1. Packages
  2. Azure Native
  3. API Docs
  4. security
  5. AlertsSuppressionRule
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

azure-native.security.AlertsSuppressionRule

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Describes the suppression rule Azure REST API version: 2019-01-01-preview. Prior API version in Azure Native 1.x: 2019-01-01-preview.

    Example Usage

    Update or create suppression rule for subscription

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var alertsSuppressionRule = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRule", new()
        {
            AlertType = "IpAnomaly",
            AlertsSuppressionRuleName = "dismissIpAnomalyAlerts",
            Comment = "Test VM",
            ExpirationDateUtc = "2019-12-01T19:50:47.083633Z",
            Reason = "FalsePositive",
            State = AzureNative.Security.RuleState.Enabled,
            SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
            {
                AllOf = new[]
                {
                    new AzureNative.Security.Inputs.ScopeElementArgs
                    {
                        Field = "entities.ip.address",
                    },
                    new AzureNative.Security.Inputs.ScopeElementArgs
                    {
                        Field = "entities.process.commandline",
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRule", &security.AlertsSuppressionRuleArgs{
    			AlertType:                 pulumi.String("IpAnomaly"),
    			AlertsSuppressionRuleName: pulumi.String("dismissIpAnomalyAlerts"),
    			Comment:                   pulumi.String("Test VM"),
    			ExpirationDateUtc:         pulumi.String("2019-12-01T19:50:47.083633Z"),
    			Reason:                    pulumi.String("FalsePositive"),
    			State:                     pulumi.String(security.RuleStateEnabled),
    			SuppressionAlertsScope: &security.SuppressionAlertsScopeArgs{
    				AllOf: security.ScopeElementArray{
    					&security.ScopeElementArgs{
    						Field: pulumi.String("entities.ip.address"),
    					},
    					&security.ScopeElementArgs{
    						Field: pulumi.String("entities.process.commandline"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.security.AlertsSuppressionRule;
    import com.pulumi.azurenative.security.AlertsSuppressionRuleArgs;
    import com.pulumi.azurenative.security.inputs.SuppressionAlertsScopeArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var alertsSuppressionRule = new AlertsSuppressionRule("alertsSuppressionRule", AlertsSuppressionRuleArgs.builder()
                .alertType("IpAnomaly")
                .alertsSuppressionRuleName("dismissIpAnomalyAlerts")
                .comment("Test VM")
                .expirationDateUtc("2019-12-01T19:50:47.083633Z")
                .reason("FalsePositive")
                .state("Enabled")
                .suppressionAlertsScope(SuppressionAlertsScopeArgs.builder()
                    .allOf(                
                        ScopeElementArgs.builder()
                            .field("entities.ip.address")
                            .build(),
                        ScopeElementArgs.builder()
                            .field("entities.process.commandline")
                            .build())
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    alerts_suppression_rule = azure_native.security.AlertsSuppressionRule("alertsSuppressionRule",
        alert_type="IpAnomaly",
        alerts_suppression_rule_name="dismissIpAnomalyAlerts",
        comment="Test VM",
        expiration_date_utc="2019-12-01T19:50:47.083633Z",
        reason="FalsePositive",
        state=azure_native.security.RuleState.ENABLED,
        suppression_alerts_scope={
            "all_of": [
                {
                    "field": "entities.ip.address",
                },
                {
                    "field": "entities.process.commandline",
                },
            ],
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const alertsSuppressionRule = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRule", {
        alertType: "IpAnomaly",
        alertsSuppressionRuleName: "dismissIpAnomalyAlerts",
        comment: "Test VM",
        expirationDateUtc: "2019-12-01T19:50:47.083633Z",
        reason: "FalsePositive",
        state: azure_native.security.RuleState.Enabled,
        suppressionAlertsScope: {
            allOf: [
                {
                    field: "entities.ip.address",
                },
                {
                    field: "entities.process.commandline",
                },
            ],
        },
    });
    
    resources:
      alertsSuppressionRule:
        type: azure-native:security:AlertsSuppressionRule
        properties:
          alertType: IpAnomaly
          alertsSuppressionRuleName: dismissIpAnomalyAlerts
          comment: Test VM
          expirationDateUtc: 2019-12-01T19:50:47.083633Z
          reason: FalsePositive
          state: Enabled
          suppressionAlertsScope:
            allOf:
              - field: entities.ip.address
              - field: entities.process.commandline
    

    Create AlertsSuppressionRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AlertsSuppressionRule(name: string, args: AlertsSuppressionRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AlertsSuppressionRule(resource_name: str,
                              args: AlertsSuppressionRuleArgs,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def AlertsSuppressionRule(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              alert_type: Optional[str] = None,
                              reason: Optional[str] = None,
                              state: Optional[Union[str, RuleState]] = None,
                              alerts_suppression_rule_name: Optional[str] = None,
                              comment: Optional[str] = None,
                              expiration_date_utc: Optional[str] = None,
                              suppression_alerts_scope: Optional[SuppressionAlertsScopeArgs] = None)
    func NewAlertsSuppressionRule(ctx *Context, name string, args AlertsSuppressionRuleArgs, opts ...ResourceOption) (*AlertsSuppressionRule, error)
    public AlertsSuppressionRule(string name, AlertsSuppressionRuleArgs args, CustomResourceOptions? opts = null)
    public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args)
    public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args, CustomResourceOptions options)
    
    type: azure-native:security:AlertsSuppressionRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var alertsSuppressionRuleResource = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRuleResource", new()
    {
        AlertType = "string",
        Reason = "string",
        State = "string",
        AlertsSuppressionRuleName = "string",
        Comment = "string",
        ExpirationDateUtc = "string",
        SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
        {
            AllOf = new[]
            {
                new AzureNative.Security.Inputs.ScopeElementArgs
                {
                    Field = "string",
                },
            },
        },
    });
    
    example, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRuleResource", &security.AlertsSuppressionRuleArgs{
    	AlertType:                 pulumi.String("string"),
    	Reason:                    pulumi.String("string"),
    	State:                     pulumi.String("string"),
    	AlertsSuppressionRuleName: pulumi.String("string"),
    	Comment:                   pulumi.String("string"),
    	ExpirationDateUtc:         pulumi.String("string"),
    	SuppressionAlertsScope: &security.SuppressionAlertsScopeArgs{
    		AllOf: security.ScopeElementArray{
    			&security.ScopeElementArgs{
    				Field: pulumi.String("string"),
    			},
    		},
    	},
    })
    
    var alertsSuppressionRuleResource = new AlertsSuppressionRule("alertsSuppressionRuleResource", AlertsSuppressionRuleArgs.builder()
        .alertType("string")
        .reason("string")
        .state("string")
        .alertsSuppressionRuleName("string")
        .comment("string")
        .expirationDateUtc("string")
        .suppressionAlertsScope(SuppressionAlertsScopeArgs.builder()
            .allOf(ScopeElementArgs.builder()
                .field("string")
                .build())
            .build())
        .build());
    
    alerts_suppression_rule_resource = azure_native.security.AlertsSuppressionRule("alertsSuppressionRuleResource",
        alert_type="string",
        reason="string",
        state="string",
        alerts_suppression_rule_name="string",
        comment="string",
        expiration_date_utc="string",
        suppression_alerts_scope={
            "all_of": [{
                "field": "string",
            }],
        })
    
    const alertsSuppressionRuleResource = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRuleResource", {
        alertType: "string",
        reason: "string",
        state: "string",
        alertsSuppressionRuleName: "string",
        comment: "string",
        expirationDateUtc: "string",
        suppressionAlertsScope: {
            allOf: [{
                field: "string",
            }],
        },
    });
    
    type: azure-native:security:AlertsSuppressionRule
    properties:
        alertType: string
        alertsSuppressionRuleName: string
        comment: string
        expirationDateUtc: string
        reason: string
        state: string
        suppressionAlertsScope:
            allOf:
                - field: string
    

    AlertsSuppressionRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The AlertsSuppressionRule resource accepts the following input properties:

    AlertType string
    Type of the alert to automatically suppress. For all alert types, use '*'
    Reason string
    The reason for dismissing the alert
    State string | Pulumi.AzureNative.Security.RuleState
    Possible states of the rule
    AlertsSuppressionRuleName string
    The unique name of the suppression alert rule
    Comment string
    Any comment regarding the rule
    ExpirationDateUtc string
    Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
    SuppressionAlertsScope Pulumi.AzureNative.Security.Inputs.SuppressionAlertsScope
    The suppression conditions
    AlertType string
    Type of the alert to automatically suppress. For all alert types, use '*'
    Reason string
    The reason for dismissing the alert
    State string | RuleState
    Possible states of the rule
    AlertsSuppressionRuleName string
    The unique name of the suppression alert rule
    Comment string
    Any comment regarding the rule
    ExpirationDateUtc string
    Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
    SuppressionAlertsScope SuppressionAlertsScopeArgs
    The suppression conditions
    alertType String
    Type of the alert to automatically suppress. For all alert types, use '*'
    reason String
    The reason for dismissing the alert
    state String | RuleState
    Possible states of the rule
    alertsSuppressionRuleName String
    The unique name of the suppression alert rule
    comment String
    Any comment regarding the rule
    expirationDateUtc String
    Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
    suppressionAlertsScope SuppressionAlertsScope
    The suppression conditions
    alertType string
    Type of the alert to automatically suppress. For all alert types, use '*'
    reason string
    The reason for dismissing the alert
    state string | RuleState
    Possible states of the rule
    alertsSuppressionRuleName string
    The unique name of the suppression alert rule
    comment string
    Any comment regarding the rule
    expirationDateUtc string
    Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
    suppressionAlertsScope SuppressionAlertsScope
    The suppression conditions
    alert_type str
    Type of the alert to automatically suppress. For all alert types, use '*'
    reason str
    The reason for dismissing the alert
    state str | RuleState
    Possible states of the rule
    alerts_suppression_rule_name str
    The unique name of the suppression alert rule
    comment str
    Any comment regarding the rule
    expiration_date_utc str
    Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
    suppression_alerts_scope SuppressionAlertsScopeArgs
    The suppression conditions
    alertType String
    Type of the alert to automatically suppress. For all alert types, use '*'
    reason String
    The reason for dismissing the alert
    state String | "Enabled" | "Disabled" | "Expired"
    Possible states of the rule
    alertsSuppressionRuleName String
    The unique name of the suppression alert rule
    comment String
    Any comment regarding the rule
    expirationDateUtc String
    Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
    suppressionAlertsScope Property Map
    The suppression conditions

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AlertsSuppressionRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedUtc string
    The last time this rule was modified
    Name string
    Resource name
    Type string
    Resource type
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedUtc string
    The last time this rule was modified
    Name string
    Resource name
    Type string
    Resource type
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc String
    The last time this rule was modified
    name String
    Resource name
    type String
    Resource type
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc string
    The last time this rule was modified
    name string
    Resource name
    type string
    Resource type
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_utc str
    The last time this rule was modified
    name str
    Resource name
    type str
    Resource type
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc String
    The last time this rule was modified
    name String
    Resource name
    type String
    Resource type

    Supporting Types

    RuleState, RuleStateArgs

    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    RuleStateEnabled
    Enabled
    RuleStateDisabled
    Disabled
    RuleStateExpired
    Expired
    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    ENABLED
    Enabled
    DISABLED
    Disabled
    EXPIRED
    Expired
    "Enabled"
    Enabled
    "Disabled"
    Disabled
    "Expired"
    Expired

    ScopeElement, ScopeElementArgs

    Field string
    The alert entity type to suppress by.
    Field string
    The alert entity type to suppress by.
    field String
    The alert entity type to suppress by.
    field string
    The alert entity type to suppress by.
    field str
    The alert entity type to suppress by.
    field String
    The alert entity type to suppress by.

    ScopeElementResponse, ScopeElementResponseArgs

    Field string
    The alert entity type to suppress by.
    Field string
    The alert entity type to suppress by.
    field String
    The alert entity type to suppress by.
    field string
    The alert entity type to suppress by.
    field str
    The alert entity type to suppress by.
    field String
    The alert entity type to suppress by.

    SuppressionAlertsScope, SuppressionAlertsScopeArgs

    AllOf List<Pulumi.AzureNative.Security.Inputs.ScopeElement>
    All the conditions inside need to be true in order to suppress the alert
    AllOf []ScopeElement
    All the conditions inside need to be true in order to suppress the alert
    allOf List<ScopeElement>
    All the conditions inside need to be true in order to suppress the alert
    allOf ScopeElement[]
    All the conditions inside need to be true in order to suppress the alert
    all_of Sequence[ScopeElement]
    All the conditions inside need to be true in order to suppress the alert
    allOf List<Property Map>
    All the conditions inside need to be true in order to suppress the alert

    SuppressionAlertsScopeResponse, SuppressionAlertsScopeResponseArgs

    AllOf List<Pulumi.AzureNative.Security.Inputs.ScopeElementResponse>
    All the conditions inside need to be true in order to suppress the alert
    AllOf []ScopeElementResponse
    All the conditions inside need to be true in order to suppress the alert
    allOf List<ScopeElementResponse>
    All the conditions inside need to be true in order to suppress the alert
    allOf ScopeElementResponse[]
    All the conditions inside need to be true in order to suppress the alert
    all_of Sequence[ScopeElementResponse]
    All the conditions inside need to be true in order to suppress the alert
    allOf List<Property Map>
    All the conditions inside need to be true in order to suppress the alert

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:security:AlertsSuppressionRule dismissIpAnomalyAlerts /subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi