azure-native.securityinsights.Incident
Explore with Pulumi AI
Represents an incident in Azure Security Insights. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-01-01.
Other available API versions: 2021-03-01-preview, 2023-02-01-preview, 2023-03-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview.
Example Usage
Creates or updates an incident.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var incident = new AzureNative.SecurityInsights.Incident("incident", new()
{
Classification = AzureNative.SecurityInsights.IncidentClassification.FalsePositive,
ClassificationComment = "Not a malicious activity",
ClassificationReason = AzureNative.SecurityInsights.IncidentClassificationReason.IncorrectAlertLogic,
Description = "This is a demo incident",
FirstActivityTimeUtc = "2019-01-01T13:00:30Z",
IncidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
LastActivityTimeUtc = "2019-01-01T13:05:30Z",
Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
{
ObjectId = "2046feea-040d-4a46-9e2b-91c2941bfa70",
},
ResourceGroupName = "myRg",
Severity = AzureNative.SecurityInsights.IncidentSeverity.High,
Status = AzureNative.SecurityInsights.IncidentStatus.Closed,
Title = "My incident",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewIncident(ctx, "incident", &securityinsights.IncidentArgs{
Classification: pulumi.String(securityinsights.IncidentClassificationFalsePositive),
ClassificationComment: pulumi.String("Not a malicious activity"),
ClassificationReason: pulumi.String(securityinsights.IncidentClassificationReasonIncorrectAlertLogic),
Description: pulumi.String("This is a demo incident"),
FirstActivityTimeUtc: pulumi.String("2019-01-01T13:00:30Z"),
IncidentId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
LastActivityTimeUtc: pulumi.String("2019-01-01T13:05:30Z"),
Owner: &securityinsights.IncidentOwnerInfoArgs{
ObjectId: pulumi.String("2046feea-040d-4a46-9e2b-91c2941bfa70"),
},
ResourceGroupName: pulumi.String("myRg"),
Severity: pulumi.String(securityinsights.IncidentSeverityHigh),
Status: pulumi.String(securityinsights.IncidentStatusClosed),
Title: pulumi.String("My incident"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.Incident;
import com.pulumi.azurenative.securityinsights.IncidentArgs;
import com.pulumi.azurenative.securityinsights.inputs.IncidentOwnerInfoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var incident = new Incident("incident", IncidentArgs.builder()
.classification("FalsePositive")
.classificationComment("Not a malicious activity")
.classificationReason("IncorrectAlertLogic")
.description("This is a demo incident")
.firstActivityTimeUtc("2019-01-01T13:00:30Z")
.incidentId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.lastActivityTimeUtc("2019-01-01T13:05:30Z")
.owner(IncidentOwnerInfoArgs.builder()
.objectId("2046feea-040d-4a46-9e2b-91c2941bfa70")
.build())
.resourceGroupName("myRg")
.severity("High")
.status("Closed")
.title("My incident")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
incident = azure_native.securityinsights.Incident("incident",
classification=azure_native.securityinsights.IncidentClassification.FALSE_POSITIVE,
classification_comment="Not a malicious activity",
classification_reason=azure_native.securityinsights.IncidentClassificationReason.INCORRECT_ALERT_LOGIC,
description="This is a demo incident",
first_activity_time_utc="2019-01-01T13:00:30Z",
incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
last_activity_time_utc="2019-01-01T13:05:30Z",
owner={
"object_id": "2046feea-040d-4a46-9e2b-91c2941bfa70",
},
resource_group_name="myRg",
severity=azure_native.securityinsights.IncidentSeverity.HIGH,
status=azure_native.securityinsights.IncidentStatus.CLOSED,
title="My incident",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const incident = new azure_native.securityinsights.Incident("incident", {
classification: azure_native.securityinsights.IncidentClassification.FalsePositive,
classificationComment: "Not a malicious activity",
classificationReason: azure_native.securityinsights.IncidentClassificationReason.IncorrectAlertLogic,
description: "This is a demo incident",
firstActivityTimeUtc: "2019-01-01T13:00:30Z",
incidentId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
lastActivityTimeUtc: "2019-01-01T13:05:30Z",
owner: {
objectId: "2046feea-040d-4a46-9e2b-91c2941bfa70",
},
resourceGroupName: "myRg",
severity: azure_native.securityinsights.IncidentSeverity.High,
status: azure_native.securityinsights.IncidentStatus.Closed,
title: "My incident",
workspaceName: "myWorkspace",
});
resources:
incident:
type: azure-native:securityinsights:Incident
properties:
classification: FalsePositive
classificationComment: Not a malicious activity
classificationReason: IncorrectAlertLogic
description: This is a demo incident
firstActivityTimeUtc: 2019-01-01T13:00:30Z
incidentId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
lastActivityTimeUtc: 2019-01-01T13:05:30Z
owner:
objectId: 2046feea-040d-4a46-9e2b-91c2941bfa70
resourceGroupName: myRg
severity: High
status: Closed
title: My incident
workspaceName: myWorkspace
Create Incident Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Incident(name: string, args: IncidentArgs, opts?: CustomResourceOptions);
@overload
def Incident(resource_name: str,
args: IncidentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Incident(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
workspace_name: Optional[str] = None,
title: Optional[str] = None,
status: Optional[Union[str, IncidentStatus]] = None,
severity: Optional[Union[str, IncidentSeverity]] = None,
description: Optional[str] = None,
labels: Optional[Sequence[IncidentLabelArgs]] = None,
last_activity_time_utc: Optional[str] = None,
owner: Optional[IncidentOwnerInfoArgs] = None,
incident_id: Optional[str] = None,
first_activity_time_utc: Optional[str] = None,
classification: Optional[Union[str, IncidentClassification]] = None,
classification_reason: Optional[Union[str, IncidentClassificationReason]] = None,
classification_comment: Optional[str] = None)
func NewIncident(ctx *Context, name string, args IncidentArgs, opts ...ResourceOption) (*Incident, error)
public Incident(string name, IncidentArgs args, CustomResourceOptions? opts = null)
public Incident(String name, IncidentArgs args)
public Incident(String name, IncidentArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:Incident
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var incidentResource = new AzureNative.SecurityInsights.Incident("incidentResource", new()
{
ResourceGroupName = "string",
WorkspaceName = "string",
Title = "string",
Status = "string",
Severity = "string",
Description = "string",
Labels = new[]
{
new AzureNative.SecurityInsights.Inputs.IncidentLabelArgs
{
LabelName = "string",
},
},
LastActivityTimeUtc = "string",
Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
{
AssignedTo = "string",
Email = "string",
ObjectId = "string",
OwnerType = "string",
UserPrincipalName = "string",
},
IncidentId = "string",
FirstActivityTimeUtc = "string",
Classification = "string",
ClassificationReason = "string",
ClassificationComment = "string",
});
example, err := securityinsights.NewIncident(ctx, "incidentResource", &securityinsights.IncidentArgs{
ResourceGroupName: pulumi.String("string"),
WorkspaceName: pulumi.String("string"),
Title: pulumi.String("string"),
Status: pulumi.String("string"),
Severity: pulumi.String("string"),
Description: pulumi.String("string"),
Labels: securityinsights.IncidentLabelArray{
&securityinsights.IncidentLabelArgs{
LabelName: pulumi.String("string"),
},
},
LastActivityTimeUtc: pulumi.String("string"),
Owner: &securityinsights.IncidentOwnerInfoArgs{
AssignedTo: pulumi.String("string"),
Email: pulumi.String("string"),
ObjectId: pulumi.String("string"),
OwnerType: pulumi.String("string"),
UserPrincipalName: pulumi.String("string"),
},
IncidentId: pulumi.String("string"),
FirstActivityTimeUtc: pulumi.String("string"),
Classification: pulumi.String("string"),
ClassificationReason: pulumi.String("string"),
ClassificationComment: pulumi.String("string"),
})
var incidentResource = new Incident("incidentResource", IncidentArgs.builder()
.resourceGroupName("string")
.workspaceName("string")
.title("string")
.status("string")
.severity("string")
.description("string")
.labels(IncidentLabelArgs.builder()
.labelName("string")
.build())
.lastActivityTimeUtc("string")
.owner(IncidentOwnerInfoArgs.builder()
.assignedTo("string")
.email("string")
.objectId("string")
.ownerType("string")
.userPrincipalName("string")
.build())
.incidentId("string")
.firstActivityTimeUtc("string")
.classification("string")
.classificationReason("string")
.classificationComment("string")
.build());
incident_resource = azure_native.securityinsights.Incident("incidentResource",
resource_group_name="string",
workspace_name="string",
title="string",
status="string",
severity="string",
description="string",
labels=[{
"label_name": "string",
}],
last_activity_time_utc="string",
owner={
"assigned_to": "string",
"email": "string",
"object_id": "string",
"owner_type": "string",
"user_principal_name": "string",
},
incident_id="string",
first_activity_time_utc="string",
classification="string",
classification_reason="string",
classification_comment="string")
const incidentResource = new azure_native.securityinsights.Incident("incidentResource", {
resourceGroupName: "string",
workspaceName: "string",
title: "string",
status: "string",
severity: "string",
description: "string",
labels: [{
labelName: "string",
}],
lastActivityTimeUtc: "string",
owner: {
assignedTo: "string",
email: "string",
objectId: "string",
ownerType: "string",
userPrincipalName: "string",
},
incidentId: "string",
firstActivityTimeUtc: "string",
classification: "string",
classificationReason: "string",
classificationComment: "string",
});
type: azure-native:securityinsights:Incident
properties:
classification: string
classificationComment: string
classificationReason: string
description: string
firstActivityTimeUtc: string
incidentId: string
labels:
- labelName: string
lastActivityTimeUtc: string
owner:
assignedTo: string
email: string
objectId: string
ownerType: string
userPrincipalName: string
resourceGroupName: string
severity: string
status: string
title: string
workspaceName: string
Incident Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Incident resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Severity
string | Pulumi.
Azure Native. Security Insights. Incident Severity - The severity of the incident
- Status
string | Pulumi.
Azure Native. Security Insights. Incident Status - The status of the incident
- Title string
- The title of the incident
- Workspace
Name string - The name of the workspace.
- Classification
string | Pulumi.
Azure Native. Security Insights. Incident Classification - The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string | Pulumi.Azure Native. Security Insights. Incident Classification Reason - The classification reason the incident was closed with
- Description string
- The description of the incident
- First
Activity stringTime Utc - The time of the first activity in the incident
- Incident
Id string - Incident ID
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label> - List of labels relevant to this incident
- Last
Activity stringTime Utc - The time of the last activity in the incident
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info - Describes a user that the incident is assigned to
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Severity
string | Incident
Severity - The severity of the incident
- Status
string | Incident
Status - The status of the incident
- Title string
- The title of the incident
- Workspace
Name string - The name of the workspace.
- Classification
string | Incident
Classification - The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string | IncidentClassification Reason - The classification reason the incident was closed with
- Description string
- The description of the incident
- First
Activity stringTime Utc - The time of the first activity in the incident
- Incident
Id string - Incident ID
- Labels
[]Incident
Label Args - List of labels relevant to this incident
- Last
Activity stringTime Utc - The time of the last activity in the incident
- Owner
Incident
Owner Info Args - Describes a user that the incident is assigned to
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- severity
String | Incident
Severity - The severity of the incident
- status
String | Incident
Status - The status of the incident
- title String
- The title of the incident
- workspace
Name String - The name of the workspace.
- classification
String | Incident
Classification - The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String | IncidentClassification Reason - The classification reason the incident was closed with
- description String
- The description of the incident
- first
Activity StringTime Utc - The time of the first activity in the incident
- incident
Id String - Incident ID
- labels
List<Incident
Label> - List of labels relevant to this incident
- last
Activity StringTime Utc - The time of the last activity in the incident
- owner
Incident
Owner Info - Describes a user that the incident is assigned to
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- severity
string | Incident
Severity - The severity of the incident
- status
string | Incident
Status - The status of the incident
- title string
- The title of the incident
- workspace
Name string - The name of the workspace.
- classification
string | Incident
Classification - The reason the incident was closed
- classification
Comment string - Describes the reason the incident was closed
- classification
Reason string | IncidentClassification Reason - The classification reason the incident was closed with
- description string
- The description of the incident
- first
Activity stringTime Utc - The time of the first activity in the incident
- incident
Id string - Incident ID
- labels
Incident
Label[] - List of labels relevant to this incident
- last
Activity stringTime Utc - The time of the last activity in the incident
- owner
Incident
Owner Info - Describes a user that the incident is assigned to
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- severity
str | Incident
Severity - The severity of the incident
- status
str | Incident
Status - The status of the incident
- title str
- The title of the incident
- workspace_
name str - The name of the workspace.
- classification
str | Incident
Classification - The reason the incident was closed
- classification_
comment str - Describes the reason the incident was closed
- classification_
reason str | IncidentClassification Reason - The classification reason the incident was closed with
- description str
- The description of the incident
- first_
activity_ strtime_ utc - The time of the first activity in the incident
- incident_
id str - Incident ID
- labels
Sequence[Incident
Label Args] - List of labels relevant to this incident
- last_
activity_ strtime_ utc - The time of the last activity in the incident
- owner
Incident
Owner Info Args - Describes a user that the incident is assigned to
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- severity String | "High" | "Medium" | "Low" | "Informational"
- The severity of the incident
- status String | "New" | "Active" | "Closed"
- The status of the incident
- title String
- The title of the incident
- workspace
Name String - The name of the workspace.
- classification
String | "Undetermined" | "True
Positive" | "Benign Positive" | "False Positive" - The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String | "SuspiciousActivity" | "Suspicious But Expected" | "Incorrect Alert Logic" | "Inaccurate Data" - The classification reason the incident was closed with
- description String
- The description of the incident
- first
Activity StringTime Utc - The time of the first activity in the incident
- incident
Id String - Incident ID
- labels List<Property Map>
- List of labels relevant to this incident
- last
Activity StringTime Utc - The time of the last activity in the incident
- owner Property Map
- Describes a user that the incident is assigned to
Outputs
All input properties are implicitly available as output properties. Additionally, the Incident resource produces the following output properties:
- Additional
Data Pulumi.Azure Native. Security Insights. Outputs. Incident Additional Data Response - Additional data on the incident
- Created
Time stringUtc - The time the incident was created
- Id string
- The provider-assigned unique ID for this managed resource.
- Incident
Number int - A sequential number
- Incident
Url string - The deep-link url to the incident in Azure portal
- Last
Modified stringTime Utc - The last time the incident was updated
- Name string
- The name of the resource
- Provider
Incident stringId - The incident ID assigned by the incident provider
- Provider
Name string - The name of the source provider that generated the incident
- List<string>
- List of resource ids of Analytic rules related to the incident
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- Additional
Data IncidentAdditional Data Response - Additional data on the incident
- Created
Time stringUtc - The time the incident was created
- Id string
- The provider-assigned unique ID for this managed resource.
- Incident
Number int - A sequential number
- Incident
Url string - The deep-link url to the incident in Azure portal
- Last
Modified stringTime Utc - The last time the incident was updated
- Name string
- The name of the resource
- Provider
Incident stringId - The incident ID assigned by the incident provider
- Provider
Name string - The name of the source provider that generated the incident
- []string
- List of resource ids of Analytic rules related to the incident
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- additional
Data IncidentAdditional Data Response - Additional data on the incident
- created
Time StringUtc - The time the incident was created
- id String
- The provider-assigned unique ID for this managed resource.
- incident
Number Integer - A sequential number
- incident
Url String - The deep-link url to the incident in Azure portal
- last
Modified StringTime Utc - The last time the incident was updated
- name String
- The name of the resource
- provider
Incident StringId - The incident ID assigned by the incident provider
- provider
Name String - The name of the source provider that generated the incident
- List<String>
- List of resource ids of Analytic rules related to the incident
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
- additional
Data IncidentAdditional Data Response - Additional data on the incident
- created
Time stringUtc - The time the incident was created
- id string
- The provider-assigned unique ID for this managed resource.
- incident
Number number - A sequential number
- incident
Url string - The deep-link url to the incident in Azure portal
- last
Modified stringTime Utc - The last time the incident was updated
- name string
- The name of the resource
- provider
Incident stringId - The incident ID assigned by the incident provider
- provider
Name string - The name of the source provider that generated the incident
- string[]
- List of resource ids of Analytic rules related to the incident
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag string
- Etag of the azure resource
- additional_
data IncidentAdditional Data Response - Additional data on the incident
- created_
time_ strutc - The time the incident was created
- id str
- The provider-assigned unique ID for this managed resource.
- incident_
number int - A sequential number
- incident_
url str - The deep-link url to the incident in Azure portal
- last_
modified_ strtime_ utc - The last time the incident was updated
- name str
- The name of the resource
- provider_
incident_ strid - The incident ID assigned by the incident provider
- provider_
name str - The name of the source provider that generated the incident
- Sequence[str]
- List of resource ids of Analytic rules related to the incident
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag str
- Etag of the azure resource
- additional
Data Property Map - Additional data on the incident
- created
Time StringUtc - The time the incident was created
- id String
- The provider-assigned unique ID for this managed resource.
- incident
Number Number - A sequential number
- incident
Url String - The deep-link url to the incident in Azure portal
- last
Modified StringTime Utc - The last time the incident was updated
- name String
- The name of the resource
- provider
Incident StringId - The incident ID assigned by the incident provider
- provider
Name String - The name of the source provider that generated the incident
- List<String>
- List of resource ids of Analytic rules related to the incident
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
Supporting Types
IncidentAdditionalDataResponse, IncidentAdditionalDataResponseArgs
- Alert
Product List<string>Names - List of product names of alerts in the incident
- Alerts
Count int - The number of alerts in the incident
- Bookmarks
Count int - The number of bookmarks in the incident
- Comments
Count int - The number of comments in the incident
- Provider
Incident stringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- Tactics List<string>
- The tactics associated with incident
- Alert
Product []stringNames - List of product names of alerts in the incident
- Alerts
Count int - The number of alerts in the incident
- Bookmarks
Count int - The number of bookmarks in the incident
- Comments
Count int - The number of comments in the incident
- Provider
Incident stringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- Tactics []string
- The tactics associated with incident
- alert
Product List<String>Names - List of product names of alerts in the incident
- alerts
Count Integer - The number of alerts in the incident
- bookmarks
Count Integer - The number of bookmarks in the incident
- comments
Count Integer - The number of comments in the incident
- provider
Incident StringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- tactics List<String>
- The tactics associated with incident
- alert
Product string[]Names - List of product names of alerts in the incident
- alerts
Count number - The number of alerts in the incident
- bookmarks
Count number - The number of bookmarks in the incident
- comments
Count number - The number of comments in the incident
- provider
Incident stringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- tactics string[]
- The tactics associated with incident
- alert_
product_ Sequence[str]names - List of product names of alerts in the incident
- alerts_
count int - The number of alerts in the incident
- bookmarks_
count int - The number of bookmarks in the incident
- comments_
count int - The number of comments in the incident
- provider_
incident_ strurl - The provider incident url to the incident in Microsoft 365 Defender portal
- tactics Sequence[str]
- The tactics associated with incident
- alert
Product List<String>Names - List of product names of alerts in the incident
- alerts
Count Number - The number of alerts in the incident
- bookmarks
Count Number - The number of bookmarks in the incident
- comments
Count Number - The number of comments in the incident
- provider
Incident StringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- tactics List<String>
- The tactics associated with incident
IncidentClassification, IncidentClassificationArgs
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- Incident
Classification Undetermined - UndeterminedIncident classification was undetermined
- Incident
Classification True Positive - TruePositiveIncident was true positive
- Incident
Classification Benign Positive - BenignPositiveIncident was benign positive
- Incident
Classification False Positive - FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- UNDETERMINED
- UndeterminedIncident classification was undetermined
- TRUE_POSITIVE
- TruePositiveIncident was true positive
- BENIGN_POSITIVE
- BenignPositiveIncident was benign positive
- FALSE_POSITIVE
- FalsePositiveIncident was false positive
- "Undetermined"
- UndeterminedIncident classification was undetermined
- "True
Positive" - TruePositiveIncident was true positive
- "Benign
Positive" - BenignPositiveIncident was benign positive
- "False
Positive" - FalsePositiveIncident was false positive
IncidentClassificationReason, IncidentClassificationReasonArgs
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- Incident
Classification Reason Suspicious Activity - SuspiciousActivityClassification reason was suspicious activity
- Incident
Classification Reason Suspicious But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incident
Classification Reason Incorrect Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Incident
Classification Reason Inaccurate Data - InaccurateDataClassification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- SUSPICIOUS_ACTIVITY
- SuspiciousActivityClassification reason was suspicious activity
- SUSPICIOUS_BUT_EXPECTED
- SuspiciousButExpectedClassification reason was suspicious but expected
- INCORRECT_ALERT_LOGIC
- IncorrectAlertLogicClassification reason was incorrect alert logic
- INACCURATE_DATA
- InaccurateDataClassification reason was inaccurate data
- "Suspicious
Activity" - SuspiciousActivityClassification reason was suspicious activity
- "Suspicious
But Expected" - SuspiciousButExpectedClassification reason was suspicious but expected
- "Incorrect
Alert Logic" - IncorrectAlertLogicClassification reason was incorrect alert logic
- "Inaccurate
Data" - InaccurateDataClassification reason was inaccurate data
IncidentLabel, IncidentLabelArgs
- Label
Name string - The name of the label
- Label
Name string - The name of the label
- label
Name String - The name of the label
- label
Name string - The name of the label
- label_
name str - The name of the label
- label
Name String - The name of the label
IncidentLabelResponse, IncidentLabelResponseArgs
- label_
name str - The name of the label
- label_
type str - The type of the label
IncidentOwnerInfo, IncidentOwnerInfoArgs
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string | Pulumi.Azure Native. Security Insights. Owner Type - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string | OwnerType - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String | OwnerType - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- owner
Type string | OwnerType - The type of the owner the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- owner_
type str | OwnerType - The type of the owner the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String | "Unknown" | "User" | "Group" - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- owner
Type string - The type of the owner the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- owner_
type str - The type of the owner the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
IncidentSeverity, IncidentSeverityArgs
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- Incident
Severity High - HighHigh severity
- Incident
Severity Medium - MediumMedium severity
- Incident
Severity Low - LowLow severity
- Incident
Severity Informational - InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- HIGH
- HighHigh severity
- MEDIUM
- MediumMedium severity
- LOW
- LowLow severity
- INFORMATIONAL
- InformationalInformational severity
- "High"
- HighHigh severity
- "Medium"
- MediumMedium severity
- "Low"
- LowLow severity
- "Informational"
- InformationalInformational severity
IncidentStatus, IncidentStatusArgs
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- Incident
Status New - NewAn active incident which isn't being handled currently
- Incident
Status Active - ActiveAn active incident which is being handled
- Incident
Status Closed - ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- NEW
- NewAn active incident which isn't being handled currently
- ACTIVE
- ActiveAn active incident which is being handled
- CLOSED
- ClosedA non-active incident
- "New"
- NewAn active incident which isn't being handled currently
- "Active"
- ActiveAn active incident which is being handled
- "Closed"
- ClosedA non-active incident
OwnerType, OwnerTypeArgs
- Unknown
- UnknownThe incident owner type is unknown
- User
- UserThe incident owner type is an AAD user
- Group
- GroupThe incident owner type is an AAD group
- Owner
Type Unknown - UnknownThe incident owner type is unknown
- Owner
Type User - UserThe incident owner type is an AAD user
- Owner
Type Group - GroupThe incident owner type is an AAD group
- Unknown
- UnknownThe incident owner type is unknown
- User
- UserThe incident owner type is an AAD user
- Group
- GroupThe incident owner type is an AAD group
- Unknown
- UnknownThe incident owner type is unknown
- User
- UserThe incident owner type is an AAD user
- Group
- GroupThe incident owner type is an AAD group
- UNKNOWN
- UnknownThe incident owner type is unknown
- USER
- UserThe incident owner type is an AAD user
- GROUP
- GroupThe incident owner type is an AAD group
- "Unknown"
- UnknownThe incident owner type is unknown
- "User"
- UserThe incident owner type is an AAD user
- "Group"
- GroupThe incident owner type is an AAD group
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:Incident 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0