azure-native.security.AlertsSuppressionRule
Explore with Pulumi AI
Describes the suppression rule Azure REST API version: 2019-01-01-preview. Prior API version in Azure Native 1.x: 2019-01-01-preview.
Example Usage
Update or create suppression rule for subscription
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var alertsSuppressionRule = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRule", new()
{
AlertType = "IpAnomaly",
AlertsSuppressionRuleName = "dismissIpAnomalyAlerts",
Comment = "Test VM",
ExpirationDateUtc = "2019-12-01T19:50:47.083633Z",
Reason = "FalsePositive",
State = AzureNative.Security.RuleState.Enabled,
SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
{
AllOf = new[]
{
new AzureNative.Security.Inputs.ScopeElementArgs
{
Field = "entities.ip.address",
},
new AzureNative.Security.Inputs.ScopeElementArgs
{
Field = "entities.process.commandline",
},
},
},
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRule", &security.AlertsSuppressionRuleArgs{
AlertType: pulumi.String("IpAnomaly"),
AlertsSuppressionRuleName: pulumi.String("dismissIpAnomalyAlerts"),
Comment: pulumi.String("Test VM"),
ExpirationDateUtc: pulumi.String("2019-12-01T19:50:47.083633Z"),
Reason: pulumi.String("FalsePositive"),
State: pulumi.String(security.RuleStateEnabled),
SuppressionAlertsScope: &security.SuppressionAlertsScopeArgs{
AllOf: security.ScopeElementArray{
&security.ScopeElementArgs{
Field: pulumi.String("entities.ip.address"),
},
&security.ScopeElementArgs{
Field: pulumi.String("entities.process.commandline"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.AlertsSuppressionRule;
import com.pulumi.azurenative.security.AlertsSuppressionRuleArgs;
import com.pulumi.azurenative.security.inputs.SuppressionAlertsScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var alertsSuppressionRule = new AlertsSuppressionRule("alertsSuppressionRule", AlertsSuppressionRuleArgs.builder()
.alertType("IpAnomaly")
.alertsSuppressionRuleName("dismissIpAnomalyAlerts")
.comment("Test VM")
.expirationDateUtc("2019-12-01T19:50:47.083633Z")
.reason("FalsePositive")
.state("Enabled")
.suppressionAlertsScope(SuppressionAlertsScopeArgs.builder()
.allOf(
ScopeElementArgs.builder()
.field("entities.ip.address")
.build(),
ScopeElementArgs.builder()
.field("entities.process.commandline")
.build())
.build())
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
alerts_suppression_rule = azure_native.security.AlertsSuppressionRule("alertsSuppressionRule",
alert_type="IpAnomaly",
alerts_suppression_rule_name="dismissIpAnomalyAlerts",
comment="Test VM",
expiration_date_utc="2019-12-01T19:50:47.083633Z",
reason="FalsePositive",
state=azure_native.security.RuleState.ENABLED,
suppression_alerts_scope={
"all_of": [
{
"field": "entities.ip.address",
},
{
"field": "entities.process.commandline",
},
],
})
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const alertsSuppressionRule = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRule", {
alertType: "IpAnomaly",
alertsSuppressionRuleName: "dismissIpAnomalyAlerts",
comment: "Test VM",
expirationDateUtc: "2019-12-01T19:50:47.083633Z",
reason: "FalsePositive",
state: azure_native.security.RuleState.Enabled,
suppressionAlertsScope: {
allOf: [
{
field: "entities.ip.address",
},
{
field: "entities.process.commandline",
},
],
},
});
resources:
alertsSuppressionRule:
type: azure-native:security:AlertsSuppressionRule
properties:
alertType: IpAnomaly
alertsSuppressionRuleName: dismissIpAnomalyAlerts
comment: Test VM
expirationDateUtc: 2019-12-01T19:50:47.083633Z
reason: FalsePositive
state: Enabled
suppressionAlertsScope:
allOf:
- field: entities.ip.address
- field: entities.process.commandline
Create AlertsSuppressionRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AlertsSuppressionRule(name: string, args: AlertsSuppressionRuleArgs, opts?: CustomResourceOptions);
@overload
def AlertsSuppressionRule(resource_name: str,
args: AlertsSuppressionRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AlertsSuppressionRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
alert_type: Optional[str] = None,
reason: Optional[str] = None,
state: Optional[Union[str, RuleState]] = None,
alerts_suppression_rule_name: Optional[str] = None,
comment: Optional[str] = None,
expiration_date_utc: Optional[str] = None,
suppression_alerts_scope: Optional[SuppressionAlertsScopeArgs] = None)
func NewAlertsSuppressionRule(ctx *Context, name string, args AlertsSuppressionRuleArgs, opts ...ResourceOption) (*AlertsSuppressionRule, error)
public AlertsSuppressionRule(string name, AlertsSuppressionRuleArgs args, CustomResourceOptions? opts = null)
public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args)
public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args, CustomResourceOptions options)
type: azure-native:security:AlertsSuppressionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var alertsSuppressionRuleResource = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRuleResource", new()
{
AlertType = "string",
Reason = "string",
State = "string",
AlertsSuppressionRuleName = "string",
Comment = "string",
ExpirationDateUtc = "string",
SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
{
AllOf = new[]
{
new AzureNative.Security.Inputs.ScopeElementArgs
{
Field = "string",
},
},
},
});
example, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRuleResource", &security.AlertsSuppressionRuleArgs{
AlertType: pulumi.String("string"),
Reason: pulumi.String("string"),
State: pulumi.String("string"),
AlertsSuppressionRuleName: pulumi.String("string"),
Comment: pulumi.String("string"),
ExpirationDateUtc: pulumi.String("string"),
SuppressionAlertsScope: &security.SuppressionAlertsScopeArgs{
AllOf: security.ScopeElementArray{
&security.ScopeElementArgs{
Field: pulumi.String("string"),
},
},
},
})
var alertsSuppressionRuleResource = new AlertsSuppressionRule("alertsSuppressionRuleResource", AlertsSuppressionRuleArgs.builder()
.alertType("string")
.reason("string")
.state("string")
.alertsSuppressionRuleName("string")
.comment("string")
.expirationDateUtc("string")
.suppressionAlertsScope(SuppressionAlertsScopeArgs.builder()
.allOf(ScopeElementArgs.builder()
.field("string")
.build())
.build())
.build());
alerts_suppression_rule_resource = azure_native.security.AlertsSuppressionRule("alertsSuppressionRuleResource",
alert_type="string",
reason="string",
state="string",
alerts_suppression_rule_name="string",
comment="string",
expiration_date_utc="string",
suppression_alerts_scope={
"all_of": [{
"field": "string",
}],
})
const alertsSuppressionRuleResource = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRuleResource", {
alertType: "string",
reason: "string",
state: "string",
alertsSuppressionRuleName: "string",
comment: "string",
expirationDateUtc: "string",
suppressionAlertsScope: {
allOf: [{
field: "string",
}],
},
});
type: azure-native:security:AlertsSuppressionRule
properties:
alertType: string
alertsSuppressionRuleName: string
comment: string
expirationDateUtc: string
reason: string
state: string
suppressionAlertsScope:
allOf:
- field: string
AlertsSuppressionRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AlertsSuppressionRule resource accepts the following input properties:
- Alert
Type string - Type of the alert to automatically suppress. For all alert types, use '*'
- Reason string
- The reason for dismissing the alert
- State
string | Pulumi.
Azure Native. Security. Rule State - Possible states of the rule
- Alerts
Suppression stringRule Name - The unique name of the suppression alert rule
- Comment string
- Any comment regarding the rule
- Expiration
Date stringUtc - Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- Suppression
Alerts Pulumi.Scope Azure Native. Security. Inputs. Suppression Alerts Scope - The suppression conditions
- Alert
Type string - Type of the alert to automatically suppress. For all alert types, use '*'
- Reason string
- The reason for dismissing the alert
- State
string | Rule
State - Possible states of the rule
- Alerts
Suppression stringRule Name - The unique name of the suppression alert rule
- Comment string
- Any comment regarding the rule
- Expiration
Date stringUtc - Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- Suppression
Alerts SuppressionScope Alerts Scope Args - The suppression conditions
- alert
Type String - Type of the alert to automatically suppress. For all alert types, use '*'
- reason String
- The reason for dismissing the alert
- state
String | Rule
State - Possible states of the rule
- alerts
Suppression StringRule Name - The unique name of the suppression alert rule
- comment String
- Any comment regarding the rule
- expiration
Date StringUtc - Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- suppression
Alerts SuppressionScope Alerts Scope - The suppression conditions
- alert
Type string - Type of the alert to automatically suppress. For all alert types, use '*'
- reason string
- The reason for dismissing the alert
- state
string | Rule
State - Possible states of the rule
- alerts
Suppression stringRule Name - The unique name of the suppression alert rule
- comment string
- Any comment regarding the rule
- expiration
Date stringUtc - Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- suppression
Alerts SuppressionScope Alerts Scope - The suppression conditions
- alert_
type str - Type of the alert to automatically suppress. For all alert types, use '*'
- reason str
- The reason for dismissing the alert
- state
str | Rule
State - Possible states of the rule
- alerts_
suppression_ strrule_ name - The unique name of the suppression alert rule
- comment str
- Any comment regarding the rule
- expiration_
date_ strutc - Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- suppression_
alerts_ Suppressionscope Alerts Scope Args - The suppression conditions
- alert
Type String - Type of the alert to automatically suppress. For all alert types, use '*'
- reason String
- The reason for dismissing the alert
- state String | "Enabled" | "Disabled" | "Expired"
- Possible states of the rule
- alerts
Suppression StringRule Name - The unique name of the suppression alert rule
- comment String
- Any comment regarding the rule
- expiration
Date StringUtc - Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- suppression
Alerts Property MapScope - The suppression conditions
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertsSuppressionRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc - The last time this rule was modified
- Name string
- Resource name
- Type string
- Resource type
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc - The last time this rule was modified
- Name string
- Resource name
- Type string
- Resource type
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc - The last time this rule was modified
- name String
- Resource name
- type String
- Resource type
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified stringUtc - The last time this rule was modified
- name string
- Resource name
- type string
- Resource type
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified_ strutc - The last time this rule was modified
- name str
- Resource name
- type str
- Resource type
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc - The last time this rule was modified
- name String
- Resource name
- type String
- Resource type
Supporting Types
RuleState, RuleStateArgs
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- Rule
State Enabled - Enabled
- Rule
State Disabled - Disabled
- Rule
State Expired - Expired
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- ENABLED
- Enabled
- DISABLED
- Disabled
- EXPIRED
- Expired
- "Enabled"
- Enabled
- "Disabled"
- Disabled
- "Expired"
- Expired
ScopeElement, ScopeElementArgs
- Field string
- The alert entity type to suppress by.
- Field string
- The alert entity type to suppress by.
- field String
- The alert entity type to suppress by.
- field string
- The alert entity type to suppress by.
- field str
- The alert entity type to suppress by.
- field String
- The alert entity type to suppress by.
ScopeElementResponse, ScopeElementResponseArgs
- Field string
- The alert entity type to suppress by.
- Field string
- The alert entity type to suppress by.
- field String
- The alert entity type to suppress by.
- field string
- The alert entity type to suppress by.
- field str
- The alert entity type to suppress by.
- field String
- The alert entity type to suppress by.
SuppressionAlertsScope, SuppressionAlertsScopeArgs
- All
Of List<Pulumi.Azure Native. Security. Inputs. Scope Element> - All the conditions inside need to be true in order to suppress the alert
- All
Of []ScopeElement - All the conditions inside need to be true in order to suppress the alert
- all
Of List<ScopeElement> - All the conditions inside need to be true in order to suppress the alert
- all
Of ScopeElement[] - All the conditions inside need to be true in order to suppress the alert
- all_
of Sequence[ScopeElement] - All the conditions inside need to be true in order to suppress the alert
- all
Of List<Property Map> - All the conditions inside need to be true in order to suppress the alert
SuppressionAlertsScopeResponse, SuppressionAlertsScopeResponseArgs
- All
Of List<Pulumi.Azure Native. Security. Inputs. Scope Element Response> - All the conditions inside need to be true in order to suppress the alert
- All
Of []ScopeElement Response - All the conditions inside need to be true in order to suppress the alert
- all
Of List<ScopeElement Response> - All the conditions inside need to be true in order to suppress the alert
- all
Of ScopeElement Response[] - All the conditions inside need to be true in order to suppress the alert
- all_
of Sequence[ScopeElement Response] - All the conditions inside need to be true in order to suppress the alert
- all
Of List<Property Map> - All the conditions inside need to be true in order to suppress the alert
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:security:AlertsSuppressionRule dismissIpAnomalyAlerts /subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0