does not end with any of the condition values
- Automation
Rule Property Condition Supported Operator Equals - EqualsEvaluates if the property equals at least one of the condition values
- Automation
Rule Property Condition Supported Operator Not Equals - NotEqualsEvaluates if the property does not equal any of the condition values
- Automation
Rule Property Condition Supported Operator Contains - ContainsEvaluates if the property contains at least one of the condition values
- Automation
Rule Property Condition Supported Operator Not Contains - NotContainsEvaluates if the property does not contain any of the condition values
- Automation
Rule Property Condition Supported Operator Starts With - StartsWithEvaluates if the property starts with any of the condition values
- Automation
Rule Property Condition Supported Operator Not Starts With - NotStartsWithEvaluates if the property does not start with any of the condition values
- Automation
Rule Property Condition Supported Operator Ends With - EndsWithEvaluates if the property ends with any of the condition values
- Automation
Rule Property Condition Supported Operator Not Ends With - NotEndsWithEvaluates if the property does not end with any of the condition values
- Equals
- EqualsEvaluates if the property equals at least one of the condition values
- Not
Equals - NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- Not
Contains - NotContainsEvaluates if the property does not contain any of the condition values
- Starts
With - StartsWithEvaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWithEvaluates if the property does not start with any of the condition values
- Ends
With - EndsWithEvaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWithEvaluates if the property does not end with any of the condition values
- Equals
- EqualsEvaluates if the property equals at least one of the condition values
- Not
Equals - NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- Not
Contains - NotContainsEvaluates if the property does not contain any of the condition values
- Starts
With - StartsWithEvaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWithEvaluates if the property does not start with any of the condition values
- Ends
With - EndsWithEvaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWithEvaluates if the property does not end with any of the condition values
- EQUALS
- EqualsEvaluates if the property equals at least one of the condition values
- NOT_EQUALS
- NotEqualsEvaluates if the property does not equal any of the condition values
- CONTAINS
- ContainsEvaluates if the property contains at least one of the condition values
- NOT_CONTAINS
- NotContainsEvaluates if the property does not contain any of the condition values
- STARTS_WITH
- StartsWithEvaluates if the property starts with any of the condition values
- NOT_STARTS_WITH
- NotStartsWithEvaluates if the property does not start with any of the condition values
- ENDS_WITH
- EndsWithEvaluates if the property ends with any of the condition values
- NOT_ENDS_WITH
- NotEndsWithEvaluates if the property does not end with any of the condition values
- "Equals"
- EqualsEvaluates if the property equals at least one of the condition values
- "Not
Equals" - NotEqualsEvaluates if the property does not equal any of the condition values
- "Contains"
- ContainsEvaluates if the property contains at least one of the condition values
- "Not
Contains" - NotContainsEvaluates if the property does not contain any of the condition values
- "Starts
With" - StartsWithEvaluates if the property starts with any of the condition values
- "Not
Starts With" - NotStartsWithEvaluates if the property does not start with any of the condition values
- "Ends
With" - EndsWithEvaluates if the property ends with any of the condition values
- "Not
Ends With" - NotEndsWithEvaluates if the property does not end with any of the condition values
AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs
- Incident
Title - IncidentTitleThe title of the incident
- Incident
Description - IncidentDescriptionThe description of the incident
- Incident
Severity - IncidentSeverityThe severity of the incident
- Incident
Status - IncidentStatusThe status of the incident
- Incident
Tactics - IncidentTacticsThe tactics of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- Incident
Provider Name - IncidentProviderNameThe provider name of the incident
- Account
Aad Tenant Id - AccountAadTenantIdThe account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserIdThe account Azure Active Directory user id.
- Account
Name - AccountNameThe account name
- Account
NTDomain - AccountNTDomainThe account NetBIOS domain name
- Account
PUID - AccountPUIDThe account Azure Active Directory Passport User ID
- Account
Sid - AccountSidThe account security identifier
- Account
Object Guid - AccountObjectGuidThe account unique identifier
- Account
UPNSuffix - AccountUPNSuffixThe account user principal name suffix
- Azure
Resource Resource Id - AzureResourceResourceIdThe Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionIdThe Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppIdThe cloud application identifier
- Cloud
Application App Name - CloudApplicationAppNameThe cloud application name
- DNSDomain
Name - DNSDomainNameThe dns record domain name
- File
Directory - FileDirectoryThe file directory full path
- File
Name - FileNameThe file name without path
- File
Hash Value - FileHashValueThe file hash value
- Host
Azure ID - HostAzureIDThe host Azure resource id
- Host
Name - HostNameThe host name without domain
- Host
Net Bios Name - HostNetBiosNameThe host NetBIOS name
- Host
NTDomain - HostNTDomainThe host NT domain
- Host
OSVersion - HostOSVersionThe host operating system
- Io
TDevice Id - IoTDeviceIdThe IoT device id
- Io
TDevice Name - IoTDeviceNameThe IoT device name
- Io
TDevice Type - IoTDeviceTypeThe IoT device type
- Io
TDevice Vendor - IoTDeviceVendorThe IoT device vendor
- Io
TDevice Model - IoTDeviceModelThe IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- Mailbox
Display Name - MailboxDisplayNameThe mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddressThe mailbox primary address
- Mailbox
UPN - MailboxUPNThe mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryActionThe mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocationThe mail message delivery location
- Mail
Message Recipient - MailMessageRecipientThe mail message recipient
- Mail
Message Sender IP - MailMessageSenderIPThe mail message sender IP address
- Mail
Message Subject - MailMessageSubjectThe mail message subject
- Mail
Message P1Sender - MailMessageP1SenderThe mail message P1 sender
- Mail
Message P2Sender - MailMessageP2SenderThe mail message P2 sender
- Malware
Category - MalwareCategoryThe malware category
- Malware
Name - MalwareNameThe malware name
- Process
Command Line - ProcessCommandLineThe process execution command line
- Process
Id - ProcessIdThe process id
- Registry
Key - RegistryKeyThe registry key path
- Registry
Value Data - RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- Automation
Rule Property Condition Supported Property Incident Title - IncidentTitleThe title of the incident
- Automation
Rule Property Condition Supported Property Incident Description - IncidentDescriptionThe description of the incident
- Automation
Rule Property Condition Supported Property Incident Severity - IncidentSeverityThe severity of the incident
- Automation
Rule Property Condition Supported Property Incident Status - IncidentStatusThe status of the incident
- Automation
Rule Property Condition Supported Property Incident Tactics - IncidentTacticsThe tactics of the incident
- Automation
Rule Property Condition Supported Property Incident Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- Automation
Rule Property Condition Supported Property Incident Provider Name - IncidentProviderNameThe provider name of the incident
- Automation
Rule Property Condition Supported Property Account Aad Tenant Id - AccountAadTenantIdThe account Azure Active Directory tenant id
- Automation
Rule Property Condition Supported Property Account Aad User Id - AccountAadUserIdThe account Azure Active Directory user id.
- Automation
Rule Property Condition Supported Property Account Name - AccountNameThe account name
- Automation
Rule Property Condition Supported Property Account NTDomain - AccountNTDomainThe account NetBIOS domain name
- Automation
Rule Property Condition Supported Property Account PUID - AccountPUIDThe account Azure Active Directory Passport User ID
- Automation
Rule Property Condition Supported Property Account Sid - AccountSidThe account security identifier
- Automation
Rule Property Condition Supported Property Account Object Guid - AccountObjectGuidThe account unique identifier
- Automation
Rule Property Condition Supported Property Account UPNSuffix - AccountUPNSuffixThe account user principal name suffix
- Automation
Rule Property Condition Supported Property Azure Resource Resource Id - AzureResourceResourceIdThe Azure resource id
- Automation
Rule Property Condition Supported Property Azure Resource Subscription Id - AzureResourceSubscriptionIdThe Azure resource subscription id
- Automation
Rule Property Condition Supported Property Cloud Application App Id - CloudApplicationAppIdThe cloud application identifier
- Automation
Rule Property Condition Supported Property Cloud Application App Name - CloudApplicationAppNameThe cloud application name
- Automation
Rule Property Condition Supported Property DNSDomain Name - DNSDomainNameThe dns record domain name
- Automation
Rule Property Condition Supported Property File Directory - FileDirectoryThe file directory full path
- Automation
Rule Property Condition Supported Property File Name - FileNameThe file name without path
- Automation
Rule Property Condition Supported Property File Hash Value - FileHashValueThe file hash value
- Automation
Rule Property Condition Supported Property Host Azure ID - HostAzureIDThe host Azure resource id
- Automation
Rule Property Condition Supported Property Host Name - HostNameThe host name without domain
- Automation
Rule Property Condition Supported Property Host Net Bios Name - HostNetBiosNameThe host NetBIOS name
- Automation
Rule Property Condition Supported Property Host NTDomain - HostNTDomainThe host NT domain
- Automation
Rule Property Condition Supported Property Host OSVersion - HostOSVersionThe host operating system
- Automation
Rule Property Condition Supported Property Io TDevice Id - IoTDeviceIdThe IoT device id
- Automation
Rule Property Condition Supported Property Io TDevice Name - IoTDeviceNameThe IoT device name
- Automation
Rule Property Condition Supported Property Io TDevice Type - IoTDeviceTypeThe IoT device type
- Automation
Rule Property Condition Supported Property Io TDevice Vendor - IoTDeviceVendorThe IoT device vendor
- Automation
Rule Property Condition Supported Property Io TDevice Model - IoTDeviceModelThe IoT device model
- Automation
Rule Property Condition Supported Property Io TDevice Operating System - IoTDeviceOperatingSystemThe IoT device operating system
- Automation
Rule Property Condition Supported Property IPAddress - IPAddressThe IP address
- Automation
Rule Property Condition Supported Property Mailbox Display Name - MailboxDisplayNameThe mailbox display name
- Automation
Rule Property Condition Supported Property Mailbox Primary Address - MailboxPrimaryAddressThe mailbox primary address
- Automation
Rule Property Condition Supported Property Mailbox UPN - MailboxUPNThe mailbox user principal name
- Automation
Rule Property Condition Supported Property Mail Message Delivery Action - MailMessageDeliveryActionThe mail message delivery action
- Automation
Rule Property Condition Supported Property Mail Message Delivery Location - MailMessageDeliveryLocationThe mail message delivery location
- Automation
Rule Property Condition Supported Property Mail Message Recipient - MailMessageRecipientThe mail message recipient
- Automation
Rule Property Condition Supported Property Mail Message Sender IP - MailMessageSenderIPThe mail message sender IP address
- Automation
Rule Property Condition Supported Property Mail Message Subject - MailMessageSubjectThe mail message subject
- Automation
Rule Property Condition Supported Property Mail Message P1Sender - MailMessageP1SenderThe mail message P1 sender
- Automation
Rule Property Condition Supported Property Mail Message P2Sender - MailMessageP2SenderThe mail message P2 sender
- Automation
Rule Property Condition Supported Property Malware Category - MalwareCategoryThe malware category
- Automation
Rule Property Condition Supported Property Malware Name - MalwareNameThe malware name
- Automation
Rule Property Condition Supported Property Process Command Line - ProcessCommandLineThe process execution command line
- Automation
Rule Property Condition Supported Property Process Id - ProcessIdThe process id
- Automation
Rule Property Condition Supported Property Registry Key - RegistryKeyThe registry key path
- Automation
Rule Property Condition Supported Property Registry Value Data - RegistryValueDataThe registry key value in string formatted representation
- Automation
Rule Property Condition Supported Property Url - UrlThe url
- Incident
Title - IncidentTitleThe title of the incident
- Incident
Description - IncidentDescriptionThe description of the incident
- Incident
Severity - IncidentSeverityThe severity of the incident
- Incident
Status - IncidentStatusThe status of the incident
- Incident
Tactics - IncidentTacticsThe tactics of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- Incident
Provider Name - IncidentProviderNameThe provider name of the incident
- Account
Aad Tenant Id - AccountAadTenantIdThe account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserIdThe account Azure Active Directory user id.
- Account
Name - AccountNameThe account name
- Account
NTDomain - AccountNTDomainThe account NetBIOS domain name
- Account
PUID - AccountPUIDThe account Azure Active Directory Passport User ID
- Account
Sid - AccountSidThe account security identifier
- Account
Object Guid - AccountObjectGuidThe account unique identifier
- Account
UPNSuffix - AccountUPNSuffixThe account user principal name suffix
- Azure
Resource Resource Id - AzureResourceResourceIdThe Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionIdThe Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppIdThe cloud application identifier
- Cloud
Application App Name - CloudApplicationAppNameThe cloud application name
- DNSDomain
Name - DNSDomainNameThe dns record domain name
- File
Directory - FileDirectoryThe file directory full path
- File
Name - FileNameThe file name without path
- File
Hash Value - FileHashValueThe file hash value
- Host
Azure ID - HostAzureIDThe host Azure resource id
- Host
Name - HostNameThe host name without domain
- Host
Net Bios Name - HostNetBiosNameThe host NetBIOS name
- Host
NTDomain - HostNTDomainThe host NT domain
- Host
OSVersion - HostOSVersionThe host operating system
- Io
TDevice Id - IoTDeviceIdThe IoT device id
- Io
TDevice Name - IoTDeviceNameThe IoT device name
- Io
TDevice Type - IoTDeviceTypeThe IoT device type
- Io
TDevice Vendor - IoTDeviceVendorThe IoT device vendor
- Io
TDevice Model - IoTDeviceModelThe IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- Mailbox
Display Name - MailboxDisplayNameThe mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddressThe mailbox primary address
- Mailbox
UPN - MailboxUPNThe mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryActionThe mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocationThe mail message delivery location
- Mail
Message Recipient - MailMessageRecipientThe mail message recipient
- Mail
Message Sender IP - MailMessageSenderIPThe mail message sender IP address
- Mail
Message Subject - MailMessageSubjectThe mail message subject
- Mail
Message P1Sender - MailMessageP1SenderThe mail message P1 sender
- Mail
Message P2Sender - MailMessageP2SenderThe mail message P2 sender
- Malware
Category - MalwareCategoryThe malware category
- Malware
Name - MalwareNameThe malware name
- Process
Command Line - ProcessCommandLineThe process execution command line
- Process
Id - ProcessIdThe process id
- Registry
Key - RegistryKeyThe registry key path
- Registry
Value Data - RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- Incident
Title - IncidentTitleThe title of the incident
- Incident
Description - IncidentDescriptionThe description of the incident
- Incident
Severity - IncidentSeverityThe severity of the incident
- Incident
Status - IncidentStatusThe status of the incident
- Incident
Tactics - IncidentTacticsThe tactics of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- Incident
Provider Name - IncidentProviderNameThe provider name of the incident
- Account
Aad Tenant Id - AccountAadTenantIdThe account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserIdThe account Azure Active Directory user id.
- Account
Name - AccountNameThe account name
- Account
NTDomain - AccountNTDomainThe account NetBIOS domain name
- Account
PUID - AccountPUIDThe account Azure Active Directory Passport User ID
- Account
Sid - AccountSidThe account security identifier
- Account
Object Guid - AccountObjectGuidThe account unique identifier
- Account
UPNSuffix - AccountUPNSuffixThe account user principal name suffix
- Azure
Resource Resource Id - AzureResourceResourceIdThe Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionIdThe Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppIdThe cloud application identifier
- Cloud
Application App Name - CloudApplicationAppNameThe cloud application name
- DNSDomain
Name - DNSDomainNameThe dns record domain name
- File
Directory - FileDirectoryThe file directory full path
- File
Name - FileNameThe file name without path
- File
Hash Value - FileHashValueThe file hash value
- Host
Azure ID - HostAzureIDThe host Azure resource id
- Host
Name - HostNameThe host name without domain
- Host
Net Bios Name - HostNetBiosNameThe host NetBIOS name
- Host
NTDomain - HostNTDomainThe host NT domain
- Host
OSVersion - HostOSVersionThe host operating system
- Io
TDevice Id - IoTDeviceIdThe IoT device id
- Io
TDevice Name - IoTDeviceNameThe IoT device name
- Io
TDevice Type - IoTDeviceTypeThe IoT device type
- Io
TDevice Vendor - IoTDeviceVendorThe IoT device vendor
- Io
TDevice Model - IoTDeviceModelThe IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- Mailbox
Display Name - MailboxDisplayNameThe mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddressThe mailbox primary address
- Mailbox
UPN - MailboxUPNThe mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryActionThe mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocationThe mail message delivery location
- Mail
Message Recipient - MailMessageRecipientThe mail message recipient
- Mail
Message Sender IP - MailMessageSenderIPThe mail message sender IP address
- Mail
Message Subject - MailMessageSubjectThe mail message subject
- Mail
Message P1Sender - MailMessageP1SenderThe mail message P1 sender
- Mail
Message P2Sender - MailMessageP2SenderThe mail message P2 sender
- Malware
Category - MalwareCategoryThe malware category
- Malware
Name - MalwareNameThe malware name
- Process
Command Line - ProcessCommandLineThe process execution command line
- Process
Id - ProcessIdThe process id
- Registry
Key - RegistryKeyThe registry key path
- Registry
Value Data - RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- INCIDENT_TITLE
- IncidentTitleThe title of the incident
- INCIDENT_DESCRIPTION
- IncidentDescriptionThe description of the incident
- INCIDENT_SEVERITY
- IncidentSeverityThe severity of the incident
- INCIDENT_STATUS
- IncidentStatusThe status of the incident
- INCIDENT_TACTICS
- IncidentTacticsThe tactics of the incident
- INCIDENT_RELATED_ANALYTIC_RULE_IDS
- IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- INCIDENT_PROVIDER_NAME
- IncidentProviderNameThe provider name of the incident
- ACCOUNT_AAD_TENANT_ID
- AccountAadTenantIdThe account Azure Active Directory tenant id
- ACCOUNT_AAD_USER_ID
- AccountAadUserIdThe account Azure Active Directory user id.
- ACCOUNT_NAME
- AccountNameThe account name
- ACCOUNT_NT_DOMAIN
- AccountNTDomainThe account NetBIOS domain name
- ACCOUNT_PUID
- AccountPUIDThe account Azure Active Directory Passport User ID
- ACCOUNT_SID
- AccountSidThe account security identifier
- ACCOUNT_OBJECT_GUID
- AccountObjectGuidThe account unique identifier
- ACCOUNT_UPN_SUFFIX
- AccountUPNSuffixThe account user principal name suffix
- AZURE_RESOURCE_RESOURCE_ID
- AzureResourceResourceIdThe Azure resource id
- AZURE_RESOURCE_SUBSCRIPTION_ID
- AzureResourceSubscriptionIdThe Azure resource subscription id
- CLOUD_APPLICATION_APP_ID
- CloudApplicationAppIdThe cloud application identifier
- CLOUD_APPLICATION_APP_NAME
- CloudApplicationAppNameThe cloud application name
- DNS_DOMAIN_NAME
- DNSDomainNameThe dns record domain name
- FILE_DIRECTORY
- FileDirectoryThe file directory full path
- FILE_NAME
- FileNameThe file name without path
- FILE_HASH_VALUE
- FileHashValueThe file hash value
- HOST_AZURE_ID
- HostAzureIDThe host Azure resource id
- HOST_NAME
- HostNameThe host name without domain
- HOST_NET_BIOS_NAME
- HostNetBiosNameThe host NetBIOS name
- HOST_NT_DOMAIN
- HostNTDomainThe host NT domain
- HOST_OS_VERSION
- HostOSVersionThe host operating system
- IO_T_DEVICE_ID
- IoTDeviceIdThe IoT device id
- IO_T_DEVICE_NAME
- IoTDeviceNameThe IoT device name
- IO_T_DEVICE_TYPE
- IoTDeviceTypeThe IoT device type
- IO_T_DEVICE_VENDOR
- IoTDeviceVendorThe IoT device vendor
- IO_T_DEVICE_MODEL
- IoTDeviceModelThe IoT device model
- IO_T_DEVICE_OPERATING_SYSTEM
- IoTDeviceOperatingSystemThe IoT device operating system
- IP_ADDRESS
- IPAddressThe IP address
- MAILBOX_DISPLAY_NAME
- MailboxDisplayNameThe mailbox display name
- MAILBOX_PRIMARY_ADDRESS
- MailboxPrimaryAddressThe mailbox primary address
- MAILBOX_UPN
- MailboxUPNThe mailbox user principal name
- MAIL_MESSAGE_DELIVERY_ACTION
- MailMessageDeliveryActionThe mail message delivery action
- MAIL_MESSAGE_DELIVERY_LOCATION
- MailMessageDeliveryLocationThe mail message delivery location
- MAIL_MESSAGE_RECIPIENT
- MailMessageRecipientThe mail message recipient
- MAIL_MESSAGE_SENDER_IP
- MailMessageSenderIPThe mail message sender IP address
- MAIL_MESSAGE_SUBJECT
- MailMessageSubjectThe mail message subject
- MAIL_MESSAGE_P1_SENDER
- MailMessageP1SenderThe mail message P1 sender
- MAIL_MESSAGE_P2_SENDER
- MailMessageP2SenderThe mail message P2 sender
- MALWARE_CATEGORY
- MalwareCategoryThe malware category
- MALWARE_NAME
- MalwareNameThe malware name
- PROCESS_COMMAND_LINE
- ProcessCommandLineThe process execution command line
- PROCESS_ID
- ProcessIdThe process id
- REGISTRY_KEY
- RegistryKeyThe registry key path
- REGISTRY_VALUE_DATA
- RegistryValueDataThe registry key value in string formatted representation
- URL
- UrlThe url
- "Incident
Title" - IncidentTitleThe title of the incident
- "Incident
Description" - IncidentDescriptionThe description of the incident
- "Incident
Severity" - IncidentSeverityThe severity of the incident
- "Incident
Status" - IncidentStatusThe status of the incident
- "Incident
Tactics" - IncidentTacticsThe tactics of the incident
- "Incident
Related Analytic Rule Ids" - IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- "Incident
Provider Name" - IncidentProviderNameThe provider name of the incident
- "Account
Aad Tenant Id" - AccountAadTenantIdThe account Azure Active Directory tenant id
- "Account
Aad User Id" - AccountAadUserIdThe account Azure Active Directory user id.
- "Account
Name" - AccountNameThe account name
- "Account
NTDomain" - AccountNTDomainThe account NetBIOS domain name
- "Account
PUID" - AccountPUIDThe account Azure Active Directory Passport User ID
- "Account
Sid" - AccountSidThe account security identifier
- "Account
Object Guid" - AccountObjectGuidThe account unique identifier
- "Account
UPNSuffix" - AccountUPNSuffixThe account user principal name suffix
- "Azure
Resource Resource Id" - AzureResourceResourceIdThe Azure resource id
- "Azure
Resource Subscription Id" - AzureResourceSubscriptionIdThe Azure resource subscription id
- "Cloud
Application App Id" - CloudApplicationAppIdThe cloud application identifier
- "Cloud
Application App Name" - CloudApplicationAppNameThe cloud application name
- "DNSDomain
Name" - DNSDomainNameThe dns record domain name
- "File
Directory" - FileDirectoryThe file directory full path
- "File
Name" - FileNameThe file name without path
- "File
Hash Value" - FileHashValueThe file hash value
- "Host
Azure ID" - HostAzureIDThe host Azure resource id
- "Host
Name" - HostNameThe host name without domain
- "Host
Net Bios Name" - HostNetBiosNameThe host NetBIOS name
- "Host
NTDomain" - HostNTDomainThe host NT domain
- "Host
OSVersion" - HostOSVersionThe host operating system
- "Io
TDevice Id" - IoTDeviceIdThe IoT device id
- "Io
TDevice Name" - IoTDeviceNameThe IoT device name
- "Io
TDevice Type" - IoTDeviceTypeThe IoT device type
- "Io
TDevice Vendor" - IoTDeviceVendorThe IoT device vendor
- "Io
TDevice Model" - IoTDeviceModelThe IoT device model
- "Io
TDevice Operating System" - IoTDeviceOperatingSystemThe IoT device operating system
- "IPAddress"
- IPAddressThe IP address
- "Mailbox
Display Name" - MailboxDisplayNameThe mailbox display name
- "Mailbox
Primary Address" - MailboxPrimaryAddressThe mailbox primary address
- "Mailbox
UPN" - MailboxUPNThe mailbox user principal name
- "Mail
Message Delivery Action" - MailMessageDeliveryActionThe mail message delivery action
- "Mail
Message Delivery Location" - MailMessageDeliveryLocationThe mail message delivery location
- "Mail
Message Recipient" - MailMessageRecipientThe mail message recipient
- "Mail
Message Sender IP" - MailMessageSenderIPThe mail message sender IP address
- "Mail
Message Subject" - MailMessageSubjectThe mail message subject
- "Mail
Message P1Sender" - MailMessageP1SenderThe mail message P1 sender
- "Mail
Message P2Sender" - MailMessageP2SenderThe mail message P2 sender
- "Malware
Category" - MalwareCategoryThe malware category
- "Malware
Name" - MalwareNameThe malware name
- "Process
Command Line" - ProcessCommandLineThe process execution command line
- "Process
Id" - ProcessIdThe process id
- "Registry
Key" - RegistryKeyThe registry key path
- "Registry
Value Data" - RegistryValueDataThe registry key value in string formatted representation
- "Url"
- UrlThe url
AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs
- Condition
Properties Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Condition Properties - The configuration of the automation rule condition
- Condition
Properties AutomationRule Property Values Condition Condition Properties - The configuration of the automation rule condition
- condition
Properties AutomationRule Property Values Condition Condition Properties - The configuration of the automation rule condition
- condition
Properties AutomationRule Property Values Condition Condition Properties - The configuration of the automation rule condition
- condition_
properties AutomationRule Property Values Condition Condition Properties - The configuration of the automation rule condition
- condition
Properties Property Map - The configuration of the automation rule condition
AutomationRulePropertyValuesConditionConditionProperties, AutomationRulePropertyValuesConditionConditionPropertiesArgs
- Operator
string | Pulumi.
Azure Native. Security Insights. Automation Rule Property Condition Supported Operator - The operator to use for evaluation the condition
- Property
Name string | Pulumi.Azure Native. Security Insights. Automation Rule Property Condition Supported Property - The property to evaluate
- Property
Values List<string> - The values to use for evaluating the condition
- Operator
string | Automation
Rule Property Condition Supported Operator - The operator to use for evaluation the condition
- Property
Name string | AutomationRule Property Condition Supported Property - The property to evaluate
- Property
Values []string - The values to use for evaluating the condition
- operator
String | Automation
Rule Property Condition Supported Operator - The operator to use for evaluation the condition
- property
Name String | AutomationRule Property Condition Supported Property - The property to evaluate
- property
Values List<String> - The values to use for evaluating the condition
- operator
string | Automation
Rule Property Condition Supported Operator - The operator to use for evaluation the condition
- property
Name string | AutomationRule Property Condition Supported Property - The property to evaluate
- property
Values string[] - The values to use for evaluating the condition
- operator
str | Automation
Rule Property Condition Supported Operator - The operator to use for evaluation the condition
- property_
name str | AutomationRule Property Condition Supported Property - The property to evaluate
- property_
values Sequence[str] - The values to use for evaluating the condition
- operator
String | "Equals" | "Not
Equals" | "Contains" | "Not Contains" | "Starts With" | "Not Starts With" | "Ends With" | "Not Ends With" - The operator to use for evaluation the condition
- property
Name String | "IncidentTitle" | "Incident Description" | "Incident Severity" | "Incident Status" | "Incident Tactics" | "Incident Related Analytic Rule Ids" | "Incident Provider Name" | "Account Aad Tenant Id" | "Account Aad User Id" | "Account Name" | "Account NTDomain" | "Account PUID" | "Account Sid" | "Account Object Guid" | "Account UPNSuffix" | "Azure Resource Resource Id" | "Azure Resource Subscription Id" | "Cloud Application App Id" | "Cloud Application App Name" | "DNSDomain Name" | "File Directory" | "File Name" | "File Hash Value" | "Host Azure ID" | "Host Name" | "Host Net Bios Name" | "Host NTDomain" | "Host OSVersion" | "Io TDevice Id" | "Io TDevice Name" | "Io TDevice Type" | "Io TDevice Vendor" | "Io TDevice Model" | "Io TDevice Operating System" | "IPAddress" | "Mailbox Display Name" | "Mailbox Primary Address" | "Mailbox UPN" | "Mail Message Delivery Action" | "Mail Message Delivery Location" | "Mail Message Recipient" | "Mail Message Sender IP" | "Mail Message Subject" | "Mail Message P1Sender" | "Mail Message P2Sender" | "Malware Category" | "Malware Name" | "Process Command Line" | "Process Id" | "Registry Key" | "Registry Value Data" | "Url" - The property to evaluate
- property
Values List<String> - The values to use for evaluating the condition
AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs
- Condition
Properties Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Response Condition Properties - The configuration of the automation rule condition
- Condition
Properties AutomationRule Property Values Condition Response Condition Properties - The configuration of the automation rule condition
- condition
Properties AutomationRule Property Values Condition Response Condition Properties - The configuration of the automation rule condition
- condition
Properties AutomationRule Property Values Condition Response Condition Properties - The configuration of the automation rule condition
- condition_
properties AutomationRule Property Values Condition Response Condition Properties - The configuration of the automation rule condition
- condition
Properties Property Map - The configuration of the automation rule condition
AutomationRulePropertyValuesConditionResponseConditionProperties, AutomationRulePropertyValuesConditionResponseConditionPropertiesArgs
- Operator string
- The operator to use for evaluation the condition
- Property
Name string - The property to evaluate
- Property
Values List<string> - The values to use for evaluating the condition
- Operator string
- The operator to use for evaluation the condition
- Property
Name string - The property to evaluate
- Property
Values []string - The values to use for evaluating the condition
- operator String
- The operator to use for evaluation the condition
- property
Name String - The property to evaluate
- property
Values List<String> - The values to use for evaluating the condition
- operator string
- The operator to use for evaluation the condition
- property
Name string - The property to evaluate
- property
Values string[] - The values to use for evaluating the condition
- operator str
- The operator to use for evaluation the condition
- property_
name str - The property to evaluate
- property_
values Sequence[str] - The values to use for evaluating the condition
- operator String
- The operator to use for evaluation the condition
- property
Name String - The property to evaluate
- property
Values List<String> - The values to use for evaluating the condition
AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs
- Action
Configuration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Action Configuration - The configuration of the run playbook automation rule action
- Order int
- The order of execution of the automation rule action
- Action
Configuration AutomationRule Run Playbook Action Action Configuration - The configuration of the run playbook automation rule action
- Order int
- The order of execution of the automation rule action
- action
Configuration AutomationRule Run Playbook Action Action Configuration - The configuration of the run playbook automation rule action
- order Integer
- The order of execution of the automation rule action
- action
Configuration AutomationRule Run Playbook Action Action Configuration - The configuration of the run playbook automation rule action
- order number
- The order of execution of the automation rule action
- action_
configuration AutomationRule Run Playbook Action Action Configuration - The configuration of the run playbook automation rule action
- order int
- The order of execution of the automation rule action
- action
Configuration Property Map - The configuration of the run playbook automation rule action
- order Number
- The order of execution of the automation rule action
AutomationRuleRunPlaybookActionActionConfiguration, AutomationRuleRunPlaybookActionActionConfigurationArgs
- Logic
App stringResource Id - The resource id of the playbook resource
- Tenant
Id string - The tenant id of the playbook resource
- Logic
App stringResource Id - The resource id of the playbook resource
- Tenant
Id string - The tenant id of the playbook resource
- logic
App StringResource Id - The resource id of the playbook resource
- tenant
Id String - The tenant id of the playbook resource
- logic
App stringResource Id - The resource id of the playbook resource
- tenant
Id string - The tenant id of the playbook resource
- logic_
app_ strresource_ id - The resource id of the playbook resource
- tenant_
id str - The tenant id of the playbook resource
- logic
App StringResource Id - The resource id of the playbook resource
- tenant
Id String - The tenant id of the playbook resource
AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs
- Action
Configuration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Response Action Configuration - The configuration of the run playbook automation rule action
- Order int
- The order of execution of the automation rule action
- Action
Configuration AutomationRule Run Playbook Action Response Action Configuration - The configuration of the run playbook automation rule action
- Order int
- The order of execution of the automation rule action
- action
Configuration AutomationRule Run Playbook Action Response Action Configuration - The configuration of the run playbook automation rule action
- order Integer
- The order of execution of the automation rule action
- action
Configuration AutomationRule Run Playbook Action Response Action Configuration - The configuration of the run playbook automation rule action
- order number
- The order of execution of the automation rule action
- action_
configuration AutomationRule Run Playbook Action Response Action Configuration - The configuration of the run playbook automation rule action
- order int
- The order of execution of the automation rule action
- action
Configuration Property Map - The configuration of the run playbook automation rule action
- order Number
- The order of execution of the automation rule action
AutomationRuleRunPlaybookActionResponseActionConfiguration, AutomationRuleRunPlaybookActionResponseActionConfigurationArgs
- Logic
App stringResource Id - The resource id of the playbook resource
- Tenant
Id string - The tenant id of the playbook resource
- Logic
App stringResource Id - The resource id of the playbook resource
- Tenant
Id string - The tenant id of the playbook resource
- logic
App StringResource Id - The resource id of the playbook resource
- tenant
Id String - The tenant id of the playbook resource
- logic
App stringResource Id - The resource id of the playbook resource
- tenant
Id string - The tenant id of the playbook resource
- logic_
app_ strresource_ id - The resource id of the playbook resource
- tenant_
id str - The tenant id of the playbook resource
- logic
App StringResource Id - The resource id of the playbook resource
- tenant
Id String - The tenant id of the playbook resource
AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs
- Is
Enabled bool - Determines whether the automation rule is enabled or disabled.
- Triggers
On string | Pulumi.Azure Native. Security Insights. Triggers On - The type of object the automation rule triggers on
- Triggers
When string | Pulumi.Azure Native. Security Insights. Triggers When - The type of event the automation rule triggers on
- Conditions
List<Pulumi.
Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition> - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- Expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- Is
Enabled bool - Determines whether the automation rule is enabled or disabled.
- Triggers
On string | TriggersOn - The type of object the automation rule triggers on
- Triggers
When string | TriggersWhen - The type of event the automation rule triggers on
- Conditions
[]Automation
Rule Property Values Condition - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- Expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On String | TriggersOn - The type of object the automation rule triggers on
- triggers
When String | TriggersWhen - The type of event the automation rule triggers on
- conditions
List<Automation
Rule Property Values Condition> - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time StringUtc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On string | TriggersOn - The type of object the automation rule triggers on
- triggers
When string | TriggersWhen - The type of event the automation rule triggers on
- conditions
Automation
Rule Property Values Condition[] - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- is_
enabled bool - Determines whether the automation rule is enabled or disabled.
- triggers_
on str | TriggersOn - The type of object the automation rule triggers on
- triggers_
when str | TriggersWhen - The type of event the automation rule triggers on
- conditions
Sequence[Automation
Rule Property Values Condition] - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration_
time_ strutc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On String | "Incidents" - The type of object the automation rule triggers on
- triggers
When String | "Created" - The type of event the automation rule triggers on
- conditions List<Property Map>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time StringUtc - Determines when the automation rule should automatically expire and be disabled.
AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs
- Is
Enabled bool - Determines whether the automation rule is enabled or disabled.
- Triggers
On string - The type of object the automation rule triggers on
- Triggers
When string - The type of event the automation rule triggers on
- Conditions
List<Pulumi.
Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Response> - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- Expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- Is
Enabled bool - Determines whether the automation rule is enabled or disabled.
- Triggers
On string - The type of object the automation rule triggers on
- Triggers
When string - The type of event the automation rule triggers on
- Conditions
[]Automation
Rule Property Values Condition Response - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- Expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On String - The type of object the automation rule triggers on
- triggers
When String - The type of event the automation rule triggers on
- conditions
List<Automation
Rule Property Values Condition Response> - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time StringUtc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On string - The type of object the automation rule triggers on
- triggers
When string - The type of event the automation rule triggers on
- conditions
Automation
Rule Property Values Condition Response[] - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time stringUtc - Determines when the automation rule should automatically expire and be disabled.
- is_
enabled bool - Determines whether the automation rule is enabled or disabled.
- triggers_
on str - The type of object the automation rule triggers on
- triggers_
when str - The type of event the automation rule triggers on
- conditions
Sequence[Automation
Rule Property Values Condition Response] - The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration_
time_ strutc - Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean - Determines whether the automation rule is enabled or disabled.
- triggers
On String - The type of object the automation rule triggers on
- triggers
When String - The type of event the automation rule triggers on
- conditions List<Property Map>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time StringUtc - Determines when the automation rule should automatically expire and be disabled.
ClientInfoResponse, ClientInfoResponseArgs
- Email string
- The email of the client.
- Name string
- The name of the client.
- Object
Id string - The object id of the client.
- User
Principal stringName - The user principal name of the client.
- Email string
- The email of the client.
- Name string
- The name of the client.
- Object
Id string - The object id of the client.
- User
Principal stringName - The user principal name of the client.
- email String
- The email of the client.
- name String
- The name of the client.
- object
Id String - The object id of the client.
- user
Principal StringName - The user principal name of the client.
- email string
- The email of the client.
- name string
- The name of the client.
- object
Id string - The object id of the client.
- user
Principal stringName - The user principal name of the client.
- email str
- The email of the client.
- name str
- The name of the client.
- object_
id str - The object id of the client.
- user_
principal_ strname - The user principal name of the client.
- email String
- The email of the client.
- name String
- The name of the client.
- object
Id String - The object id of the client.
- user
Principal StringName - The user principal name of the client.
IncidentClassification, IncidentClassificationArgs
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- Incident
Classification Undetermined - UndeterminedIncident classification was undetermined
- Incident
Classification True Positive - TruePositiveIncident was true positive
- Incident
Classification Benign Positive - BenignPositiveIncident was benign positive
- Incident
Classification False Positive - FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- UNDETERMINED
- UndeterminedIncident classification was undetermined
- TRUE_POSITIVE
- TruePositiveIncident was true positive
- BENIGN_POSITIVE
- BenignPositiveIncident was benign positive
- FALSE_POSITIVE
- FalsePositiveIncident was false positive
- "Undetermined"
- UndeterminedIncident classification was undetermined
- "True
Positive" - TruePositiveIncident was true positive
- "Benign
Positive" - BenignPositiveIncident was benign positive
- "False
Positive" - FalsePositiveIncident was false positive
IncidentClassificationReason, IncidentClassificationReasonArgs
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- Incident
Classification Reason Suspicious Activity - SuspiciousActivityClassification reason was suspicious activity
- Incident
Classification Reason Suspicious But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incident
Classification Reason Incorrect Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Incident
Classification Reason Inaccurate Data - InaccurateDataClassification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- SUSPICIOUS_ACTIVITY
- SuspiciousActivityClassification reason was suspicious activity
- SUSPICIOUS_BUT_EXPECTED
- SuspiciousButExpectedClassification reason was suspicious but expected
- INCORRECT_ALERT_LOGIC
- IncorrectAlertLogicClassification reason was incorrect alert logic
- INACCURATE_DATA
- InaccurateDataClassification reason was inaccurate data
- "Suspicious
Activity" - SuspiciousActivityClassification reason was suspicious activity
- "Suspicious
But Expected" - SuspiciousButExpectedClassification reason was suspicious but expected
- "Incorrect
Alert Logic" - IncorrectAlertLogicClassification reason was incorrect alert logic
- "Inaccurate
Data" - InaccurateDataClassification reason was inaccurate data
IncidentLabel, IncidentLabelArgs
- Label
Name string - The name of the label
- Label
Name string - The name of the label
- label
Name String - The name of the label
- label
Name string - The name of the label
- label_
name str - The name of the label
- label
Name String - The name of the label
IncidentLabelResponse, IncidentLabelResponseArgs
- label_
name str - The name of the label
- label_
type str - The type of the label
IncidentOwnerInfo, IncidentOwnerInfoArgs
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
IncidentSeverity, IncidentSeverityArgs
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- Incident
Severity High - HighHigh severity
- Incident
Severity Medium - MediumMedium severity
- Incident
Severity Low - LowLow severity
- Incident
Severity Informational - InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- HIGH
- HighHigh severity
- MEDIUM
- MediumMedium severity
- LOW
- LowLow severity
- INFORMATIONAL
- InformationalInformational severity
- "High"
- HighHigh severity
- "Medium"
- MediumMedium severity
- "Low"
- LowLow severity
- "Informational"
- InformationalInformational severity
IncidentStatus, IncidentStatusArgs
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- Incident
Status New - NewAn active incident which isn't being handled currently
- Incident
Status Active - ActiveAn active incident which is being handled
- Incident
Status Closed - ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- NEW
- NewAn active incident which isn't being handled currently
- ACTIVE
- ActiveAn active incident which is being handled
- CLOSED
- ClosedA non-active incident
- "New"
- NewAn active incident which isn't being handled currently
- "Active"
- ActiveAn active incident which is being handled
- "Closed"
- ClosedA non-active incident
TriggersOn, TriggersOnArgs
- Incidents
- IncidentsTrigger on Incidents
- Triggers
On Incidents - IncidentsTrigger on Incidents
- Incidents
- IncidentsTrigger on Incidents
- Incidents
- IncidentsTrigger on Incidents
- INCIDENTS
- IncidentsTrigger on Incidents
- "Incidents"
- IncidentsTrigger on Incidents
TriggersWhen, TriggersWhenArgs
- Created
- CreatedTrigger on created objects
- Triggers
When Created - CreatedTrigger on created objects
- Created
- CreatedTrigger on created objects
- Created
- CreatedTrigger on created objects
- CREATED
- CreatedTrigger on created objects
- "Created"
- CreatedTrigger on created objects
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0