1. Packages
  2. Azure Native v1
  3. API Docs
  4. securityinsights
  5. AutomationRule
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi

azure-native.securityinsights.AutomationRule

Explore with Pulumi AI

azure-native-v1 logo
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi

    Represents an automation rule. API Version: 2019-01-01-preview.

    Example Usage

    Creates or updates an automation rule.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
        {
            Actions = new[]
            {
                new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
                {
                    ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfigurationArgs
                    {
                        Severity = "High",
                    },
                    ActionType = "ModifyProperties",
                    Order = 1,
                },
                new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs
                {
                    ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfigurationArgs
                    {
                        LogicAppResourceId = "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                        TenantId = "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
                    },
                    ActionType = "RunPlaybook",
                    Order = 2,
                },
            },
            AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
            DisplayName = "High severity incidents escalation",
            OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
            Order = 1,
            ResourceGroupName = "myRg",
            TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
            {
                Conditions = new[]
                {
                    
                    {
                        { "conditionProperties", new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionPropertiesArgs
                        {
                            Operator = "Contains",
                            PropertyName = "IncidentRelatedAnalyticRuleIds",
                            PropertyValues = new[]
                            {
                                "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                                "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                            },
                        } },
                        { "conditionType", "Property" },
                    },
                },
                IsEnabled = true,
                TriggersOn = "Incidents",
                TriggersWhen = "Created",
            },
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
    			Actions: pulumi.AnyArray{
    				securityinsights.AutomationRuleModifyPropertiesAction{
    					ActionConfiguration: securityinsights.AutomationRuleModifyPropertiesActionActionConfiguration{
    						Severity: "High",
    					},
    					ActionType: "ModifyProperties",
    					Order:      1,
    				},
    				securityinsights.AutomationRuleRunPlaybookAction{
    					ActionConfiguration: securityinsights.AutomationRuleRunPlaybookActionActionConfiguration{
    						LogicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
    						TenantId:           "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
    					},
    					ActionType: "RunPlaybook",
    					Order:      2,
    				},
    			},
    			AutomationRuleId:                    pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
    			DisplayName:                         pulumi.String("High severity incidents escalation"),
    			OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
    			Order:                               pulumi.Int(1),
    			ResourceGroupName:                   pulumi.String("myRg"),
    			TriggeringLogic: securityinsights.AutomationRuleTriggeringLogicResponse{
    				Conditions: []securityinsights.AutomationRulePropertyValuesConditionArgs{
    					{
    						ConditionProperties: {
    							Operator:     pulumi.String("Contains"),
    							PropertyName: pulumi.String("IncidentRelatedAnalyticRuleIds"),
    							PropertyValues: pulumi.StringArray{
    								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
    								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"),
    							},
    						},
    						ConditionType: pulumi.String("Property"),
    					},
    				},
    				IsEnabled:    pulumi.Bool(true),
    				TriggersOn:   pulumi.String("Incidents"),
    				TriggersWhen: pulumi.String("Created"),
    			},
    			WorkspaceName: pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.AutomationRule;
    import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()        
                .actions(            
                    Map.ofEntries(
                        Map.entry("actionConfiguration", Map.of("severity", "High")),
                        Map.entry("actionType", "ModifyProperties"),
                        Map.entry("order", 1)
                    ),
                    Map.ofEntries(
                        Map.entry("actionConfiguration", Map.ofEntries(
                            Map.entry("logicAppResourceId", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
                            Map.entry("tenantId", "ee48efaf-50c6-411b-9345-b2bdc3eb4abc")
                        )),
                        Map.entry("actionType", "RunPlaybook"),
                        Map.entry("order", 2)
                    ))
                .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
                .displayName("High severity incidents escalation")
                .operationalInsightsResourceProvider("Microsoft.OperationalInsights")
                .order(1)
                .resourceGroupName("myRg")
                .triggeringLogic(Map.ofEntries(
                    Map.entry("conditions", Map.ofEntries(
                        Map.entry("conditionProperties", Map.ofEntries(
                            Map.entry("operator", "Contains"),
                            Map.entry("propertyName", "IncidentRelatedAnalyticRuleIds"),
                            Map.entry("propertyValues",                         
                                "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                                "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")
                        )),
                        Map.entry("conditionType", "Property")
                    )),
                    Map.entry("isEnabled", true),
                    Map.entry("triggersOn", "Incidents"),
                    Map.entry("triggersWhen", "Created")
                ))
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
        actions=[
            azure_native.securityinsights.AutomationRuleModifyPropertiesActionArgs(
                action_configuration=azure_native.securityinsights.AutomationRuleModifyPropertiesActionActionConfigurationArgs(
                    severity="High",
                ),
                action_type="ModifyProperties",
                order=1,
            ),
            azure_native.securityinsights.AutomationRuleRunPlaybookActionArgs(
                action_configuration=azure_native.securityinsights.AutomationRuleRunPlaybookActionActionConfigurationArgs(
                    logic_app_resource_id="/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                    tenant_id="ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
                ),
                action_type="RunPlaybook",
                order=2,
            ),
        ],
        automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        display_name="High severity incidents escalation",
        operational_insights_resource_provider="Microsoft.OperationalInsights",
        order=1,
        resource_group_name="myRg",
        triggering_logic=azure_native.securityinsights.AutomationRuleTriggeringLogicResponseArgs(
            conditions=[azure_native.securityinsights.AutomationRulePropertyValuesConditionResponseArgs(
                condition_properties=azure_native.securityinsights.AutomationRulePropertyValuesConditionConditionPropertiesArgs(
                    operator="Contains",
                    property_name="IncidentRelatedAnalyticRuleIds",
                    property_values=[
                        "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                        "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                    ],
                ),
                condition_type="Property",
            )],
            is_enabled=True,
            triggers_on="Incidents",
            triggers_when="Created",
        ),
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
        actions: [
            {
                actionConfiguration: {
                    severity: "High",
                },
                actionType: "ModifyProperties",
                order: 1,
            },
            {
                actionConfiguration: {
                    logicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                    tenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
                },
                actionType: "RunPlaybook",
                order: 2,
            },
        ],
        automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        displayName: "High severity incidents escalation",
        operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
        order: 1,
        resourceGroupName: "myRg",
        triggeringLogic: {
            conditions: [{
                conditionProperties: {
                    operator: "Contains",
                    propertyName: "IncidentRelatedAnalyticRuleIds",
                    propertyValues: [
                        "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                        "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                    ],
                },
                conditionType: "Property",
            }],
            isEnabled: true,
            triggersOn: "Incidents",
            triggersWhen: "Created",
        },
        workspaceName: "myWorkspace",
    });
    
    resources:
      automationRule:
        type: azure-native:securityinsights:AutomationRule
        properties:
          actions:
            - actionConfiguration:
                severity: High
              actionType: ModifyProperties
              order: 1
            - actionConfiguration:
                logicAppResourceId: /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook
                tenantId: ee48efaf-50c6-411b-9345-b2bdc3eb4abc
              actionType: RunPlaybook
              order: 2
          automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
          displayName: High severity incidents escalation
          operationalInsightsResourceProvider: Microsoft.OperationalInsights
          order: 1
          resourceGroupName: myRg
          triggeringLogic:
            conditions:
              - conditionProperties:
                  operator: Contains
                  propertyName: IncidentRelatedAnalyticRuleIds
                  propertyValues:
                    - /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7
                    - /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a
                conditionType: Property
            isEnabled: true
            triggersOn: Incidents
            triggersWhen: Created
          workspaceName: myWorkspace
    

    Create AutomationRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AutomationRule(resource_name: str,
                       args: AutomationRuleArgs,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def AutomationRule(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                       display_name: Optional[str] = None,
                       operational_insights_resource_provider: Optional[str] = None,
                       order: Optional[int] = None,
                       resource_group_name: Optional[str] = None,
                       triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                       workspace_name: Optional[str] = None,
                       automation_rule_id: Optional[str] = None)
    func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
    public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
    public AutomationRule(String name, AutomationRuleArgs args)
    public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:AutomationRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var automationRuleResource = new AzureNative.Securityinsights.AutomationRule("automationRuleResource", new()
    {
        Actions = new[]
        {
            
            {
                { "actionConfiguration", 
                {
                    { "classification", "string" },
                    { "classificationComment", "string" },
                    { "classificationReason", "string" },
                    { "labels", new[]
                    {
                        
                        {
                            { "labelName", "string" },
                        },
                    } },
                    { "owner", 
                    {
                        { "assignedTo", "string" },
                        { "email", "string" },
                        { "objectId", "string" },
                        { "userPrincipalName", "string" },
                    } },
                    { "severity", "string" },
                    { "status", "string" },
                } },
                { "actionType", "ModifyProperties" },
                { "order", 0 },
            },
        },
        DisplayName = "string",
        OperationalInsightsResourceProvider = "string",
        Order = 0,
        ResourceGroupName = "string",
        TriggeringLogic = 
        {
            { "isEnabled", false },
            { "triggersOn", "string" },
            { "triggersWhen", "string" },
            { "conditions", new[]
            {
                
                {
                    { "conditionProperties", 
                    {
                        { "operator", "string" },
                        { "propertyName", "string" },
                        { "propertyValues", new[]
                        {
                            "string",
                        } },
                    } },
                    { "conditionType", "Property" },
                },
            } },
            { "expirationTimeUtc", "string" },
        },
        WorkspaceName = "string",
        AutomationRuleId = "string",
    });
    
    example, err := securityinsights.NewAutomationRule(ctx, "automationRuleResource", &securityinsights.AutomationRuleArgs{
    	Actions: []map[string]interface{}{
    		map[string]interface{}{
    			"actionConfiguration": map[string]interface{}{
    				"classification":        "string",
    				"classificationComment": "string",
    				"classificationReason":  "string",
    				"labels": []map[string]interface{}{
    					map[string]interface{}{
    						"labelName": "string",
    					},
    				},
    				"owner": map[string]interface{}{
    					"assignedTo":        "string",
    					"email":             "string",
    					"objectId":          "string",
    					"userPrincipalName": "string",
    				},
    				"severity": "string",
    				"status":   "string",
    			},
    			"actionType": "ModifyProperties",
    			"order":      0,
    		},
    	},
    	DisplayName:                         "string",
    	OperationalInsightsResourceProvider: "string",
    	Order:                               0,
    	ResourceGroupName:                   "string",
    	TriggeringLogic: map[string]interface{}{
    		"isEnabled":    false,
    		"triggersOn":   "string",
    		"triggersWhen": "string",
    		"conditions": []map[string]interface{}{
    			map[string]interface{}{
    				"conditionProperties": map[string]interface{}{
    					"operator":     "string",
    					"propertyName": "string",
    					"propertyValues": []string{
    						"string",
    					},
    				},
    				"conditionType": "Property",
    			},
    		},
    		"expirationTimeUtc": "string",
    	},
    	WorkspaceName:    "string",
    	AutomationRuleId: "string",
    })
    
    var automationRuleResource = new AutomationRule("automationRuleResource", AutomationRuleArgs.builder()
        .actions(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .displayName("string")
        .operationalInsightsResourceProvider("string")
        .order(0)
        .resourceGroupName("string")
        .triggeringLogic(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
        .workspaceName("string")
        .automationRuleId("string")
        .build());
    
    automation_rule_resource = azure_native.securityinsights.AutomationRule("automationRuleResource",
        actions=[{
            actionConfiguration: {
                classification: string,
                classificationComment: string,
                classificationReason: string,
                labels: [{
                    labelName: string,
                }],
                owner: {
                    assignedTo: string,
                    email: string,
                    objectId: string,
                    userPrincipalName: string,
                },
                severity: string,
                status: string,
            },
            actionType: ModifyProperties,
            order: 0,
        }],
        display_name=string,
        operational_insights_resource_provider=string,
        order=0,
        resource_group_name=string,
        triggering_logic={
            isEnabled: False,
            triggersOn: string,
            triggersWhen: string,
            conditions: [{
                conditionProperties: {
                    operator: string,
                    propertyName: string,
                    propertyValues: [string],
                },
                conditionType: Property,
            }],
            expirationTimeUtc: string,
        },
        workspace_name=string,
        automation_rule_id=string)
    
    const automationRuleResource = new azure_native.securityinsights.AutomationRule("automationRuleResource", {
        actions: [{
            actionConfiguration: {
                classification: "string",
                classificationComment: "string",
                classificationReason: "string",
                labels: [{
                    labelName: "string",
                }],
                owner: {
                    assignedTo: "string",
                    email: "string",
                    objectId: "string",
                    userPrincipalName: "string",
                },
                severity: "string",
                status: "string",
            },
            actionType: "ModifyProperties",
            order: 0,
        }],
        displayName: "string",
        operationalInsightsResourceProvider: "string",
        order: 0,
        resourceGroupName: "string",
        triggeringLogic: {
            isEnabled: false,
            triggersOn: "string",
            triggersWhen: "string",
            conditions: [{
                conditionProperties: {
                    operator: "string",
                    propertyName: "string",
                    propertyValues: ["string"],
                },
                conditionType: "Property",
            }],
            expirationTimeUtc: "string",
        },
        workspaceName: "string",
        automationRuleId: "string",
    });
    
    type: azure-native:securityinsights:AutomationRule
    properties:
        actions:
            - actionConfiguration:
                classification: string
                classificationComment: string
                classificationReason: string
                labels:
                    - labelName: string
                owner:
                    assignedTo: string
                    email: string
                    objectId: string
                    userPrincipalName: string
                severity: string
                status: string
              actionType: ModifyProperties
              order: 0
        automationRuleId: string
        displayName: string
        operationalInsightsResourceProvider: string
        order: 0
        resourceGroupName: string
        triggeringLogic:
            conditions:
                - conditionProperties:
                    operator: string
                    propertyName: string
                    propertyValues:
                        - string
                  conditionType: Property
            expirationTimeUtc: string
            isEnabled: false
            triggersOn: string
            triggersWhen: string
        workspaceName: string
    

    AutomationRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AutomationRule resource accepts the following input properties:

    Actions List<Union<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesAction, Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs>>
    The actions to execute when the automation rule is triggered
    DisplayName string
    The display name of the automation rule
    OperationalInsightsResourceProvider string
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    Order int
    The order of execution of the automation rule
    ResourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    TriggeringLogic Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogic
    The triggering logic of the automation rule
    WorkspaceName string
    The name of the workspace.
    AutomationRuleId string
    Automation rule ID
    Actions []interface{}
    The actions to execute when the automation rule is triggered
    DisplayName string
    The display name of the automation rule
    OperationalInsightsResourceProvider string
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    Order int
    The order of execution of the automation rule
    ResourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    TriggeringLogic AutomationRuleTriggeringLogicArgs
    The triggering logic of the automation rule
    WorkspaceName string
    The name of the workspace.
    AutomationRuleId string
    Automation rule ID
    actions List<Either<AutomationRuleModifyPropertiesAction,AutomationRuleRunPlaybookActionArgs>>
    The actions to execute when the automation rule is triggered
    displayName String
    The display name of the automation rule
    operationalInsightsResourceProvider String
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    order Integer
    The order of execution of the automation rule
    resourceGroupName String
    The name of the resource group within the user's subscription. The name is case insensitive.
    triggeringLogic AutomationRuleTriggeringLogic
    The triggering logic of the automation rule
    workspaceName String
    The name of the workspace.
    automationRuleId String
    Automation rule ID
    actions (AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookActionArgs)[]
    The actions to execute when the automation rule is triggered
    displayName string
    The display name of the automation rule
    operationalInsightsResourceProvider string
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    order number
    The order of execution of the automation rule
    resourceGroupName string
    The name of the resource group within the user's subscription. The name is case insensitive.
    triggeringLogic AutomationRuleTriggeringLogic
    The triggering logic of the automation rule
    workspaceName string
    The name of the workspace.
    automationRuleId string
    Automation rule ID
    actions Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]
    The actions to execute when the automation rule is triggered
    display_name str
    The display name of the automation rule
    operational_insights_resource_provider str
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    order int
    The order of execution of the automation rule
    resource_group_name str
    The name of the resource group within the user's subscription. The name is case insensitive.
    triggering_logic AutomationRuleTriggeringLogicArgs
    The triggering logic of the automation rule
    workspace_name str
    The name of the workspace.
    automation_rule_id str
    Automation rule ID
    actions List<Property Map | Property Map>
    The actions to execute when the automation rule is triggered
    displayName String
    The display name of the automation rule
    operationalInsightsResourceProvider String
    The namespace of workspaces resource provider- Microsoft.OperationalInsights.
    order Number
    The order of execution of the automation rule
    resourceGroupName String
    The name of the resource group within the user's subscription. The name is case insensitive.
    triggeringLogic Property Map
    The triggering logic of the automation rule
    workspaceName String
    The name of the workspace.
    automationRuleId String
    Automation rule ID

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

    CreatedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse
    Describes the client that created the automation rule
    CreatedTimeUtc string
    The time the automation rule was created
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse
    Describes the client that last updated the automation rule
    LastModifiedTimeUtc string
    The last time the automation rule was updated
    Name string
    Azure resource name
    Type string
    Azure resource type
    Etag string
    Etag of the azure resource
    CreatedBy ClientInfoResponse
    Describes the client that created the automation rule
    CreatedTimeUtc string
    The time the automation rule was created
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedBy ClientInfoResponse
    Describes the client that last updated the automation rule
    LastModifiedTimeUtc string
    The last time the automation rule was updated
    Name string
    Azure resource name
    Type string
    Azure resource type
    Etag string
    Etag of the azure resource
    createdBy ClientInfoResponse
    Describes the client that created the automation rule
    createdTimeUtc String
    The time the automation rule was created
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedBy ClientInfoResponse
    Describes the client that last updated the automation rule
    lastModifiedTimeUtc String
    The last time the automation rule was updated
    name String
    Azure resource name
    type String
    Azure resource type
    etag String
    Etag of the azure resource
    createdBy ClientInfoResponse
    Describes the client that created the automation rule
    createdTimeUtc string
    The time the automation rule was created
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedBy ClientInfoResponse
    Describes the client that last updated the automation rule
    lastModifiedTimeUtc string
    The last time the automation rule was updated
    name string
    Azure resource name
    type string
    Azure resource type
    etag string
    Etag of the azure resource
    created_by ClientInfoResponse
    Describes the client that created the automation rule
    created_time_utc str
    The time the automation rule was created
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_by ClientInfoResponse
    Describes the client that last updated the automation rule
    last_modified_time_utc str
    The last time the automation rule was updated
    name str
    Azure resource name
    type str
    Azure resource type
    etag str
    Etag of the azure resource
    createdBy Property Map
    Describes the client that created the automation rule
    createdTimeUtc String
    The time the automation rule was created
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedBy Property Map
    Describes the client that last updated the automation rule
    lastModifiedTimeUtc String
    The last time the automation rule was updated
    name String
    Azure resource name
    type String
    Azure resource type
    etag String
    Etag of the azure resource

    Supporting Types

    AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

    ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfiguration
    The configuration of the modify properties automation rule action
    Order int
    The order of execution of the automation rule action
    ActionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration
    The configuration of the modify properties automation rule action
    Order int
    The order of execution of the automation rule action
    actionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration
    The configuration of the modify properties automation rule action
    order Integer
    The order of execution of the automation rule action
    actionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration
    The configuration of the modify properties automation rule action
    order number
    The order of execution of the automation rule action
    action_configuration AutomationRuleModifyPropertiesActionActionConfiguration
    The configuration of the modify properties automation rule action
    order int
    The order of execution of the automation rule action
    actionConfiguration Property Map
    The configuration of the modify properties automation rule action
    order Number
    The order of execution of the automation rule action

    AutomationRuleModifyPropertiesActionActionConfiguration, AutomationRuleModifyPropertiesActionActionConfigurationArgs

    Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed
    ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason
    The classification reason to close the incident with
    Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>
    List of labels to add to the incident
    Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo
    Describes a user that the incident is assigned to
    Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity
    The severity of the incident
    Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus
    The status of the incident
    Classification string | IncidentClassification
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed
    ClassificationReason string | IncidentClassificationReason
    The classification reason to close the incident with
    Labels []IncidentLabel
    List of labels to add to the incident
    Owner IncidentOwnerInfo
    Describes a user that the incident is assigned to
    Severity string | IncidentSeverity
    The severity of the incident
    Status string | IncidentStatus
    The status of the incident
    classification String | IncidentClassification
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed
    classificationReason String | IncidentClassificationReason
    The classification reason to close the incident with
    labels List<IncidentLabel>
    List of labels to add to the incident
    owner IncidentOwnerInfo
    Describes a user that the incident is assigned to
    severity String | IncidentSeverity
    The severity of the incident
    status String | IncidentStatus
    The status of the incident
    classification string | IncidentClassification
    The reason the incident was closed
    classificationComment string
    Describes the reason the incident was closed
    classificationReason string | IncidentClassificationReason
    The classification reason to close the incident with
    labels IncidentLabel[]
    List of labels to add to the incident
    owner IncidentOwnerInfo
    Describes a user that the incident is assigned to
    severity string | IncidentSeverity
    The severity of the incident
    status string | IncidentStatus
    The status of the incident
    classification str | IncidentClassification
    The reason the incident was closed
    classification_comment str
    Describes the reason the incident was closed
    classification_reason str | IncidentClassificationReason
    The classification reason to close the incident with
    labels Sequence[IncidentLabel]
    List of labels to add to the incident
    owner IncidentOwnerInfo
    Describes a user that the incident is assigned to
    severity str | IncidentSeverity
    The severity of the incident
    status str | IncidentStatus
    The status of the incident
    classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive"
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed
    classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData"
    The classification reason to close the incident with
    labels List<Property Map>
    List of labels to add to the incident
    owner Property Map
    Describes a user that the incident is assigned to
    severity String | "High" | "Medium" | "Low" | "Informational"
    The severity of the incident
    status String | "New" | "Active" | "Closed"
    The status of the incident

    AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

    ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionResponseActionConfiguration
    The configuration of the modify properties automation rule action
    Order int
    The order of execution of the automation rule action
    ActionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration
    The configuration of the modify properties automation rule action
    Order int
    The order of execution of the automation rule action
    actionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration
    The configuration of the modify properties automation rule action
    order Integer
    The order of execution of the automation rule action
    actionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration
    The configuration of the modify properties automation rule action
    order number
    The order of execution of the automation rule action
    action_configuration AutomationRuleModifyPropertiesActionResponseActionConfiguration
    The configuration of the modify properties automation rule action
    order int
    The order of execution of the automation rule action
    actionConfiguration Property Map
    The configuration of the modify properties automation rule action
    order Number
    The order of execution of the automation rule action

    AutomationRuleModifyPropertiesActionResponseActionConfiguration, AutomationRuleModifyPropertiesActionResponseActionConfigurationArgs

    Classification string
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed
    ClassificationReason string
    The classification reason to close the incident with
    Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabelResponse>
    List of labels to add to the incident
    Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    Severity string
    The severity of the incident
    Status string
    The status of the incident
    Classification string
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed
    ClassificationReason string
    The classification reason to close the incident with
    Labels []IncidentLabelResponse
    List of labels to add to the incident
    Owner IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    Severity string
    The severity of the incident
    Status string
    The status of the incident
    classification String
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed
    classificationReason String
    The classification reason to close the incident with
    labels List<IncidentLabelResponse>
    List of labels to add to the incident
    owner IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    severity String
    The severity of the incident
    status String
    The status of the incident
    classification string
    The reason the incident was closed
    classificationComment string
    Describes the reason the incident was closed
    classificationReason string
    The classification reason to close the incident with
    labels IncidentLabelResponse[]
    List of labels to add to the incident
    owner IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    severity string
    The severity of the incident
    status string
    The status of the incident
    classification str
    The reason the incident was closed
    classification_comment str
    Describes the reason the incident was closed
    classification_reason str
    The classification reason to close the incident with
    labels Sequence[IncidentLabelResponse]
    List of labels to add to the incident
    owner IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    severity str
    The severity of the incident
    status str
    The status of the incident
    classification String
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed
    classificationReason String
    The classification reason to close the incident with
    labels List<Property Map>
    List of labels to add to the incident
    owner Property Map
    Describes a user that the incident is assigned to
    severity String
    The severity of the incident
    status String
    The status of the incident

    AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

    EqualsValue
    EqualsEvaluates if the property equals at least one of the condition values
    NotEquals
    NotEqualsEvaluates if the property does not equal any of the condition values
    Contains
    ContainsEvaluates if the property contains at least one of the condition values
    NotContains
    NotContainsEvaluates if the property does not contain any of the condition values
    StartsWith
    StartsWithEvaluates if the property starts with any of the condition values
    NotStartsWith
    NotStartsWithEvaluates if the property does not start with any of the condition values
    EndsWith
    EndsWithEvaluates if the property ends with any of the condition values
    NotEndsWith
    NotEndsWithEvaluates if the property does not end with any of the condition values
    AutomationRulePropertyConditionSupportedOperatorEquals
    EqualsEvaluates if the property equals at least one of the condition values
    AutomationRulePropertyConditionSupportedOperatorNotEquals
    NotEqualsEvaluates if the property does not equal any of the condition values
    AutomationRulePropertyConditionSupportedOperatorContains
    ContainsEvaluates if the property contains at least one of the condition values
    AutomationRulePropertyConditionSupportedOperatorNotContains
    NotContainsEvaluates if the property does not contain any of the condition values
    AutomationRulePropertyConditionSupportedOperatorStartsWith
    StartsWithEvaluates if the property starts with any of the condition values
    AutomationRulePropertyConditionSupportedOperatorNotStartsWith
    NotStartsWithEvaluates if the property does not start with any of the condition values
    AutomationRulePropertyConditionSupportedOperatorEndsWith
    EndsWithEvaluates if the property ends with any of the condition values
    AutomationRulePropertyConditionSupportedOperatorNotEndsWith
    NotEndsWithEvaluates if the property does not end with any of the condition values
    Equals
    EqualsEvaluates if the property equals at least one of the condition values
    NotEquals
    NotEqualsEvaluates if the property does not equal any of the condition values
    Contains
    ContainsEvaluates if the property contains at least one of the condition values
    NotContains
    NotContainsEvaluates if the property does not contain any of the condition values
    StartsWith
    StartsWithEvaluates if the property starts with any of the condition values
    NotStartsWith
    NotStartsWithEvaluates if the property does not start with any of the condition values
    EndsWith
    EndsWithEvaluates if the property ends with any of the condition values
    NotEndsWith
    NotEndsWithEvaluates if the property does not end with any of the condition values
    Equals
    EqualsEvaluates if the property equals at least one of the condition values
    NotEquals
    NotEqualsEvaluates if the property does not equal any of the condition values
    Contains
    ContainsEvaluates if the property contains at least one of the condition values
    NotContains
    NotContainsEvaluates if the property does not contain any of the condition values
    StartsWith
    StartsWithEvaluates if the property starts with any of the condition values
    NotStartsWith
    NotStartsWithEvaluates if the property does not start with any of the condition values
    EndsWith
    EndsWithEvaluates if the property ends with any of the condition values
    NotEndsWith
    NotEndsWithEvaluates if the property does not end with any of the condition values
    EQUALS
    EqualsEvaluates if the property equals at least one of the condition values
    NOT_EQUALS
    NotEqualsEvaluates if the property does not equal any of the condition values
    CONTAINS
    ContainsEvaluates if the property contains at least one of the condition values
    NOT_CONTAINS
    NotContainsEvaluates if the property does not contain any of the condition values
    STARTS_WITH
    StartsWithEvaluates if the property starts with any of the condition values
    NOT_STARTS_WITH
    NotStartsWithEvaluates if the property does not start with any of the condition values
    ENDS_WITH
    EndsWithEvaluates if the property ends with any of the condition values
    NOT_ENDS_WITH
    NotEndsWithEvaluates if the property does not end with any of the condition values
    "Equals"
    EqualsEvaluates if the property equals at least one of the condition values
    "NotEquals"
    NotEqualsEvaluates if the property does not equal any of the condition values
    "Contains"
    ContainsEvaluates if the property contains at least one of the condition values
    "NotContains"
    NotContainsEvaluates if the property does not contain any of the condition values
    "StartsWith"
    StartsWithEvaluates if the property starts with any of the condition values
    "NotStartsWith"
    NotStartsWithEvaluates if the property does not start with any of the condition values
    "EndsWith"
    EndsWithEvaluates if the property ends with any of the condition values
    "NotEndsWith"
    NotEndsWithEvaluates if the property does not end with any of the condition values

    AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

    IncidentTitle
    IncidentTitleThe title of the incident
    IncidentDescription
    IncidentDescriptionThe description of the incident
    IncidentSeverity
    IncidentSeverityThe severity of the incident
    IncidentStatus
    IncidentStatusThe status of the incident
    IncidentTactics
    IncidentTacticsThe tactics of the incident
    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    IncidentProviderName
    IncidentProviderNameThe provider name of the incident
    AccountAadTenantId
    AccountAadTenantIdThe account Azure Active Directory tenant id
    AccountAadUserId
    AccountAadUserIdThe account Azure Active Directory user id.
    AccountName
    AccountNameThe account name
    AccountNTDomain
    AccountNTDomainThe account NetBIOS domain name
    AccountPUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    AccountSid
    AccountSidThe account security identifier
    AccountObjectGuid
    AccountObjectGuidThe account unique identifier
    AccountUPNSuffix
    AccountUPNSuffixThe account user principal name suffix
    AzureResourceResourceId
    AzureResourceResourceIdThe Azure resource id
    AzureResourceSubscriptionId
    AzureResourceSubscriptionIdThe Azure resource subscription id
    CloudApplicationAppId
    CloudApplicationAppIdThe cloud application identifier
    CloudApplicationAppName
    CloudApplicationAppNameThe cloud application name
    DNSDomainName
    DNSDomainNameThe dns record domain name
    FileDirectory
    FileDirectoryThe file directory full path
    FileName
    FileNameThe file name without path
    FileHashValue
    FileHashValueThe file hash value
    HostAzureID
    HostAzureIDThe host Azure resource id
    HostName
    HostNameThe host name without domain
    HostNetBiosName
    HostNetBiosNameThe host NetBIOS name
    HostNTDomain
    HostNTDomainThe host NT domain
    HostOSVersion
    HostOSVersionThe host operating system
    IoTDeviceId
    IoTDeviceIdThe IoT device id
    IoTDeviceName
    IoTDeviceNameThe IoT device name
    IoTDeviceType
    IoTDeviceTypeThe IoT device type
    IoTDeviceVendor
    IoTDeviceVendorThe IoT device vendor
    IoTDeviceModel
    IoTDeviceModelThe IoT device model
    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystemThe IoT device operating system
    IPAddress
    IPAddressThe IP address
    MailboxDisplayName
    MailboxDisplayNameThe mailbox display name
    MailboxPrimaryAddress
    MailboxPrimaryAddressThe mailbox primary address
    MailboxUPN
    MailboxUPNThe mailbox user principal name
    MailMessageDeliveryAction
    MailMessageDeliveryActionThe mail message delivery action
    MailMessageDeliveryLocation
    MailMessageDeliveryLocationThe mail message delivery location
    MailMessageRecipient
    MailMessageRecipientThe mail message recipient
    MailMessageSenderIP
    MailMessageSenderIPThe mail message sender IP address
    MailMessageSubject
    MailMessageSubjectThe mail message subject
    MailMessageP1Sender
    MailMessageP1SenderThe mail message P1 sender
    MailMessageP2Sender
    MailMessageP2SenderThe mail message P2 sender
    MalwareCategory
    MalwareCategoryThe malware category
    MalwareName
    MalwareNameThe malware name
    ProcessCommandLine
    ProcessCommandLineThe process execution command line
    ProcessId
    ProcessIdThe process id
    RegistryKey
    RegistryKeyThe registry key path
    RegistryValueData
    RegistryValueDataThe registry key value in string formatted representation
    Url
    UrlThe url
    AutomationRulePropertyConditionSupportedPropertyIncidentTitle
    IncidentTitleThe title of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentDescription
    IncidentDescriptionThe description of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentSeverity
    IncidentSeverityThe severity of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentStatus
    IncidentStatusThe status of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentTactics
    IncidentTacticsThe tactics of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentProviderName
    IncidentProviderNameThe provider name of the incident
    AutomationRulePropertyConditionSupportedPropertyAccountAadTenantId
    AccountAadTenantIdThe account Azure Active Directory tenant id
    AutomationRulePropertyConditionSupportedPropertyAccountAadUserId
    AccountAadUserIdThe account Azure Active Directory user id.
    AutomationRulePropertyConditionSupportedPropertyAccountName
    AccountNameThe account name
    AutomationRulePropertyConditionSupportedPropertyAccountNTDomain
    AccountNTDomainThe account NetBIOS domain name
    AutomationRulePropertyConditionSupportedPropertyAccountPUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    AutomationRulePropertyConditionSupportedPropertyAccountSid
    AccountSidThe account security identifier
    AutomationRulePropertyConditionSupportedPropertyAccountObjectGuid
    AccountObjectGuidThe account unique identifier
    AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix
    AccountUPNSuffixThe account user principal name suffix
    AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceId
    AzureResourceResourceIdThe Azure resource id
    AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionId
    AzureResourceSubscriptionIdThe Azure resource subscription id
    AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppId
    CloudApplicationAppIdThe cloud application identifier
    AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName
    CloudApplicationAppNameThe cloud application name
    AutomationRulePropertyConditionSupportedPropertyDNSDomainName
    DNSDomainNameThe dns record domain name
    AutomationRulePropertyConditionSupportedPropertyFileDirectory
    FileDirectoryThe file directory full path
    AutomationRulePropertyConditionSupportedPropertyFileName
    FileNameThe file name without path
    AutomationRulePropertyConditionSupportedPropertyFileHashValue
    FileHashValueThe file hash value
    AutomationRulePropertyConditionSupportedPropertyHostAzureID
    HostAzureIDThe host Azure resource id
    AutomationRulePropertyConditionSupportedPropertyHostName
    HostNameThe host name without domain
    AutomationRulePropertyConditionSupportedPropertyHostNetBiosName
    HostNetBiosNameThe host NetBIOS name
    AutomationRulePropertyConditionSupportedPropertyHostNTDomain
    HostNTDomainThe host NT domain
    AutomationRulePropertyConditionSupportedPropertyHostOSVersion
    HostOSVersionThe host operating system
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceId
    IoTDeviceIdThe IoT device id
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceName
    IoTDeviceNameThe IoT device name
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceType
    IoTDeviceTypeThe IoT device type
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor
    IoTDeviceVendorThe IoT device vendor
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel
    IoTDeviceModelThe IoT device model
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem
    IoTDeviceOperatingSystemThe IoT device operating system
    AutomationRulePropertyConditionSupportedPropertyIPAddress
    IPAddressThe IP address
    AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName
    MailboxDisplayNameThe mailbox display name
    AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress
    MailboxPrimaryAddressThe mailbox primary address
    AutomationRulePropertyConditionSupportedPropertyMailboxUPN
    MailboxUPNThe mailbox user principal name
    AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction
    MailMessageDeliveryActionThe mail message delivery action
    AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation
    MailMessageDeliveryLocationThe mail message delivery location
    AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient
    MailMessageRecipientThe mail message recipient
    AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP
    MailMessageSenderIPThe mail message sender IP address
    AutomationRulePropertyConditionSupportedPropertyMailMessageSubject
    MailMessageSubjectThe mail message subject
    AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender
    MailMessageP1SenderThe mail message P1 sender
    AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender
    MailMessageP2SenderThe mail message P2 sender
    AutomationRulePropertyConditionSupportedPropertyMalwareCategory
    MalwareCategoryThe malware category
    AutomationRulePropertyConditionSupportedPropertyMalwareName
    MalwareNameThe malware name
    AutomationRulePropertyConditionSupportedPropertyProcessCommandLine
    ProcessCommandLineThe process execution command line
    AutomationRulePropertyConditionSupportedPropertyProcessId
    ProcessIdThe process id
    AutomationRulePropertyConditionSupportedPropertyRegistryKey
    RegistryKeyThe registry key path
    AutomationRulePropertyConditionSupportedPropertyRegistryValueData
    RegistryValueDataThe registry key value in string formatted representation
    AutomationRulePropertyConditionSupportedPropertyUrl
    UrlThe url
    IncidentTitle
    IncidentTitleThe title of the incident
    IncidentDescription
    IncidentDescriptionThe description of the incident
    IncidentSeverity
    IncidentSeverityThe severity of the incident
    IncidentStatus
    IncidentStatusThe status of the incident
    IncidentTactics
    IncidentTacticsThe tactics of the incident
    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    IncidentProviderName
    IncidentProviderNameThe provider name of the incident
    AccountAadTenantId
    AccountAadTenantIdThe account Azure Active Directory tenant id
    AccountAadUserId
    AccountAadUserIdThe account Azure Active Directory user id.
    AccountName
    AccountNameThe account name
    AccountNTDomain
    AccountNTDomainThe account NetBIOS domain name
    AccountPUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    AccountSid
    AccountSidThe account security identifier
    AccountObjectGuid
    AccountObjectGuidThe account unique identifier
    AccountUPNSuffix
    AccountUPNSuffixThe account user principal name suffix
    AzureResourceResourceId
    AzureResourceResourceIdThe Azure resource id
    AzureResourceSubscriptionId
    AzureResourceSubscriptionIdThe Azure resource subscription id
    CloudApplicationAppId
    CloudApplicationAppIdThe cloud application identifier
    CloudApplicationAppName
    CloudApplicationAppNameThe cloud application name
    DNSDomainName
    DNSDomainNameThe dns record domain name
    FileDirectory
    FileDirectoryThe file directory full path
    FileName
    FileNameThe file name without path
    FileHashValue
    FileHashValueThe file hash value
    HostAzureID
    HostAzureIDThe host Azure resource id
    HostName
    HostNameThe host name without domain
    HostNetBiosName
    HostNetBiosNameThe host NetBIOS name
    HostNTDomain
    HostNTDomainThe host NT domain
    HostOSVersion
    HostOSVersionThe host operating system
    IoTDeviceId
    IoTDeviceIdThe IoT device id
    IoTDeviceName
    IoTDeviceNameThe IoT device name
    IoTDeviceType
    IoTDeviceTypeThe IoT device type
    IoTDeviceVendor
    IoTDeviceVendorThe IoT device vendor
    IoTDeviceModel
    IoTDeviceModelThe IoT device model
    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystemThe IoT device operating system
    IPAddress
    IPAddressThe IP address
    MailboxDisplayName
    MailboxDisplayNameThe mailbox display name
    MailboxPrimaryAddress
    MailboxPrimaryAddressThe mailbox primary address
    MailboxUPN
    MailboxUPNThe mailbox user principal name
    MailMessageDeliveryAction
    MailMessageDeliveryActionThe mail message delivery action
    MailMessageDeliveryLocation
    MailMessageDeliveryLocationThe mail message delivery location
    MailMessageRecipient
    MailMessageRecipientThe mail message recipient
    MailMessageSenderIP
    MailMessageSenderIPThe mail message sender IP address
    MailMessageSubject
    MailMessageSubjectThe mail message subject
    MailMessageP1Sender
    MailMessageP1SenderThe mail message P1 sender
    MailMessageP2Sender
    MailMessageP2SenderThe mail message P2 sender
    MalwareCategory
    MalwareCategoryThe malware category
    MalwareName
    MalwareNameThe malware name
    ProcessCommandLine
    ProcessCommandLineThe process execution command line
    ProcessId
    ProcessIdThe process id
    RegistryKey
    RegistryKeyThe registry key path
    RegistryValueData
    RegistryValueDataThe registry key value in string formatted representation
    Url
    UrlThe url
    IncidentTitle
    IncidentTitleThe title of the incident
    IncidentDescription
    IncidentDescriptionThe description of the incident
    IncidentSeverity
    IncidentSeverityThe severity of the incident
    IncidentStatus
    IncidentStatusThe status of the incident
    IncidentTactics
    IncidentTacticsThe tactics of the incident
    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    IncidentProviderName
    IncidentProviderNameThe provider name of the incident
    AccountAadTenantId
    AccountAadTenantIdThe account Azure Active Directory tenant id
    AccountAadUserId
    AccountAadUserIdThe account Azure Active Directory user id.
    AccountName
    AccountNameThe account name
    AccountNTDomain
    AccountNTDomainThe account NetBIOS domain name
    AccountPUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    AccountSid
    AccountSidThe account security identifier
    AccountObjectGuid
    AccountObjectGuidThe account unique identifier
    AccountUPNSuffix
    AccountUPNSuffixThe account user principal name suffix
    AzureResourceResourceId
    AzureResourceResourceIdThe Azure resource id
    AzureResourceSubscriptionId
    AzureResourceSubscriptionIdThe Azure resource subscription id
    CloudApplicationAppId
    CloudApplicationAppIdThe cloud application identifier
    CloudApplicationAppName
    CloudApplicationAppNameThe cloud application name
    DNSDomainName
    DNSDomainNameThe dns record domain name
    FileDirectory
    FileDirectoryThe file directory full path
    FileName
    FileNameThe file name without path
    FileHashValue
    FileHashValueThe file hash value
    HostAzureID
    HostAzureIDThe host Azure resource id
    HostName
    HostNameThe host name without domain
    HostNetBiosName
    HostNetBiosNameThe host NetBIOS name
    HostNTDomain
    HostNTDomainThe host NT domain
    HostOSVersion
    HostOSVersionThe host operating system
    IoTDeviceId
    IoTDeviceIdThe IoT device id
    IoTDeviceName
    IoTDeviceNameThe IoT device name
    IoTDeviceType
    IoTDeviceTypeThe IoT device type
    IoTDeviceVendor
    IoTDeviceVendorThe IoT device vendor
    IoTDeviceModel
    IoTDeviceModelThe IoT device model
    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystemThe IoT device operating system
    IPAddress
    IPAddressThe IP address
    MailboxDisplayName
    MailboxDisplayNameThe mailbox display name
    MailboxPrimaryAddress
    MailboxPrimaryAddressThe mailbox primary address
    MailboxUPN
    MailboxUPNThe mailbox user principal name
    MailMessageDeliveryAction
    MailMessageDeliveryActionThe mail message delivery action
    MailMessageDeliveryLocation
    MailMessageDeliveryLocationThe mail message delivery location
    MailMessageRecipient
    MailMessageRecipientThe mail message recipient
    MailMessageSenderIP
    MailMessageSenderIPThe mail message sender IP address
    MailMessageSubject
    MailMessageSubjectThe mail message subject
    MailMessageP1Sender
    MailMessageP1SenderThe mail message P1 sender
    MailMessageP2Sender
    MailMessageP2SenderThe mail message P2 sender
    MalwareCategory
    MalwareCategoryThe malware category
    MalwareName
    MalwareNameThe malware name
    ProcessCommandLine
    ProcessCommandLineThe process execution command line
    ProcessId
    ProcessIdThe process id
    RegistryKey
    RegistryKeyThe registry key path
    RegistryValueData
    RegistryValueDataThe registry key value in string formatted representation
    Url
    UrlThe url
    INCIDENT_TITLE
    IncidentTitleThe title of the incident
    INCIDENT_DESCRIPTION
    IncidentDescriptionThe description of the incident
    INCIDENT_SEVERITY
    IncidentSeverityThe severity of the incident
    INCIDENT_STATUS
    IncidentStatusThe status of the incident
    INCIDENT_TACTICS
    IncidentTacticsThe tactics of the incident
    INCIDENT_RELATED_ANALYTIC_RULE_IDS
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    INCIDENT_PROVIDER_NAME
    IncidentProviderNameThe provider name of the incident
    ACCOUNT_AAD_TENANT_ID
    AccountAadTenantIdThe account Azure Active Directory tenant id
    ACCOUNT_AAD_USER_ID
    AccountAadUserIdThe account Azure Active Directory user id.
    ACCOUNT_NAME
    AccountNameThe account name
    ACCOUNT_NT_DOMAIN
    AccountNTDomainThe account NetBIOS domain name
    ACCOUNT_PUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    ACCOUNT_SID
    AccountSidThe account security identifier
    ACCOUNT_OBJECT_GUID
    AccountObjectGuidThe account unique identifier
    ACCOUNT_UPN_SUFFIX
    AccountUPNSuffixThe account user principal name suffix
    AZURE_RESOURCE_RESOURCE_ID
    AzureResourceResourceIdThe Azure resource id
    AZURE_RESOURCE_SUBSCRIPTION_ID
    AzureResourceSubscriptionIdThe Azure resource subscription id
    CLOUD_APPLICATION_APP_ID
    CloudApplicationAppIdThe cloud application identifier
    CLOUD_APPLICATION_APP_NAME
    CloudApplicationAppNameThe cloud application name
    DNS_DOMAIN_NAME
    DNSDomainNameThe dns record domain name
    FILE_DIRECTORY
    FileDirectoryThe file directory full path
    FILE_NAME
    FileNameThe file name without path
    FILE_HASH_VALUE
    FileHashValueThe file hash value
    HOST_AZURE_ID
    HostAzureIDThe host Azure resource id
    HOST_NAME
    HostNameThe host name without domain
    HOST_NET_BIOS_NAME
    HostNetBiosNameThe host NetBIOS name
    HOST_NT_DOMAIN
    HostNTDomainThe host NT domain
    HOST_OS_VERSION
    HostOSVersionThe host operating system
    IO_T_DEVICE_ID
    IoTDeviceIdThe IoT device id
    IO_T_DEVICE_NAME
    IoTDeviceNameThe IoT device name
    IO_T_DEVICE_TYPE
    IoTDeviceTypeThe IoT device type
    IO_T_DEVICE_VENDOR
    IoTDeviceVendorThe IoT device vendor
    IO_T_DEVICE_MODEL
    IoTDeviceModelThe IoT device model
    IO_T_DEVICE_OPERATING_SYSTEM
    IoTDeviceOperatingSystemThe IoT device operating system
    IP_ADDRESS
    IPAddressThe IP address
    MAILBOX_DISPLAY_NAME
    MailboxDisplayNameThe mailbox display name
    MAILBOX_PRIMARY_ADDRESS
    MailboxPrimaryAddressThe mailbox primary address
    MAILBOX_UPN
    MailboxUPNThe mailbox user principal name
    MAIL_MESSAGE_DELIVERY_ACTION
    MailMessageDeliveryActionThe mail message delivery action
    MAIL_MESSAGE_DELIVERY_LOCATION
    MailMessageDeliveryLocationThe mail message delivery location
    MAIL_MESSAGE_RECIPIENT
    MailMessageRecipientThe mail message recipient
    MAIL_MESSAGE_SENDER_IP
    MailMessageSenderIPThe mail message sender IP address
    MAIL_MESSAGE_SUBJECT
    MailMessageSubjectThe mail message subject
    MAIL_MESSAGE_P1_SENDER
    MailMessageP1SenderThe mail message P1 sender
    MAIL_MESSAGE_P2_SENDER
    MailMessageP2SenderThe mail message P2 sender
    MALWARE_CATEGORY
    MalwareCategoryThe malware category
    MALWARE_NAME
    MalwareNameThe malware name
    PROCESS_COMMAND_LINE
    ProcessCommandLineThe process execution command line
    PROCESS_ID
    ProcessIdThe process id
    REGISTRY_KEY
    RegistryKeyThe registry key path
    REGISTRY_VALUE_DATA
    RegistryValueDataThe registry key value in string formatted representation
    URL
    UrlThe url
    "IncidentTitle"
    IncidentTitleThe title of the incident
    "IncidentDescription"
    IncidentDescriptionThe description of the incident
    "IncidentSeverity"
    IncidentSeverityThe severity of the incident
    "IncidentStatus"
    IncidentStatusThe status of the incident
    "IncidentTactics"
    IncidentTacticsThe tactics of the incident
    "IncidentRelatedAnalyticRuleIds"
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    "IncidentProviderName"
    IncidentProviderNameThe provider name of the incident
    "AccountAadTenantId"
    AccountAadTenantIdThe account Azure Active Directory tenant id
    "AccountAadUserId"
    AccountAadUserIdThe account Azure Active Directory user id.
    "AccountName"
    AccountNameThe account name
    "AccountNTDomain"
    AccountNTDomainThe account NetBIOS domain name
    "AccountPUID"
    AccountPUIDThe account Azure Active Directory Passport User ID
    "AccountSid"
    AccountSidThe account security identifier
    "AccountObjectGuid"
    AccountObjectGuidThe account unique identifier
    "AccountUPNSuffix"
    AccountUPNSuffixThe account user principal name suffix
    "AzureResourceResourceId"
    AzureResourceResourceIdThe Azure resource id
    "AzureResourceSubscriptionId"
    AzureResourceSubscriptionIdThe Azure resource subscription id
    "CloudApplicationAppId"
    CloudApplicationAppIdThe cloud application identifier
    "CloudApplicationAppName"
    CloudApplicationAppNameThe cloud application name
    "DNSDomainName"
    DNSDomainNameThe dns record domain name
    "FileDirectory"
    FileDirectoryThe file directory full path
    "FileName"
    FileNameThe file name without path
    "FileHashValue"
    FileHashValueThe file hash value
    "HostAzureID"
    HostAzureIDThe host Azure resource id
    "HostName"
    HostNameThe host name without domain
    "HostNetBiosName"
    HostNetBiosNameThe host NetBIOS name
    "HostNTDomain"
    HostNTDomainThe host NT domain
    "HostOSVersion"
    HostOSVersionThe host operating system
    "IoTDeviceId"
    IoTDeviceIdThe IoT device id
    "IoTDeviceName"
    IoTDeviceNameThe IoT device name
    "IoTDeviceType"
    IoTDeviceTypeThe IoT device type
    "IoTDeviceVendor"
    IoTDeviceVendorThe IoT device vendor
    "IoTDeviceModel"
    IoTDeviceModelThe IoT device model
    "IoTDeviceOperatingSystem"
    IoTDeviceOperatingSystemThe IoT device operating system
    "IPAddress"
    IPAddressThe IP address
    "MailboxDisplayName"
    MailboxDisplayNameThe mailbox display name
    "MailboxPrimaryAddress"
    MailboxPrimaryAddressThe mailbox primary address
    "MailboxUPN"
    MailboxUPNThe mailbox user principal name
    "MailMessageDeliveryAction"
    MailMessageDeliveryActionThe mail message delivery action
    "MailMessageDeliveryLocation"
    MailMessageDeliveryLocationThe mail message delivery location
    "MailMessageRecipient"
    MailMessageRecipientThe mail message recipient
    "MailMessageSenderIP"
    MailMessageSenderIPThe mail message sender IP address
    "MailMessageSubject"
    MailMessageSubjectThe mail message subject
    "MailMessageP1Sender"
    MailMessageP1SenderThe mail message P1 sender
    "MailMessageP2Sender"
    MailMessageP2SenderThe mail message P2 sender
    "MalwareCategory"
    MalwareCategoryThe malware category
    "MalwareName"
    MalwareNameThe malware name
    "ProcessCommandLine"
    ProcessCommandLineThe process execution command line
    "ProcessId"
    ProcessIdThe process id
    "RegistryKey"
    RegistryKeyThe registry key path
    "RegistryValueData"
    RegistryValueDataThe registry key value in string formatted representation
    "Url"
    UrlThe url

    AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

    ConditionProperties AutomationRulePropertyValuesConditionConditionProperties
    The configuration of the automation rule condition
    conditionProperties AutomationRulePropertyValuesConditionConditionProperties
    The configuration of the automation rule condition
    conditionProperties AutomationRulePropertyValuesConditionConditionProperties
    The configuration of the automation rule condition
    condition_properties AutomationRulePropertyValuesConditionConditionProperties
    The configuration of the automation rule condition
    conditionProperties Property Map
    The configuration of the automation rule condition

    AutomationRulePropertyValuesConditionConditionProperties, AutomationRulePropertyValuesConditionConditionPropertiesArgs

    Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator
    The operator to use for evaluation the condition
    PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedProperty
    The property to evaluate
    PropertyValues List<string>
    The values to use for evaluating the condition
    Operator string | AutomationRulePropertyConditionSupportedOperator
    The operator to use for evaluation the condition
    PropertyName string | AutomationRulePropertyConditionSupportedProperty
    The property to evaluate
    PropertyValues []string
    The values to use for evaluating the condition
    operator String | AutomationRulePropertyConditionSupportedOperator
    The operator to use for evaluation the condition
    propertyName String | AutomationRulePropertyConditionSupportedProperty
    The property to evaluate
    propertyValues List<String>
    The values to use for evaluating the condition
    operator string | AutomationRulePropertyConditionSupportedOperator
    The operator to use for evaluation the condition
    propertyName string | AutomationRulePropertyConditionSupportedProperty
    The property to evaluate
    propertyValues string[]
    The values to use for evaluating the condition
    operator str | AutomationRulePropertyConditionSupportedOperator
    The operator to use for evaluation the condition
    property_name str | AutomationRulePropertyConditionSupportedProperty
    The property to evaluate
    property_values Sequence[str]
    The values to use for evaluating the condition
    operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
    The operator to use for evaluation the condition
    propertyName String | "IncidentTitle" | "IncidentDescription" | "IncidentSeverity" | "IncidentStatus" | "IncidentTactics" | "IncidentRelatedAnalyticRuleIds" | "IncidentProviderName" | "AccountAadTenantId" | "AccountAadUserId" | "AccountName" | "AccountNTDomain" | "AccountPUID" | "AccountSid" | "AccountObjectGuid" | "AccountUPNSuffix" | "AzureResourceResourceId" | "AzureResourceSubscriptionId" | "CloudApplicationAppId" | "CloudApplicationAppName" | "DNSDomainName" | "FileDirectory" | "FileName" | "FileHashValue" | "HostAzureID" | "HostName" | "HostNetBiosName" | "HostNTDomain" | "HostOSVersion" | "IoTDeviceId" | "IoTDeviceName" | "IoTDeviceType" | "IoTDeviceVendor" | "IoTDeviceModel" | "IoTDeviceOperatingSystem" | "IPAddress" | "MailboxDisplayName" | "MailboxPrimaryAddress" | "MailboxUPN" | "MailMessageDeliveryAction" | "MailMessageDeliveryLocation" | "MailMessageRecipient" | "MailMessageSenderIP" | "MailMessageSubject" | "MailMessageP1Sender" | "MailMessageP2Sender" | "MalwareCategory" | "MalwareName" | "ProcessCommandLine" | "ProcessId" | "RegistryKey" | "RegistryValueData" | "Url"
    The property to evaluate
    propertyValues List<String>
    The values to use for evaluating the condition

    AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

    conditionProperties Property Map
    The configuration of the automation rule condition

    AutomationRulePropertyValuesConditionResponseConditionProperties, AutomationRulePropertyValuesConditionResponseConditionPropertiesArgs

    Operator string
    The operator to use for evaluation the condition
    PropertyName string
    The property to evaluate
    PropertyValues List<string>
    The values to use for evaluating the condition
    Operator string
    The operator to use for evaluation the condition
    PropertyName string
    The property to evaluate
    PropertyValues []string
    The values to use for evaluating the condition
    operator String
    The operator to use for evaluation the condition
    propertyName String
    The property to evaluate
    propertyValues List<String>
    The values to use for evaluating the condition
    operator string
    The operator to use for evaluation the condition
    propertyName string
    The property to evaluate
    propertyValues string[]
    The values to use for evaluating the condition
    operator str
    The operator to use for evaluation the condition
    property_name str
    The property to evaluate
    property_values Sequence[str]
    The values to use for evaluating the condition
    operator String
    The operator to use for evaluation the condition
    propertyName String
    The property to evaluate
    propertyValues List<String>
    The values to use for evaluating the condition

    AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

    ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfiguration
    The configuration of the run playbook automation rule action
    Order int
    The order of execution of the automation rule action
    ActionConfiguration AutomationRuleRunPlaybookActionActionConfiguration
    The configuration of the run playbook automation rule action
    Order int
    The order of execution of the automation rule action
    actionConfiguration AutomationRuleRunPlaybookActionActionConfiguration
    The configuration of the run playbook automation rule action
    order Integer
    The order of execution of the automation rule action
    actionConfiguration AutomationRuleRunPlaybookActionActionConfiguration
    The configuration of the run playbook automation rule action
    order number
    The order of execution of the automation rule action
    action_configuration AutomationRuleRunPlaybookActionActionConfiguration
    The configuration of the run playbook automation rule action
    order int
    The order of execution of the automation rule action
    actionConfiguration Property Map
    The configuration of the run playbook automation rule action
    order Number
    The order of execution of the automation rule action

    AutomationRuleRunPlaybookActionActionConfiguration, AutomationRuleRunPlaybookActionActionConfigurationArgs

    LogicAppResourceId string
    The resource id of the playbook resource
    TenantId string
    The tenant id of the playbook resource
    LogicAppResourceId string
    The resource id of the playbook resource
    TenantId string
    The tenant id of the playbook resource
    logicAppResourceId String
    The resource id of the playbook resource
    tenantId String
    The tenant id of the playbook resource
    logicAppResourceId string
    The resource id of the playbook resource
    tenantId string
    The tenant id of the playbook resource
    logic_app_resource_id str
    The resource id of the playbook resource
    tenant_id str
    The tenant id of the playbook resource
    logicAppResourceId String
    The resource id of the playbook resource
    tenantId String
    The tenant id of the playbook resource

    AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

    ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionResponseActionConfiguration
    The configuration of the run playbook automation rule action
    Order int
    The order of execution of the automation rule action
    ActionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration
    The configuration of the run playbook automation rule action
    Order int
    The order of execution of the automation rule action
    actionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration
    The configuration of the run playbook automation rule action
    order Integer
    The order of execution of the automation rule action
    actionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration
    The configuration of the run playbook automation rule action
    order number
    The order of execution of the automation rule action
    action_configuration AutomationRuleRunPlaybookActionResponseActionConfiguration
    The configuration of the run playbook automation rule action
    order int
    The order of execution of the automation rule action
    actionConfiguration Property Map
    The configuration of the run playbook automation rule action
    order Number
    The order of execution of the automation rule action

    AutomationRuleRunPlaybookActionResponseActionConfiguration, AutomationRuleRunPlaybookActionResponseActionConfigurationArgs

    LogicAppResourceId string
    The resource id of the playbook resource
    TenantId string
    The tenant id of the playbook resource
    LogicAppResourceId string
    The resource id of the playbook resource
    TenantId string
    The tenant id of the playbook resource
    logicAppResourceId String
    The resource id of the playbook resource
    tenantId String
    The tenant id of the playbook resource
    logicAppResourceId string
    The resource id of the playbook resource
    tenantId string
    The tenant id of the playbook resource
    logic_app_resource_id str
    The resource id of the playbook resource
    tenant_id str
    The tenant id of the playbook resource
    logicAppResourceId String
    The resource id of the playbook resource
    tenantId String
    The tenant id of the playbook resource

    AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

    IsEnabled bool
    Determines whether the automation rule is enabled or disabled.
    TriggersOn string | Pulumi.AzureNative.SecurityInsights.TriggersOn
    The type of object the automation rule triggers on
    TriggersWhen string | Pulumi.AzureNative.SecurityInsights.TriggersWhen
    The type of event the automation rule triggers on
    Conditions List<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesCondition>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    ExpirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    IsEnabled bool
    Determines whether the automation rule is enabled or disabled.
    TriggersOn string | TriggersOn
    The type of object the automation rule triggers on
    TriggersWhen string | TriggersWhen
    The type of event the automation rule triggers on
    Conditions []AutomationRulePropertyValuesCondition
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    ExpirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled Boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn String | TriggersOn
    The type of object the automation rule triggers on
    triggersWhen String | TriggersWhen
    The type of event the automation rule triggers on
    conditions List<AutomationRulePropertyValuesCondition>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    expirationTimeUtc String
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn string | TriggersOn
    The type of object the automation rule triggers on
    triggersWhen string | TriggersWhen
    The type of event the automation rule triggers on
    conditions AutomationRulePropertyValuesCondition[]
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    expirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    is_enabled bool
    Determines whether the automation rule is enabled or disabled.
    triggers_on str | TriggersOn
    The type of object the automation rule triggers on
    triggers_when str | TriggersWhen
    The type of event the automation rule triggers on
    conditions Sequence[AutomationRulePropertyValuesCondition]
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    expiration_time_utc str
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled Boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn String | "Incidents"
    The type of object the automation rule triggers on
    triggersWhen String | "Created"
    The type of event the automation rule triggers on
    conditions List<Property Map>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    expirationTimeUtc String
    Determines when the automation rule should automatically expire and be disabled.

    AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

    IsEnabled bool
    Determines whether the automation rule is enabled or disabled.
    TriggersOn string
    The type of object the automation rule triggers on
    TriggersWhen string
    The type of event the automation rule triggers on
    Conditions List<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionResponse>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    ExpirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    IsEnabled bool
    Determines whether the automation rule is enabled or disabled.
    TriggersOn string
    The type of object the automation rule triggers on
    TriggersWhen string
    The type of event the automation rule triggers on
    Conditions []AutomationRulePropertyValuesConditionResponse
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    ExpirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled Boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn String
    The type of object the automation rule triggers on
    triggersWhen String
    The type of event the automation rule triggers on
    conditions List<AutomationRulePropertyValuesConditionResponse>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    expirationTimeUtc String
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn string
    The type of object the automation rule triggers on
    triggersWhen string
    The type of event the automation rule triggers on
    conditions AutomationRulePropertyValuesConditionResponse[]
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    expirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    is_enabled bool
    Determines whether the automation rule is enabled or disabled.
    triggers_on str
    The type of object the automation rule triggers on
    triggers_when str
    The type of event the automation rule triggers on
    conditions Sequence[AutomationRulePropertyValuesConditionResponse]
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    expiration_time_utc str
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled Boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn String
    The type of object the automation rule triggers on
    triggersWhen String
    The type of event the automation rule triggers on
    conditions List<Property Map>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object
    expirationTimeUtc String
    Determines when the automation rule should automatically expire and be disabled.

    ClientInfoResponse, ClientInfoResponseArgs

    Email string
    The email of the client.
    Name string
    The name of the client.
    ObjectId string
    The object id of the client.
    UserPrincipalName string
    The user principal name of the client.
    Email string
    The email of the client.
    Name string
    The name of the client.
    ObjectId string
    The object id of the client.
    UserPrincipalName string
    The user principal name of the client.
    email String
    The email of the client.
    name String
    The name of the client.
    objectId String
    The object id of the client.
    userPrincipalName String
    The user principal name of the client.
    email string
    The email of the client.
    name string
    The name of the client.
    objectId string
    The object id of the client.
    userPrincipalName string
    The user principal name of the client.
    email str
    The email of the client.
    name str
    The name of the client.
    object_id str
    The object id of the client.
    user_principal_name str
    The user principal name of the client.
    email String
    The email of the client.
    name String
    The name of the client.
    objectId String
    The object id of the client.
    userPrincipalName String
    The user principal name of the client.

    IncidentClassification, IncidentClassificationArgs

    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    IncidentClassificationUndetermined
    UndeterminedIncident classification was undetermined
    IncidentClassificationTruePositive
    TruePositiveIncident was true positive
    IncidentClassificationBenignPositive
    BenignPositiveIncident was benign positive
    IncidentClassificationFalsePositive
    FalsePositiveIncident was false positive
    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    UNDETERMINED
    UndeterminedIncident classification was undetermined
    TRUE_POSITIVE
    TruePositiveIncident was true positive
    BENIGN_POSITIVE
    BenignPositiveIncident was benign positive
    FALSE_POSITIVE
    FalsePositiveIncident was false positive
    "Undetermined"
    UndeterminedIncident classification was undetermined
    "TruePositive"
    TruePositiveIncident was true positive
    "BenignPositive"
    BenignPositiveIncident was benign positive
    "FalsePositive"
    FalsePositiveIncident was false positive

    IncidentClassificationReason, IncidentClassificationReasonArgs

    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    IncidentClassificationReasonSuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    IncidentClassificationReasonSuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncidentClassificationReasonIncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    IncidentClassificationReasonInaccurateData
    InaccurateDataClassification reason was inaccurate data
    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    SUSPICIOUS_ACTIVITY
    SuspiciousActivityClassification reason was suspicious activity
    SUSPICIOUS_BUT_EXPECTED
    SuspiciousButExpectedClassification reason was suspicious but expected
    INCORRECT_ALERT_LOGIC
    IncorrectAlertLogicClassification reason was incorrect alert logic
    INACCURATE_DATA
    InaccurateDataClassification reason was inaccurate data
    "SuspiciousActivity"
    SuspiciousActivityClassification reason was suspicious activity
    "SuspiciousButExpected"
    SuspiciousButExpectedClassification reason was suspicious but expected
    "IncorrectAlertLogic"
    IncorrectAlertLogicClassification reason was incorrect alert logic
    "InaccurateData"
    InaccurateDataClassification reason was inaccurate data

    IncidentLabel, IncidentLabelArgs

    LabelName string
    The name of the label
    LabelName string
    The name of the label
    labelName String
    The name of the label
    labelName string
    The name of the label
    label_name str
    The name of the label
    labelName String
    The name of the label

    IncidentLabelResponse, IncidentLabelResponseArgs

    LabelName string
    The name of the label
    LabelType string
    The type of the label
    LabelName string
    The name of the label
    LabelType string
    The type of the label
    labelName String
    The name of the label
    labelType String
    The type of the label
    labelName string
    The name of the label
    labelType string
    The type of the label
    label_name str
    The name of the label
    label_type str
    The type of the label
    labelName String
    The name of the label
    labelType String
    The type of the label

    IncidentOwnerInfo, IncidentOwnerInfoArgs

    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.
    assignedTo string
    The name of the user the incident is assigned to.
    email string
    The email of the user the incident is assigned to.
    objectId string
    The object id of the user the incident is assigned to.
    userPrincipalName string
    The user principal name of the user the incident is assigned to.
    assigned_to str
    The name of the user the incident is assigned to.
    email str
    The email of the user the incident is assigned to.
    object_id str
    The object id of the user the incident is assigned to.
    user_principal_name str
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.

    IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.
    assignedTo string
    The name of the user the incident is assigned to.
    email string
    The email of the user the incident is assigned to.
    objectId string
    The object id of the user the incident is assigned to.
    userPrincipalName string
    The user principal name of the user the incident is assigned to.
    assigned_to str
    The name of the user the incident is assigned to.
    email str
    The email of the user the incident is assigned to.
    object_id str
    The object id of the user the incident is assigned to.
    user_principal_name str
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.

    IncidentSeverity, IncidentSeverityArgs

    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    IncidentSeverityHigh
    HighHigh severity
    IncidentSeverityMedium
    MediumMedium severity
    IncidentSeverityLow
    LowLow severity
    IncidentSeverityInformational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    HIGH
    HighHigh severity
    MEDIUM
    MediumMedium severity
    LOW
    LowLow severity
    INFORMATIONAL
    InformationalInformational severity
    "High"
    HighHigh severity
    "Medium"
    MediumMedium severity
    "Low"
    LowLow severity
    "Informational"
    InformationalInformational severity

    IncidentStatus, IncidentStatusArgs

    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    IncidentStatusNew
    NewAn active incident which isn't being handled currently
    IncidentStatusActive
    ActiveAn active incident which is being handled
    IncidentStatusClosed
    ClosedA non-active incident
    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    NEW
    NewAn active incident which isn't being handled currently
    ACTIVE
    ActiveAn active incident which is being handled
    CLOSED
    ClosedA non-active incident
    "New"
    NewAn active incident which isn't being handled currently
    "Active"
    ActiveAn active incident which is being handled
    "Closed"
    ClosedA non-active incident

    TriggersOn, TriggersOnArgs

    Incidents
    IncidentsTrigger on Incidents
    TriggersOnIncidents
    IncidentsTrigger on Incidents
    Incidents
    IncidentsTrigger on Incidents
    Incidents
    IncidentsTrigger on Incidents
    INCIDENTS
    IncidentsTrigger on Incidents
    "Incidents"
    IncidentsTrigger on Incidents

    TriggersWhen, TriggersWhenArgs

    Created
    CreatedTrigger on created objects
    TriggersWhenCreated
    CreatedTrigger on created objects
    Created
    CreatedTrigger on created objects
    Created
    CreatedTrigger on created objects
    CREATED
    CreatedTrigger on created objects
    "Created"
    CreatedTrigger on created objects

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    azure-native-v1 pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native-v1 logo
    These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
    Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi