1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. ScheduledAlertRule
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

azure-native.securityinsights.ScheduledAlertRule

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

    Represents scheduled alert rule. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-01-01.

    Example Usage

    Creates or updates a Fusion alert rule.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
        {
            ResourceGroupName = "myRg",
            RuleId = "myFirstFusionRule",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
    			ResourceGroupName: pulumi.String("myRg"),
    			RuleId:            pulumi.String("myFirstFusionRule"),
    			WorkspaceName:     pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
    import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
                .resourceGroupName("myRg")
                .ruleId("myFirstFusionRule")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    scheduled_alert_rule = azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule",
        resource_group_name="myRg",
        rule_id="myFirstFusionRule",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const scheduledAlertRule = new azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule", {
        resourceGroupName: "myRg",
        ruleId: "myFirstFusionRule",
        workspaceName: "myWorkspace",
    });
    
    resources:
      scheduledAlertRule:
        type: azure-native:securityinsights:ScheduledAlertRule
        properties:
          resourceGroupName: myRg
          ruleId: myFirstFusionRule
          workspaceName: myWorkspace
    

    Creates or updates a MicrosoftSecurityIncidentCreation rule.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
        {
            ResourceGroupName = "myRg",
            RuleId = "microsoftSecurityIncidentCreationRuleExample",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
    			ResourceGroupName: pulumi.String("myRg"),
    			RuleId:            pulumi.String("microsoftSecurityIncidentCreationRuleExample"),
    			WorkspaceName:     pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
    import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
                .resourceGroupName("myRg")
                .ruleId("microsoftSecurityIncidentCreationRuleExample")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    scheduled_alert_rule = azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule",
        resource_group_name="myRg",
        rule_id="microsoftSecurityIncidentCreationRuleExample",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const scheduledAlertRule = new azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule", {
        resourceGroupName: "myRg",
        ruleId: "microsoftSecurityIncidentCreationRuleExample",
        workspaceName: "myWorkspace",
    });
    
    resources:
      scheduledAlertRule:
        type: azure-native:securityinsights:ScheduledAlertRule
        properties:
          resourceGroupName: myRg
          ruleId: microsoftSecurityIncidentCreationRuleExample
          workspaceName: myWorkspace
    

    Creates or updates a Scheduled alert rule.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
        {
            AlertDetailsOverride = new AzureNative.SecurityInsights.Inputs.AlertDetailsOverrideArgs
            {
                AlertDescriptionFormat = "Suspicious activity was made by {{ComputerIP}}",
                AlertDisplayNameFormat = "Alert from {{Computer}}",
                AlertDynamicProperties = new[]
                {
                    new AzureNative.SecurityInsights.Inputs.AlertPropertyMappingArgs
                    {
                        AlertProperty = AzureNative.SecurityInsights.AlertProperty.ProductComponentName,
                        Value = "ProductComponentNameCustomColumn",
                    },
                    new AzureNative.SecurityInsights.Inputs.AlertPropertyMappingArgs
                    {
                        AlertProperty = AzureNative.SecurityInsights.AlertProperty.ProductName,
                        Value = "ProductNameCustomColumn",
                    },
                    new AzureNative.SecurityInsights.Inputs.AlertPropertyMappingArgs
                    {
                        AlertProperty = AzureNative.SecurityInsights.AlertProperty.AlertLink,
                        Value = "Link",
                    },
                },
            },
            CustomDetails = 
            {
                { "OperatingSystemName", "OSName" },
                { "OperatingSystemType", "OSType" },
            },
            Description = "An example for a scheduled rule",
            DisplayName = "My scheduled rule",
            Enabled = true,
            EntityMappings = new[]
            {
                new AzureNative.SecurityInsights.Inputs.EntityMappingArgs
                {
                    EntityType = AzureNative.SecurityInsights.EntityMappingType.Host,
                    FieldMappings = new[]
                    {
                        new AzureNative.SecurityInsights.Inputs.FieldMappingArgs
                        {
                            ColumnName = "Computer",
                            Identifier = "FullName",
                        },
                    },
                },
                new AzureNative.SecurityInsights.Inputs.EntityMappingArgs
                {
                    EntityType = AzureNative.SecurityInsights.EntityMappingType.IP,
                    FieldMappings = new[]
                    {
                        new AzureNative.SecurityInsights.Inputs.FieldMappingArgs
                        {
                            ColumnName = "ComputerIP",
                            Identifier = "Address",
                        },
                    },
                },
            },
            EventGroupingSettings = new AzureNative.SecurityInsights.Inputs.EventGroupingSettingsArgs
            {
                AggregationKind = AzureNative.SecurityInsights.EventGroupingAggregationKind.AlertPerResult,
            },
            IncidentConfiguration = new AzureNative.SecurityInsights.Inputs.IncidentConfigurationArgs
            {
                CreateIncident = true,
                GroupingConfiguration = new AzureNative.SecurityInsights.Inputs.GroupingConfigurationArgs
                {
                    Enabled = true,
                    GroupByAlertDetails = new[]
                    {
                        AzureNative.SecurityInsights.AlertDetail.DisplayName,
                    },
                    GroupByCustomDetails = new[]
                    {
                        "OperatingSystemType",
                        "OperatingSystemName",
                    },
                    GroupByEntities = new[]
                    {
                        AzureNative.SecurityInsights.EntityMappingType.Host,
                    },
                    LookbackDuration = "PT5H",
                    MatchingMethod = AzureNative.SecurityInsights.MatchingMethod.Selected,
                    ReopenClosedIncident = false,
                },
            },
            Kind = "Scheduled",
            Query = "Heartbeat",
            QueryFrequency = "PT1H",
            QueryPeriod = "P2DT1H30M",
            ResourceGroupName = "myRg",
            RuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
            Severity = AzureNative.SecurityInsights.AlertSeverity.High,
            SuppressionDuration = "PT1H",
            SuppressionEnabled = false,
            Tactics = new[]
            {
                AzureNative.SecurityInsights.AttackTactic.Persistence,
                AzureNative.SecurityInsights.AttackTactic.LateralMovement,
            },
            TriggerOperator = AzureNative.SecurityInsights.TriggerOperator.GreaterThan,
            TriggerThreshold = 0,
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
    			AlertDetailsOverride: &securityinsights.AlertDetailsOverrideArgs{
    				AlertDescriptionFormat: pulumi.String("Suspicious activity was made by {{ComputerIP}}"),
    				AlertDisplayNameFormat: pulumi.String("Alert from {{Computer}}"),
    				AlertDynamicProperties: securityinsights.AlertPropertyMappingArray{
    					&securityinsights.AlertPropertyMappingArgs{
    						AlertProperty: pulumi.String(securityinsights.AlertPropertyProductComponentName),
    						Value:         pulumi.String("ProductComponentNameCustomColumn"),
    					},
    					&securityinsights.AlertPropertyMappingArgs{
    						AlertProperty: pulumi.String(securityinsights.AlertPropertyProductName),
    						Value:         pulumi.String("ProductNameCustomColumn"),
    					},
    					&securityinsights.AlertPropertyMappingArgs{
    						AlertProperty: pulumi.String(securityinsights.AlertPropertyAlertLink),
    						Value:         pulumi.String("Link"),
    					},
    				},
    			},
    			CustomDetails: pulumi.StringMap{
    				"OperatingSystemName": pulumi.String("OSName"),
    				"OperatingSystemType": pulumi.String("OSType"),
    			},
    			Description: pulumi.String("An example for a scheduled rule"),
    			DisplayName: pulumi.String("My scheduled rule"),
    			Enabled:     pulumi.Bool(true),
    			EntityMappings: securityinsights.EntityMappingArray{
    				&securityinsights.EntityMappingArgs{
    					EntityType: pulumi.String(securityinsights.EntityMappingTypeHost),
    					FieldMappings: securityinsights.FieldMappingArray{
    						&securityinsights.FieldMappingArgs{
    							ColumnName: pulumi.String("Computer"),
    							Identifier: pulumi.String("FullName"),
    						},
    					},
    				},
    				&securityinsights.EntityMappingArgs{
    					EntityType: pulumi.String(securityinsights.EntityMappingTypeIP),
    					FieldMappings: securityinsights.FieldMappingArray{
    						&securityinsights.FieldMappingArgs{
    							ColumnName: pulumi.String("ComputerIP"),
    							Identifier: pulumi.String("Address"),
    						},
    					},
    				},
    			},
    			EventGroupingSettings: &securityinsights.EventGroupingSettingsArgs{
    				AggregationKind: pulumi.String(securityinsights.EventGroupingAggregationKindAlertPerResult),
    			},
    			IncidentConfiguration: &securityinsights.IncidentConfigurationArgs{
    				CreateIncident: pulumi.Bool(true),
    				GroupingConfiguration: &securityinsights.GroupingConfigurationArgs{
    					Enabled: pulumi.Bool(true),
    					GroupByAlertDetails: pulumi.StringArray{
    						pulumi.String(securityinsights.AlertDetailDisplayName),
    					},
    					GroupByCustomDetails: pulumi.StringArray{
    						pulumi.String("OperatingSystemType"),
    						pulumi.String("OperatingSystemName"),
    					},
    					GroupByEntities: pulumi.StringArray{
    						pulumi.String(securityinsights.EntityMappingTypeHost),
    					},
    					LookbackDuration:     pulumi.String("PT5H"),
    					MatchingMethod:       pulumi.String(securityinsights.MatchingMethodSelected),
    					ReopenClosedIncident: pulumi.Bool(false),
    				},
    			},
    			Kind:                pulumi.String("Scheduled"),
    			Query:               pulumi.String("Heartbeat"),
    			QueryFrequency:      pulumi.String("PT1H"),
    			QueryPeriod:         pulumi.String("P2DT1H30M"),
    			ResourceGroupName:   pulumi.String("myRg"),
    			RuleId:              pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
    			Severity:            pulumi.String(securityinsights.AlertSeverityHigh),
    			SuppressionDuration: pulumi.String("PT1H"),
    			SuppressionEnabled:  pulumi.Bool(false),
    			Tactics: pulumi.StringArray{
    				pulumi.String(securityinsights.AttackTacticPersistence),
    				pulumi.String(securityinsights.AttackTacticLateralMovement),
    			},
    			TriggerOperator:  securityinsights.TriggerOperatorGreaterThan,
    			TriggerThreshold: pulumi.Int(0),
    			WorkspaceName:    pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
    import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
    import com.pulumi.azurenative.securityinsights.inputs.AlertDetailsOverrideArgs;
    import com.pulumi.azurenative.securityinsights.inputs.EntityMappingArgs;
    import com.pulumi.azurenative.securityinsights.inputs.EventGroupingSettingsArgs;
    import com.pulumi.azurenative.securityinsights.inputs.IncidentConfigurationArgs;
    import com.pulumi.azurenative.securityinsights.inputs.GroupingConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
                .alertDetailsOverride(AlertDetailsOverrideArgs.builder()
                    .alertDescriptionFormat("Suspicious activity was made by {{ComputerIP}}")
                    .alertDisplayNameFormat("Alert from {{Computer}}")
                    .alertDynamicProperties(                
                        AlertPropertyMappingArgs.builder()
                            .alertProperty("ProductComponentName")
                            .value("ProductComponentNameCustomColumn")
                            .build(),
                        AlertPropertyMappingArgs.builder()
                            .alertProperty("ProductName")
                            .value("ProductNameCustomColumn")
                            .build(),
                        AlertPropertyMappingArgs.builder()
                            .alertProperty("AlertLink")
                            .value("Link")
                            .build())
                    .build())
                .customDetails(Map.ofEntries(
                    Map.entry("OperatingSystemName", "OSName"),
                    Map.entry("OperatingSystemType", "OSType")
                ))
                .description("An example for a scheduled rule")
                .displayName("My scheduled rule")
                .enabled(true)
                .entityMappings(            
                    EntityMappingArgs.builder()
                        .entityType("Host")
                        .fieldMappings(FieldMappingArgs.builder()
                            .columnName("Computer")
                            .identifier("FullName")
                            .build())
                        .build(),
                    EntityMappingArgs.builder()
                        .entityType("IP")
                        .fieldMappings(FieldMappingArgs.builder()
                            .columnName("ComputerIP")
                            .identifier("Address")
                            .build())
                        .build())
                .eventGroupingSettings(EventGroupingSettingsArgs.builder()
                    .aggregationKind("AlertPerResult")
                    .build())
                .incidentConfiguration(IncidentConfigurationArgs.builder()
                    .createIncident(true)
                    .groupingConfiguration(GroupingConfigurationArgs.builder()
                        .enabled(true)
                        .groupByAlertDetails("DisplayName")
                        .groupByCustomDetails(                    
                            "OperatingSystemType",
                            "OperatingSystemName")
                        .groupByEntities("Host")
                        .lookbackDuration("PT5H")
                        .matchingMethod("Selected")
                        .reopenClosedIncident(false)
                        .build())
                    .build())
                .kind("Scheduled")
                .query("Heartbeat")
                .queryFrequency("PT1H")
                .queryPeriod("P2DT1H30M")
                .resourceGroupName("myRg")
                .ruleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
                .severity("High")
                .suppressionDuration("PT1H")
                .suppressionEnabled(false)
                .tactics(            
                    "Persistence",
                    "LateralMovement")
                .triggerOperator("GreaterThan")
                .triggerThreshold(0)
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    scheduled_alert_rule = azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule",
        alert_details_override={
            "alert_description_format": "Suspicious activity was made by {{ComputerIP}}",
            "alert_display_name_format": "Alert from {{Computer}}",
            "alert_dynamic_properties": [
                {
                    "alert_property": azure_native.securityinsights.AlertProperty.PRODUCT_COMPONENT_NAME,
                    "value": "ProductComponentNameCustomColumn",
                },
                {
                    "alert_property": azure_native.securityinsights.AlertProperty.PRODUCT_NAME,
                    "value": "ProductNameCustomColumn",
                },
                {
                    "alert_property": azure_native.securityinsights.AlertProperty.ALERT_LINK,
                    "value": "Link",
                },
            ],
        },
        custom_details={
            "OperatingSystemName": "OSName",
            "OperatingSystemType": "OSType",
        },
        description="An example for a scheduled rule",
        display_name="My scheduled rule",
        enabled=True,
        entity_mappings=[
            {
                "entity_type": azure_native.securityinsights.EntityMappingType.HOST,
                "field_mappings": [{
                    "column_name": "Computer",
                    "identifier": "FullName",
                }],
            },
            {
                "entity_type": azure_native.securityinsights.EntityMappingType.IP,
                "field_mappings": [{
                    "column_name": "ComputerIP",
                    "identifier": "Address",
                }],
            },
        ],
        event_grouping_settings={
            "aggregation_kind": azure_native.securityinsights.EventGroupingAggregationKind.ALERT_PER_RESULT,
        },
        incident_configuration={
            "create_incident": True,
            "grouping_configuration": {
                "enabled": True,
                "group_by_alert_details": [azure_native.securityinsights.AlertDetail.DISPLAY_NAME],
                "group_by_custom_details": [
                    "OperatingSystemType",
                    "OperatingSystemName",
                ],
                "group_by_entities": [azure_native.securityinsights.EntityMappingType.HOST],
                "lookback_duration": "PT5H",
                "matching_method": azure_native.securityinsights.MatchingMethod.SELECTED,
                "reopen_closed_incident": False,
            },
        },
        kind="Scheduled",
        query="Heartbeat",
        query_frequency="PT1H",
        query_period="P2DT1H30M",
        resource_group_name="myRg",
        rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        severity=azure_native.securityinsights.AlertSeverity.HIGH,
        suppression_duration="PT1H",
        suppression_enabled=False,
        tactics=[
            azure_native.securityinsights.AttackTactic.PERSISTENCE,
            azure_native.securityinsights.AttackTactic.LATERAL_MOVEMENT,
        ],
        trigger_operator=azure_native.securityinsights.TriggerOperator.GREATER_THAN,
        trigger_threshold=0,
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const scheduledAlertRule = new azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRule", {
        alertDetailsOverride: {
            alertDescriptionFormat: "Suspicious activity was made by {{ComputerIP}}",
            alertDisplayNameFormat: "Alert from {{Computer}}",
            alertDynamicProperties: [
                {
                    alertProperty: azure_native.securityinsights.AlertProperty.ProductComponentName,
                    value: "ProductComponentNameCustomColumn",
                },
                {
                    alertProperty: azure_native.securityinsights.AlertProperty.ProductName,
                    value: "ProductNameCustomColumn",
                },
                {
                    alertProperty: azure_native.securityinsights.AlertProperty.AlertLink,
                    value: "Link",
                },
            ],
        },
        customDetails: {
            OperatingSystemName: "OSName",
            OperatingSystemType: "OSType",
        },
        description: "An example for a scheduled rule",
        displayName: "My scheduled rule",
        enabled: true,
        entityMappings: [
            {
                entityType: azure_native.securityinsights.EntityMappingType.Host,
                fieldMappings: [{
                    columnName: "Computer",
                    identifier: "FullName",
                }],
            },
            {
                entityType: azure_native.securityinsights.EntityMappingType.IP,
                fieldMappings: [{
                    columnName: "ComputerIP",
                    identifier: "Address",
                }],
            },
        ],
        eventGroupingSettings: {
            aggregationKind: azure_native.securityinsights.EventGroupingAggregationKind.AlertPerResult,
        },
        incidentConfiguration: {
            createIncident: true,
            groupingConfiguration: {
                enabled: true,
                groupByAlertDetails: [azure_native.securityinsights.AlertDetail.DisplayName],
                groupByCustomDetails: [
                    "OperatingSystemType",
                    "OperatingSystemName",
                ],
                groupByEntities: [azure_native.securityinsights.EntityMappingType.Host],
                lookbackDuration: "PT5H",
                matchingMethod: azure_native.securityinsights.MatchingMethod.Selected,
                reopenClosedIncident: false,
            },
        },
        kind: "Scheduled",
        query: "Heartbeat",
        queryFrequency: "PT1H",
        queryPeriod: "P2DT1H30M",
        resourceGroupName: "myRg",
        ruleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        severity: azure_native.securityinsights.AlertSeverity.High,
        suppressionDuration: "PT1H",
        suppressionEnabled: false,
        tactics: [
            azure_native.securityinsights.AttackTactic.Persistence,
            azure_native.securityinsights.AttackTactic.LateralMovement,
        ],
        triggerOperator: azure_native.securityinsights.TriggerOperator.GreaterThan,
        triggerThreshold: 0,
        workspaceName: "myWorkspace",
    });
    
    resources:
      scheduledAlertRule:
        type: azure-native:securityinsights:ScheduledAlertRule
        properties:
          alertDetailsOverride:
            alertDescriptionFormat: Suspicious activity was made by {{ComputerIP}}
            alertDisplayNameFormat: Alert from {{Computer}}
            alertDynamicProperties:
              - alertProperty: ProductComponentName
                value: ProductComponentNameCustomColumn
              - alertProperty: ProductName
                value: ProductNameCustomColumn
              - alertProperty: AlertLink
                value: Link
          customDetails:
            OperatingSystemName: OSName
            OperatingSystemType: OSType
          description: An example for a scheduled rule
          displayName: My scheduled rule
          enabled: true
          entityMappings:
            - entityType: Host
              fieldMappings:
                - columnName: Computer
                  identifier: FullName
            - entityType: IP
              fieldMappings:
                - columnName: ComputerIP
                  identifier: Address
          eventGroupingSettings:
            aggregationKind: AlertPerResult
          incidentConfiguration:
            createIncident: true
            groupingConfiguration:
              enabled: true
              groupByAlertDetails:
                - DisplayName
              groupByCustomDetails:
                - OperatingSystemType
                - OperatingSystemName
              groupByEntities:
                - Host
              lookbackDuration: PT5H
              matchingMethod: Selected
              reopenClosedIncident: false
          kind: Scheduled
          query: Heartbeat
          queryFrequency: PT1H
          queryPeriod: P2DT1H30M
          resourceGroupName: myRg
          ruleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
          severity: High
          suppressionDuration: PT1H
          suppressionEnabled: false
          tactics:
            - Persistence
            - LateralMovement
          triggerOperator: GreaterThan
          triggerThreshold: 0
          workspaceName: myWorkspace
    

    Create ScheduledAlertRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ScheduledAlertRule(name: string, args: ScheduledAlertRuleArgs, opts?: CustomResourceOptions);
    @overload
    def ScheduledAlertRule(resource_name: str,
                           args: ScheduledAlertRuleArgs,
                           opts: Optional[ResourceOptions] = None)
    
    @overload
    def ScheduledAlertRule(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           suppression_enabled: Optional[bool] = None,
                           workspace_name: Optional[str] = None,
                           trigger_threshold: Optional[int] = None,
                           trigger_operator: Optional[TriggerOperator] = None,
                           display_name: Optional[str] = None,
                           enabled: Optional[bool] = None,
                           resource_group_name: Optional[str] = None,
                           suppression_duration: Optional[str] = None,
                           severity: Optional[Union[str, AlertSeverity]] = None,
                           query: Optional[str] = None,
                           query_frequency: Optional[str] = None,
                           query_period: Optional[str] = None,
                           entity_mappings: Optional[Sequence[EntityMappingArgs]] = None,
                           rule_id: Optional[str] = None,
                           incident_configuration: Optional[IncidentConfigurationArgs] = None,
                           event_grouping_settings: Optional[EventGroupingSettingsArgs] = None,
                           alert_details_override: Optional[AlertDetailsOverrideArgs] = None,
                           tactics: Optional[Sequence[Union[str, AttackTactic]]] = None,
                           techniques: Optional[Sequence[str]] = None,
                           template_version: Optional[str] = None,
                           description: Optional[str] = None,
                           custom_details: Optional[Mapping[str, str]] = None,
                           alert_rule_template_name: Optional[str] = None)
    func NewScheduledAlertRule(ctx *Context, name string, args ScheduledAlertRuleArgs, opts ...ResourceOption) (*ScheduledAlertRule, error)
    public ScheduledAlertRule(string name, ScheduledAlertRuleArgs args, CustomResourceOptions? opts = null)
    public ScheduledAlertRule(String name, ScheduledAlertRuleArgs args)
    public ScheduledAlertRule(String name, ScheduledAlertRuleArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:ScheduledAlertRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ScheduledAlertRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ScheduledAlertRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ScheduledAlertRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ScheduledAlertRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ScheduledAlertRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var scheduledAlertRuleResource = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRuleResource", new()
    {
        SuppressionEnabled = false,
        WorkspaceName = "string",
        TriggerThreshold = 0,
        TriggerOperator = AzureNative.SecurityInsights.TriggerOperator.GreaterThan,
        DisplayName = "string",
        Enabled = false,
        ResourceGroupName = "string",
        SuppressionDuration = "string",
        Severity = "string",
        Kind = "string",
        Query = "string",
        QueryFrequency = "string",
        QueryPeriod = "string",
        EntityMappings = new[]
        {
            new AzureNative.SecurityInsights.Inputs.EntityMappingArgs
            {
                EntityType = "string",
                FieldMappings = new[]
                {
                    new AzureNative.SecurityInsights.Inputs.FieldMappingArgs
                    {
                        ColumnName = "string",
                        Identifier = "string",
                    },
                },
            },
        },
        RuleId = "string",
        IncidentConfiguration = new AzureNative.SecurityInsights.Inputs.IncidentConfigurationArgs
        {
            CreateIncident = false,
            GroupingConfiguration = new AzureNative.SecurityInsights.Inputs.GroupingConfigurationArgs
            {
                Enabled = false,
                LookbackDuration = "string",
                MatchingMethod = "string",
                ReopenClosedIncident = false,
                GroupByAlertDetails = new[]
                {
                    "string",
                },
                GroupByCustomDetails = new[]
                {
                    "string",
                },
                GroupByEntities = new[]
                {
                    "string",
                },
            },
        },
        EventGroupingSettings = new AzureNative.SecurityInsights.Inputs.EventGroupingSettingsArgs
        {
            AggregationKind = "string",
        },
        AlertDetailsOverride = new AzureNative.SecurityInsights.Inputs.AlertDetailsOverrideArgs
        {
            AlertDescriptionFormat = "string",
            AlertDisplayNameFormat = "string",
            AlertDynamicProperties = new[]
            {
                new AzureNative.SecurityInsights.Inputs.AlertPropertyMappingArgs
                {
                    AlertProperty = "string",
                    Value = "string",
                },
            },
            AlertSeverityColumnName = "string",
            AlertTacticsColumnName = "string",
        },
        Tactics = new[]
        {
            "string",
        },
        Techniques = new[]
        {
            "string",
        },
        TemplateVersion = "string",
        Description = "string",
        CustomDetails = 
        {
            { "string", "string" },
        },
        AlertRuleTemplateName = "string",
    });
    
    example, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRuleResource", &securityinsights.ScheduledAlertRuleArgs{
    	SuppressionEnabled:  pulumi.Bool(false),
    	WorkspaceName:       pulumi.String("string"),
    	TriggerThreshold:    pulumi.Int(0),
    	TriggerOperator:     securityinsights.TriggerOperatorGreaterThan,
    	DisplayName:         pulumi.String("string"),
    	Enabled:             pulumi.Bool(false),
    	ResourceGroupName:   pulumi.String("string"),
    	SuppressionDuration: pulumi.String("string"),
    	Severity:            pulumi.String("string"),
    	Kind:                pulumi.String("string"),
    	Query:               pulumi.String("string"),
    	QueryFrequency:      pulumi.String("string"),
    	QueryPeriod:         pulumi.String("string"),
    	EntityMappings: securityinsights.EntityMappingArray{
    		&securityinsights.EntityMappingArgs{
    			EntityType: pulumi.String("string"),
    			FieldMappings: securityinsights.FieldMappingArray{
    				&securityinsights.FieldMappingArgs{
    					ColumnName: pulumi.String("string"),
    					Identifier: pulumi.String("string"),
    				},
    			},
    		},
    	},
    	RuleId: pulumi.String("string"),
    	IncidentConfiguration: &securityinsights.IncidentConfigurationArgs{
    		CreateIncident: pulumi.Bool(false),
    		GroupingConfiguration: &securityinsights.GroupingConfigurationArgs{
    			Enabled:              pulumi.Bool(false),
    			LookbackDuration:     pulumi.String("string"),
    			MatchingMethod:       pulumi.String("string"),
    			ReopenClosedIncident: pulumi.Bool(false),
    			GroupByAlertDetails: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			GroupByCustomDetails: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			GroupByEntities: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    		},
    	},
    	EventGroupingSettings: &securityinsights.EventGroupingSettingsArgs{
    		AggregationKind: pulumi.String("string"),
    	},
    	AlertDetailsOverride: &securityinsights.AlertDetailsOverrideArgs{
    		AlertDescriptionFormat: pulumi.String("string"),
    		AlertDisplayNameFormat: pulumi.String("string"),
    		AlertDynamicProperties: securityinsights.AlertPropertyMappingArray{
    			&securityinsights.AlertPropertyMappingArgs{
    				AlertProperty: pulumi.String("string"),
    				Value:         pulumi.String("string"),
    			},
    		},
    		AlertSeverityColumnName: pulumi.String("string"),
    		AlertTacticsColumnName:  pulumi.String("string"),
    	},
    	Tactics: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Techniques: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	TemplateVersion: pulumi.String("string"),
    	Description:     pulumi.String("string"),
    	CustomDetails: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	AlertRuleTemplateName: pulumi.String("string"),
    })
    
    var scheduledAlertRuleResource = new ScheduledAlertRule("scheduledAlertRuleResource", ScheduledAlertRuleArgs.builder()
        .suppressionEnabled(false)
        .workspaceName("string")
        .triggerThreshold(0)
        .triggerOperator("GreaterThan")
        .displayName("string")
        .enabled(false)
        .resourceGroupName("string")
        .suppressionDuration("string")
        .severity("string")
        .kind("string")
        .query("string")
        .queryFrequency("string")
        .queryPeriod("string")
        .entityMappings(EntityMappingArgs.builder()
            .entityType("string")
            .fieldMappings(FieldMappingArgs.builder()
                .columnName("string")
                .identifier("string")
                .build())
            .build())
        .ruleId("string")
        .incidentConfiguration(IncidentConfigurationArgs.builder()
            .createIncident(false)
            .groupingConfiguration(GroupingConfigurationArgs.builder()
                .enabled(false)
                .lookbackDuration("string")
                .matchingMethod("string")
                .reopenClosedIncident(false)
                .groupByAlertDetails("string")
                .groupByCustomDetails("string")
                .groupByEntities("string")
                .build())
            .build())
        .eventGroupingSettings(EventGroupingSettingsArgs.builder()
            .aggregationKind("string")
            .build())
        .alertDetailsOverride(AlertDetailsOverrideArgs.builder()
            .alertDescriptionFormat("string")
            .alertDisplayNameFormat("string")
            .alertDynamicProperties(AlertPropertyMappingArgs.builder()
                .alertProperty("string")
                .value("string")
                .build())
            .alertSeverityColumnName("string")
            .alertTacticsColumnName("string")
            .build())
        .tactics("string")
        .techniques("string")
        .templateVersion("string")
        .description("string")
        .customDetails(Map.of("string", "string"))
        .alertRuleTemplateName("string")
        .build());
    
    scheduled_alert_rule_resource = azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRuleResource",
        suppression_enabled=False,
        workspace_name="string",
        trigger_threshold=0,
        trigger_operator=azure_native.securityinsights.TriggerOperator.GREATER_THAN,
        display_name="string",
        enabled=False,
        resource_group_name="string",
        suppression_duration="string",
        severity="string",
        kind="string",
        query="string",
        query_frequency="string",
        query_period="string",
        entity_mappings=[{
            "entity_type": "string",
            "field_mappings": [{
                "column_name": "string",
                "identifier": "string",
            }],
        }],
        rule_id="string",
        incident_configuration={
            "create_incident": False,
            "grouping_configuration": {
                "enabled": False,
                "lookback_duration": "string",
                "matching_method": "string",
                "reopen_closed_incident": False,
                "group_by_alert_details": ["string"],
                "group_by_custom_details": ["string"],
                "group_by_entities": ["string"],
            },
        },
        event_grouping_settings={
            "aggregation_kind": "string",
        },
        alert_details_override={
            "alert_description_format": "string",
            "alert_display_name_format": "string",
            "alert_dynamic_properties": [{
                "alert_property": "string",
                "value": "string",
            }],
            "alert_severity_column_name": "string",
            "alert_tactics_column_name": "string",
        },
        tactics=["string"],
        techniques=["string"],
        template_version="string",
        description="string",
        custom_details={
            "string": "string",
        },
        alert_rule_template_name="string")
    
    const scheduledAlertRuleResource = new azure_native.securityinsights.ScheduledAlertRule("scheduledAlertRuleResource", {
        suppressionEnabled: false,
        workspaceName: "string",
        triggerThreshold: 0,
        triggerOperator: azure_native.securityinsights.TriggerOperator.GreaterThan,
        displayName: "string",
        enabled: false,
        resourceGroupName: "string",
        suppressionDuration: "string",
        severity: "string",
        kind: "string",
        query: "string",
        queryFrequency: "string",
        queryPeriod: "string",
        entityMappings: [{
            entityType: "string",
            fieldMappings: [{
                columnName: "string",
                identifier: "string",
            }],
        }],
        ruleId: "string",
        incidentConfiguration: {
            createIncident: false,
            groupingConfiguration: {
                enabled: false,
                lookbackDuration: "string",
                matchingMethod: "string",
                reopenClosedIncident: false,
                groupByAlertDetails: ["string"],
                groupByCustomDetails: ["string"],
                groupByEntities: ["string"],
            },
        },
        eventGroupingSettings: {
            aggregationKind: "string",
        },
        alertDetailsOverride: {
            alertDescriptionFormat: "string",
            alertDisplayNameFormat: "string",
            alertDynamicProperties: [{
                alertProperty: "string",
                value: "string",
            }],
            alertSeverityColumnName: "string",
            alertTacticsColumnName: "string",
        },
        tactics: ["string"],
        techniques: ["string"],
        templateVersion: "string",
        description: "string",
        customDetails: {
            string: "string",
        },
        alertRuleTemplateName: "string",
    });
    
    type: azure-native:securityinsights:ScheduledAlertRule
    properties:
        alertDetailsOverride:
            alertDescriptionFormat: string
            alertDisplayNameFormat: string
            alertDynamicProperties:
                - alertProperty: string
                  value: string
            alertSeverityColumnName: string
            alertTacticsColumnName: string
        alertRuleTemplateName: string
        customDetails:
            string: string
        description: string
        displayName: string
        enabled: false
        entityMappings:
            - entityType: string
              fieldMappings:
                - columnName: string
                  identifier: string
        eventGroupingSettings:
            aggregationKind: string
        incidentConfiguration:
            createIncident: false
            groupingConfiguration:
                enabled: false
                groupByAlertDetails:
                    - string
                groupByCustomDetails:
                    - string
                groupByEntities:
                    - string
                lookbackDuration: string
                matchingMethod: string
                reopenClosedIncident: false
        kind: string
        query: string
        queryFrequency: string
        queryPeriod: string
        resourceGroupName: string
        ruleId: string
        severity: string
        suppressionDuration: string
        suppressionEnabled: false
        tactics:
            - string
        techniques:
            - string
        templateVersion: string
        triggerOperator: GreaterThan
        triggerThreshold: 0
        workspaceName: string
    

    ScheduledAlertRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ScheduledAlertRule resource accepts the following input properties:

    DisplayName string
    The display name for alerts created by this alert rule.
    Enabled bool
    Determines whether this alert rule is enabled or disabled.
    Query string
    The query that creates alerts for this rule.
    QueryFrequency string
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    QueryPeriod string
    The period (in ISO 8601 duration format) that this alert rule looks at.
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    Severity string | Pulumi.AzureNative.SecurityInsights.AlertSeverity
    The severity for alerts created by this alert rule.
    SuppressionDuration string
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    SuppressionEnabled bool
    Determines whether the suppression for this alert rule is enabled or disabled.
    TriggerOperator Pulumi.AzureNative.SecurityInsights.TriggerOperator
    The operation against the threshold that triggers alert rule.
    TriggerThreshold int
    The threshold triggers this alert rule.
    WorkspaceName string
    The name of the workspace.
    AlertDetailsOverride Pulumi.AzureNative.SecurityInsights.Inputs.AlertDetailsOverride
    The alert details override settings
    AlertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    CustomDetails Dictionary<string, string>
    Dictionary of string key-value pairs of columns to be attached to the alert
    Description string
    The description of the alert rule.
    EntityMappings List<Pulumi.AzureNative.SecurityInsights.Inputs.EntityMapping>
    Array of the entity mappings of the alert rule
    EventGroupingSettings Pulumi.AzureNative.SecurityInsights.Inputs.EventGroupingSettings
    The event grouping settings.
    IncidentConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.IncidentConfiguration
    The settings of the incidents that created from alerts triggered by this analytics rule
    RuleId string
    Alert rule ID
    Tactics List<Union<string, Pulumi.AzureNative.SecurityInsights.AttackTactic>>
    The tactics of the alert rule
    Techniques List<string>
    The techniques of the alert rule
    TemplateVersion string
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    DisplayName string
    The display name for alerts created by this alert rule.
    Enabled bool
    Determines whether this alert rule is enabled or disabled.
    Query string
    The query that creates alerts for this rule.
    QueryFrequency string
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    QueryPeriod string
    The period (in ISO 8601 duration format) that this alert rule looks at.
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    Severity string | AlertSeverity
    The severity for alerts created by this alert rule.
    SuppressionDuration string
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    SuppressionEnabled bool
    Determines whether the suppression for this alert rule is enabled or disabled.
    TriggerOperator TriggerOperator
    The operation against the threshold that triggers alert rule.
    TriggerThreshold int
    The threshold triggers this alert rule.
    WorkspaceName string
    The name of the workspace.
    AlertDetailsOverride AlertDetailsOverrideArgs
    The alert details override settings
    AlertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    CustomDetails map[string]string
    Dictionary of string key-value pairs of columns to be attached to the alert
    Description string
    The description of the alert rule.
    EntityMappings []EntityMappingArgs
    Array of the entity mappings of the alert rule
    EventGroupingSettings EventGroupingSettingsArgs
    The event grouping settings.
    IncidentConfiguration IncidentConfigurationArgs
    The settings of the incidents that created from alerts triggered by this analytics rule
    RuleId string
    Alert rule ID
    Tactics []string
    The tactics of the alert rule
    Techniques []string
    The techniques of the alert rule
    TemplateVersion string
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    displayName String
    The display name for alerts created by this alert rule.
    enabled Boolean
    Determines whether this alert rule is enabled or disabled.
    query String
    The query that creates alerts for this rule.
    queryFrequency String
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    queryPeriod String
    The period (in ISO 8601 duration format) that this alert rule looks at.
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    severity String | AlertSeverity
    The severity for alerts created by this alert rule.
    suppressionDuration String
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    suppressionEnabled Boolean
    Determines whether the suppression for this alert rule is enabled or disabled.
    triggerOperator TriggerOperator
    The operation against the threshold that triggers alert rule.
    triggerThreshold Integer
    The threshold triggers this alert rule.
    workspaceName String
    The name of the workspace.
    alertDetailsOverride AlertDetailsOverride
    The alert details override settings
    alertRuleTemplateName String
    The Name of the alert rule template used to create this rule.
    customDetails Map<String,String>
    Dictionary of string key-value pairs of columns to be attached to the alert
    description String
    The description of the alert rule.
    entityMappings List<EntityMapping>
    Array of the entity mappings of the alert rule
    eventGroupingSettings EventGroupingSettings
    The event grouping settings.
    incidentConfiguration IncidentConfiguration
    The settings of the incidents that created from alerts triggered by this analytics rule
    ruleId String
    Alert rule ID
    tactics List<Either<String,AttackTactic>>
    The tactics of the alert rule
    techniques List<String>
    The techniques of the alert rule
    templateVersion String
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    displayName string
    The display name for alerts created by this alert rule.
    enabled boolean
    Determines whether this alert rule is enabled or disabled.
    query string
    The query that creates alerts for this rule.
    queryFrequency string
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    queryPeriod string
    The period (in ISO 8601 duration format) that this alert rule looks at.
    resourceGroupName string
    The name of the resource group. The name is case insensitive.
    severity string | AlertSeverity
    The severity for alerts created by this alert rule.
    suppressionDuration string
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    suppressionEnabled boolean
    Determines whether the suppression for this alert rule is enabled or disabled.
    triggerOperator TriggerOperator
    The operation against the threshold that triggers alert rule.
    triggerThreshold number
    The threshold triggers this alert rule.
    workspaceName string
    The name of the workspace.
    alertDetailsOverride AlertDetailsOverride
    The alert details override settings
    alertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    customDetails {[key: string]: string}
    Dictionary of string key-value pairs of columns to be attached to the alert
    description string
    The description of the alert rule.
    entityMappings EntityMapping[]
    Array of the entity mappings of the alert rule
    eventGroupingSettings EventGroupingSettings
    The event grouping settings.
    incidentConfiguration IncidentConfiguration
    The settings of the incidents that created from alerts triggered by this analytics rule
    ruleId string
    Alert rule ID
    tactics (string | AttackTactic)[]
    The tactics of the alert rule
    techniques string[]
    The techniques of the alert rule
    templateVersion string
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    display_name str
    The display name for alerts created by this alert rule.
    enabled bool
    Determines whether this alert rule is enabled or disabled.
    query str
    The query that creates alerts for this rule.
    query_frequency str
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    query_period str
    The period (in ISO 8601 duration format) that this alert rule looks at.
    resource_group_name str
    The name of the resource group. The name is case insensitive.
    severity str | AlertSeverity
    The severity for alerts created by this alert rule.
    suppression_duration str
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    suppression_enabled bool
    Determines whether the suppression for this alert rule is enabled or disabled.
    trigger_operator TriggerOperator
    The operation against the threshold that triggers alert rule.
    trigger_threshold int
    The threshold triggers this alert rule.
    workspace_name str
    The name of the workspace.
    alert_details_override AlertDetailsOverrideArgs
    The alert details override settings
    alert_rule_template_name str
    The Name of the alert rule template used to create this rule.
    custom_details Mapping[str, str]
    Dictionary of string key-value pairs of columns to be attached to the alert
    description str
    The description of the alert rule.
    entity_mappings Sequence[EntityMappingArgs]
    Array of the entity mappings of the alert rule
    event_grouping_settings EventGroupingSettingsArgs
    The event grouping settings.
    incident_configuration IncidentConfigurationArgs
    The settings of the incidents that created from alerts triggered by this analytics rule
    rule_id str
    Alert rule ID
    tactics Sequence[Union[str, AttackTactic]]
    The tactics of the alert rule
    techniques Sequence[str]
    The techniques of the alert rule
    template_version str
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    displayName String
    The display name for alerts created by this alert rule.
    enabled Boolean
    Determines whether this alert rule is enabled or disabled.
    query String
    The query that creates alerts for this rule.
    queryFrequency String
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    queryPeriod String
    The period (in ISO 8601 duration format) that this alert rule looks at.
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    severity String | "High" | "Medium" | "Low" | "Informational"
    The severity for alerts created by this alert rule.
    suppressionDuration String
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    suppressionEnabled Boolean
    Determines whether the suppression for this alert rule is enabled or disabled.
    triggerOperator "GreaterThan" | "LessThan" | "Equal" | "NotEqual"
    The operation against the threshold that triggers alert rule.
    triggerThreshold Number
    The threshold triggers this alert rule.
    workspaceName String
    The name of the workspace.
    alertDetailsOverride Property Map
    The alert details override settings
    alertRuleTemplateName String
    The Name of the alert rule template used to create this rule.
    customDetails Map<String>
    Dictionary of string key-value pairs of columns to be attached to the alert
    description String
    The description of the alert rule.
    entityMappings List<Property Map>
    Array of the entity mappings of the alert rule
    eventGroupingSettings Property Map
    The event grouping settings.
    incidentConfiguration Property Map
    The settings of the incidents that created from alerts triggered by this analytics rule
    ruleId String
    Alert rule ID
    tactics List<String | "Reconnaissance" | "ResourceDevelopment" | "InitialAccess" | "Execution" | "Persistence" | "PrivilegeEscalation" | "DefenseEvasion" | "CredentialAccess" | "Discovery" | "LateralMovement" | "Collection" | "Exfiltration" | "CommandAndControl" | "Impact" | "PreAttack" | "ImpairProcessControl" | "InhibitResponseFunction">
    The tactics of the alert rule
    techniques List<String>
    The techniques of the alert rule
    templateVersion String
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ScheduledAlertRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedUtc string
    The last time that this alert rule has been modified.
    Name string
    The name of the resource
    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedUtc string
    The last time that this alert rule has been modified.
    Name string
    The name of the resource
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc String
    The last time that this alert rule has been modified.
    name String
    The name of the resource
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc string
    The last time that this alert rule has been modified.
    name string
    The name of the resource
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag string
    Etag of the azure resource
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_utc str
    The last time that this alert rule has been modified.
    name str
    The name of the resource
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag str
    Etag of the azure resource
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedUtc String
    The last time that this alert rule has been modified.
    name String
    The name of the resource
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource

    Supporting Types

    AlertDetail, AlertDetailArgs

    DisplayName
    DisplayNameAlert display name
    Severity
    SeverityAlert severity
    AlertDetailDisplayName
    DisplayNameAlert display name
    AlertDetailSeverity
    SeverityAlert severity
    DisplayName
    DisplayNameAlert display name
    Severity
    SeverityAlert severity
    DisplayName
    DisplayNameAlert display name
    Severity
    SeverityAlert severity
    DISPLAY_NAME
    DisplayNameAlert display name
    SEVERITY
    SeverityAlert severity
    "DisplayName"
    DisplayNameAlert display name
    "Severity"
    SeverityAlert severity

    AlertDetailsOverride, AlertDetailsOverrideArgs

    AlertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    AlertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    AlertDynamicProperties List<Pulumi.AzureNative.SecurityInsights.Inputs.AlertPropertyMapping>
    List of additional dynamic properties to override
    AlertSeverityColumnName string
    the column name to take the alert severity from
    AlertTacticsColumnName string
    the column name to take the alert tactics from
    AlertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    AlertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    AlertDynamicProperties []AlertPropertyMapping
    List of additional dynamic properties to override
    AlertSeverityColumnName string
    the column name to take the alert severity from
    AlertTacticsColumnName string
    the column name to take the alert tactics from
    alertDescriptionFormat String
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat String
    the format containing columns name(s) to override the alert name
    alertDynamicProperties List<AlertPropertyMapping>
    List of additional dynamic properties to override
    alertSeverityColumnName String
    the column name to take the alert severity from
    alertTacticsColumnName String
    the column name to take the alert tactics from
    alertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    alertDynamicProperties AlertPropertyMapping[]
    List of additional dynamic properties to override
    alertSeverityColumnName string
    the column name to take the alert severity from
    alertTacticsColumnName string
    the column name to take the alert tactics from
    alert_description_format str
    the format containing columns name(s) to override the alert description
    alert_display_name_format str
    the format containing columns name(s) to override the alert name
    alert_dynamic_properties Sequence[AlertPropertyMapping]
    List of additional dynamic properties to override
    alert_severity_column_name str
    the column name to take the alert severity from
    alert_tactics_column_name str
    the column name to take the alert tactics from
    alertDescriptionFormat String
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat String
    the format containing columns name(s) to override the alert name
    alertDynamicProperties List<Property Map>
    List of additional dynamic properties to override
    alertSeverityColumnName String
    the column name to take the alert severity from
    alertTacticsColumnName String
    the column name to take the alert tactics from

    AlertDetailsOverrideResponse, AlertDetailsOverrideResponseArgs

    AlertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    AlertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    AlertDynamicProperties List<Pulumi.AzureNative.SecurityInsights.Inputs.AlertPropertyMappingResponse>
    List of additional dynamic properties to override
    AlertSeverityColumnName string
    the column name to take the alert severity from
    AlertTacticsColumnName string
    the column name to take the alert tactics from
    AlertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    AlertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    AlertDynamicProperties []AlertPropertyMappingResponse
    List of additional dynamic properties to override
    AlertSeverityColumnName string
    the column name to take the alert severity from
    AlertTacticsColumnName string
    the column name to take the alert tactics from
    alertDescriptionFormat String
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat String
    the format containing columns name(s) to override the alert name
    alertDynamicProperties List<AlertPropertyMappingResponse>
    List of additional dynamic properties to override
    alertSeverityColumnName String
    the column name to take the alert severity from
    alertTacticsColumnName String
    the column name to take the alert tactics from
    alertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    alertDynamicProperties AlertPropertyMappingResponse[]
    List of additional dynamic properties to override
    alertSeverityColumnName string
    the column name to take the alert severity from
    alertTacticsColumnName string
    the column name to take the alert tactics from
    alert_description_format str
    the format containing columns name(s) to override the alert description
    alert_display_name_format str
    the format containing columns name(s) to override the alert name
    alert_dynamic_properties Sequence[AlertPropertyMappingResponse]
    List of additional dynamic properties to override
    alert_severity_column_name str
    the column name to take the alert severity from
    alert_tactics_column_name str
    the column name to take the alert tactics from
    alertDescriptionFormat String
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat String
    the format containing columns name(s) to override the alert name
    alertDynamicProperties List<Property Map>
    List of additional dynamic properties to override
    alertSeverityColumnName String
    the column name to take the alert severity from
    alertTacticsColumnName String
    the column name to take the alert tactics from

    AlertProperty, AlertPropertyArgs

    AlertLink
    AlertLinkAlert's link
    ConfidenceLevel
    ConfidenceLevelConfidence level property
    ConfidenceScore
    ConfidenceScoreConfidence score
    ExtendedLinks
    ExtendedLinksExtended links to the alert
    ProductName
    ProductNameProduct name alert property
    ProviderName
    ProviderNameProvider name alert property
    ProductComponentName
    ProductComponentNameProduct component name alert property
    RemediationSteps
    RemediationStepsRemediation steps alert property
    Techniques
    TechniquesTechniques alert property
    AlertPropertyAlertLink
    AlertLinkAlert's link
    AlertPropertyConfidenceLevel
    ConfidenceLevelConfidence level property
    AlertPropertyConfidenceScore
    ConfidenceScoreConfidence score
    AlertPropertyExtendedLinks
    ExtendedLinksExtended links to the alert
    AlertPropertyProductName
    ProductNameProduct name alert property
    AlertPropertyProviderName
    ProviderNameProvider name alert property
    AlertPropertyProductComponentName
    ProductComponentNameProduct component name alert property
    AlertPropertyRemediationSteps
    RemediationStepsRemediation steps alert property
    AlertPropertyTechniques
    TechniquesTechniques alert property
    AlertLink
    AlertLinkAlert's link
    ConfidenceLevel
    ConfidenceLevelConfidence level property
    ConfidenceScore
    ConfidenceScoreConfidence score
    ExtendedLinks
    ExtendedLinksExtended links to the alert
    ProductName
    ProductNameProduct name alert property
    ProviderName
    ProviderNameProvider name alert property
    ProductComponentName
    ProductComponentNameProduct component name alert property
    RemediationSteps
    RemediationStepsRemediation steps alert property
    Techniques
    TechniquesTechniques alert property
    AlertLink
    AlertLinkAlert's link
    ConfidenceLevel
    ConfidenceLevelConfidence level property
    ConfidenceScore
    ConfidenceScoreConfidence score
    ExtendedLinks
    ExtendedLinksExtended links to the alert
    ProductName
    ProductNameProduct name alert property
    ProviderName
    ProviderNameProvider name alert property
    ProductComponentName
    ProductComponentNameProduct component name alert property
    RemediationSteps
    RemediationStepsRemediation steps alert property
    Techniques
    TechniquesTechniques alert property
    ALERT_LINK
    AlertLinkAlert's link
    CONFIDENCE_LEVEL
    ConfidenceLevelConfidence level property
    CONFIDENCE_SCORE
    ConfidenceScoreConfidence score
    EXTENDED_LINKS
    ExtendedLinksExtended links to the alert
    PRODUCT_NAME
    ProductNameProduct name alert property
    PROVIDER_NAME
    ProviderNameProvider name alert property
    PRODUCT_COMPONENT_NAME
    ProductComponentNameProduct component name alert property
    REMEDIATION_STEPS
    RemediationStepsRemediation steps alert property
    TECHNIQUES
    TechniquesTechniques alert property
    "AlertLink"
    AlertLinkAlert's link
    "ConfidenceLevel"
    ConfidenceLevelConfidence level property
    "ConfidenceScore"
    ConfidenceScoreConfidence score
    "ExtendedLinks"
    ExtendedLinksExtended links to the alert
    "ProductName"
    ProductNameProduct name alert property
    "ProviderName"
    ProviderNameProvider name alert property
    "ProductComponentName"
    ProductComponentNameProduct component name alert property
    "RemediationSteps"
    RemediationStepsRemediation steps alert property
    "Techniques"
    TechniquesTechniques alert property

    AlertPropertyMapping, AlertPropertyMappingArgs

    AlertProperty string | Pulumi.AzureNative.SecurityInsights.AlertProperty
    The V3 alert property
    Value string
    the column name to use to override this property
    AlertProperty string | AlertProperty
    The V3 alert property
    Value string
    the column name to use to override this property
    alertProperty String | AlertProperty
    The V3 alert property
    value String
    the column name to use to override this property
    alertProperty string | AlertProperty
    The V3 alert property
    value string
    the column name to use to override this property
    alert_property str | AlertProperty
    The V3 alert property
    value str
    the column name to use to override this property

    AlertPropertyMappingResponse, AlertPropertyMappingResponseArgs

    AlertProperty string
    The V3 alert property
    Value string
    the column name to use to override this property
    AlertProperty string
    The V3 alert property
    Value string
    the column name to use to override this property
    alertProperty String
    The V3 alert property
    value String
    the column name to use to override this property
    alertProperty string
    The V3 alert property
    value string
    the column name to use to override this property
    alert_property str
    The V3 alert property
    value str
    the column name to use to override this property
    alertProperty String
    The V3 alert property
    value String
    the column name to use to override this property

    AlertSeverity, AlertSeverityArgs

    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    AlertSeverityHigh
    HighHigh severity
    AlertSeverityMedium
    MediumMedium severity
    AlertSeverityLow
    LowLow severity
    AlertSeverityInformational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    HIGH
    HighHigh severity
    MEDIUM
    MediumMedium severity
    LOW
    LowLow severity
    INFORMATIONAL
    InformationalInformational severity
    "High"
    HighHigh severity
    "Medium"
    MediumMedium severity
    "Low"
    LowLow severity
    "Informational"
    InformationalInformational severity

    AttackTactic, AttackTacticArgs

    Reconnaissance
    Reconnaissance
    ResourceDevelopment
    ResourceDevelopment
    InitialAccess
    InitialAccess
    Execution
    Execution
    Persistence
    Persistence
    PrivilegeEscalation
    PrivilegeEscalation
    DefenseEvasion
    DefenseEvasion
    CredentialAccess
    CredentialAccess
    Discovery
    Discovery
    LateralMovement
    LateralMovement
    Collection
    Collection
    Exfiltration
    Exfiltration
    CommandAndControl
    CommandAndControl
    Impact
    Impact
    PreAttack
    PreAttack
    ImpairProcessControl
    ImpairProcessControl
    InhibitResponseFunction
    InhibitResponseFunction
    AttackTacticReconnaissance
    Reconnaissance
    AttackTacticResourceDevelopment
    ResourceDevelopment
    AttackTacticInitialAccess
    InitialAccess
    AttackTacticExecution
    Execution
    AttackTacticPersistence
    Persistence
    AttackTacticPrivilegeEscalation
    PrivilegeEscalation
    AttackTacticDefenseEvasion
    DefenseEvasion
    AttackTacticCredentialAccess
    CredentialAccess
    AttackTacticDiscovery
    Discovery
    AttackTacticLateralMovement
    LateralMovement
    AttackTacticCollection
    Collection
    AttackTacticExfiltration
    Exfiltration
    AttackTacticCommandAndControl
    CommandAndControl
    AttackTacticImpact
    Impact
    AttackTacticPreAttack
    PreAttack
    AttackTacticImpairProcessControl
    ImpairProcessControl
    AttackTacticInhibitResponseFunction
    InhibitResponseFunction
    Reconnaissance
    Reconnaissance
    ResourceDevelopment
    ResourceDevelopment
    InitialAccess
    InitialAccess
    Execution
    Execution
    Persistence
    Persistence
    PrivilegeEscalation
    PrivilegeEscalation
    DefenseEvasion
    DefenseEvasion
    CredentialAccess
    CredentialAccess
    Discovery
    Discovery
    LateralMovement
    LateralMovement
    Collection
    Collection
    Exfiltration
    Exfiltration
    CommandAndControl
    CommandAndControl
    Impact
    Impact
    PreAttack
    PreAttack
    ImpairProcessControl
    ImpairProcessControl
    InhibitResponseFunction
    InhibitResponseFunction
    Reconnaissance
    Reconnaissance
    ResourceDevelopment
    ResourceDevelopment
    InitialAccess
    InitialAccess
    Execution
    Execution
    Persistence
    Persistence
    PrivilegeEscalation
    PrivilegeEscalation
    DefenseEvasion
    DefenseEvasion
    CredentialAccess
    CredentialAccess
    Discovery
    Discovery
    LateralMovement
    LateralMovement
    Collection
    Collection
    Exfiltration
    Exfiltration
    CommandAndControl
    CommandAndControl
    Impact
    Impact
    PreAttack
    PreAttack
    ImpairProcessControl
    ImpairProcessControl
    InhibitResponseFunction
    InhibitResponseFunction
    RECONNAISSANCE
    Reconnaissance
    RESOURCE_DEVELOPMENT
    ResourceDevelopment
    INITIAL_ACCESS
    InitialAccess
    EXECUTION
    Execution
    PERSISTENCE
    Persistence
    PRIVILEGE_ESCALATION
    PrivilegeEscalation
    DEFENSE_EVASION
    DefenseEvasion
    CREDENTIAL_ACCESS
    CredentialAccess
    DISCOVERY
    Discovery
    LATERAL_MOVEMENT
    LateralMovement
    COLLECTION
    Collection
    EXFILTRATION
    Exfiltration
    COMMAND_AND_CONTROL
    CommandAndControl
    IMPACT
    Impact
    PRE_ATTACK
    PreAttack
    IMPAIR_PROCESS_CONTROL
    ImpairProcessControl
    INHIBIT_RESPONSE_FUNCTION
    InhibitResponseFunction
    "Reconnaissance"
    Reconnaissance
    "ResourceDevelopment"
    ResourceDevelopment
    "InitialAccess"
    InitialAccess
    "Execution"
    Execution
    "Persistence"
    Persistence
    "PrivilegeEscalation"
    PrivilegeEscalation
    "DefenseEvasion"
    DefenseEvasion
    "CredentialAccess"
    CredentialAccess
    "Discovery"
    Discovery
    "LateralMovement"
    LateralMovement
    "Collection"
    Collection
    "Exfiltration"
    Exfiltration
    "CommandAndControl"
    CommandAndControl
    "Impact"
    Impact
    "PreAttack"
    PreAttack
    "ImpairProcessControl"
    ImpairProcessControl
    "InhibitResponseFunction"
    InhibitResponseFunction

    EntityMapping, EntityMappingArgs

    EntityType string | Pulumi.AzureNative.SecurityInsights.EntityMappingType
    The V3 type of the mapped entity
    FieldMappings List<Pulumi.AzureNative.SecurityInsights.Inputs.FieldMapping>
    array of field mappings for the given entity mapping
    EntityType string | EntityMappingType
    The V3 type of the mapped entity
    FieldMappings []FieldMapping
    array of field mappings for the given entity mapping
    entityType String | EntityMappingType
    The V3 type of the mapped entity
    fieldMappings List<FieldMapping>
    array of field mappings for the given entity mapping
    entityType string | EntityMappingType
    The V3 type of the mapped entity
    fieldMappings FieldMapping[]
    array of field mappings for the given entity mapping
    entity_type str | EntityMappingType
    The V3 type of the mapped entity
    field_mappings Sequence[FieldMapping]
    array of field mappings for the given entity mapping

    EntityMappingResponse, EntityMappingResponseArgs

    EntityType string
    The V3 type of the mapped entity
    FieldMappings List<Pulumi.AzureNative.SecurityInsights.Inputs.FieldMappingResponse>
    array of field mappings for the given entity mapping
    EntityType string
    The V3 type of the mapped entity
    FieldMappings []FieldMappingResponse
    array of field mappings for the given entity mapping
    entityType String
    The V3 type of the mapped entity
    fieldMappings List<FieldMappingResponse>
    array of field mappings for the given entity mapping
    entityType string
    The V3 type of the mapped entity
    fieldMappings FieldMappingResponse[]
    array of field mappings for the given entity mapping
    entity_type str
    The V3 type of the mapped entity
    field_mappings Sequence[FieldMappingResponse]
    array of field mappings for the given entity mapping
    entityType String
    The V3 type of the mapped entity
    fieldMappings List<Property Map>
    array of field mappings for the given entity mapping

    EntityMappingType, EntityMappingTypeArgs

    Account
    AccountUser account entity type
    Host
    HostHost entity type
    IP
    IPIP address entity type
    Malware
    MalwareMalware entity type
    File
    FileSystem file entity type
    Process
    ProcessProcess entity type
    CloudApplication
    CloudApplicationCloud app entity type
    DNS
    DNSDNS entity type
    AzureResource
    AzureResourceAzure resource entity type
    FileHash
    FileHashFile-hash entity type
    RegistryKey
    RegistryKeyRegistry key entity type
    RegistryValue
    RegistryValueRegistry value entity type
    SecurityGroup
    SecurityGroupSecurity group entity type
    URL
    URLURL entity type
    Mailbox
    MailboxMailbox entity type
    MailCluster
    MailClusterMail cluster entity type
    MailMessage
    MailMessageMail message entity type
    SubmissionMail
    SubmissionMailSubmission mail entity type
    EntityMappingTypeAccount
    AccountUser account entity type
    EntityMappingTypeHost
    HostHost entity type
    EntityMappingTypeIP
    IPIP address entity type
    EntityMappingTypeMalware
    MalwareMalware entity type
    EntityMappingTypeFile
    FileSystem file entity type
    EntityMappingTypeProcess
    ProcessProcess entity type
    EntityMappingTypeCloudApplication
    CloudApplicationCloud app entity type
    EntityMappingTypeDNS
    DNSDNS entity type
    EntityMappingTypeAzureResource
    AzureResourceAzure resource entity type
    EntityMappingTypeFileHash
    FileHashFile-hash entity type
    EntityMappingTypeRegistryKey
    RegistryKeyRegistry key entity type
    EntityMappingTypeRegistryValue
    RegistryValueRegistry value entity type
    EntityMappingTypeSecurityGroup
    SecurityGroupSecurity group entity type
    EntityMappingTypeURL
    URLURL entity type
    EntityMappingTypeMailbox
    MailboxMailbox entity type
    EntityMappingTypeMailCluster
    MailClusterMail cluster entity type
    EntityMappingTypeMailMessage
    MailMessageMail message entity type
    EntityMappingTypeSubmissionMail
    SubmissionMailSubmission mail entity type
    Account
    AccountUser account entity type
    Host
    HostHost entity type
    IP
    IPIP address entity type
    Malware
    MalwareMalware entity type
    File
    FileSystem file entity type
    Process
    ProcessProcess entity type
    CloudApplication
    CloudApplicationCloud app entity type
    DNS
    DNSDNS entity type
    AzureResource
    AzureResourceAzure resource entity type
    FileHash
    FileHashFile-hash entity type
    RegistryKey
    RegistryKeyRegistry key entity type
    RegistryValue
    RegistryValueRegistry value entity type
    SecurityGroup
    SecurityGroupSecurity group entity type
    URL
    URLURL entity type
    Mailbox
    MailboxMailbox entity type
    MailCluster
    MailClusterMail cluster entity type
    MailMessage
    MailMessageMail message entity type
    SubmissionMail
    SubmissionMailSubmission mail entity type
    Account
    AccountUser account entity type
    Host
    HostHost entity type
    IP
    IPIP address entity type
    Malware
    MalwareMalware entity type
    File
    FileSystem file entity type
    Process
    ProcessProcess entity type
    CloudApplication
    CloudApplicationCloud app entity type
    DNS
    DNSDNS entity type
    AzureResource
    AzureResourceAzure resource entity type
    FileHash
    FileHashFile-hash entity type
    RegistryKey
    RegistryKeyRegistry key entity type
    RegistryValue
    RegistryValueRegistry value entity type
    SecurityGroup
    SecurityGroupSecurity group entity type
    URL
    URLURL entity type
    Mailbox
    MailboxMailbox entity type
    MailCluster
    MailClusterMail cluster entity type
    MailMessage
    MailMessageMail message entity type
    SubmissionMail
    SubmissionMailSubmission mail entity type
    ACCOUNT
    AccountUser account entity type
    HOST
    HostHost entity type
    IP
    IPIP address entity type
    MALWARE
    MalwareMalware entity type
    FILE
    FileSystem file entity type
    PROCESS
    ProcessProcess entity type
    CLOUD_APPLICATION
    CloudApplicationCloud app entity type
    DNS
    DNSDNS entity type
    AZURE_RESOURCE
    AzureResourceAzure resource entity type
    FILE_HASH
    FileHashFile-hash entity type
    REGISTRY_KEY
    RegistryKeyRegistry key entity type
    REGISTRY_VALUE
    RegistryValueRegistry value entity type
    SECURITY_GROUP
    SecurityGroupSecurity group entity type
    URL
    URLURL entity type
    MAILBOX
    MailboxMailbox entity type
    MAIL_CLUSTER
    MailClusterMail cluster entity type
    MAIL_MESSAGE
    MailMessageMail message entity type
    SUBMISSION_MAIL
    SubmissionMailSubmission mail entity type
    "Account"
    AccountUser account entity type
    "Host"
    HostHost entity type
    "IP"
    IPIP address entity type
    "Malware"
    MalwareMalware entity type
    "File"
    FileSystem file entity type
    "Process"
    ProcessProcess entity type
    "CloudApplication"
    CloudApplicationCloud app entity type
    "DNS"
    DNSDNS entity type
    "AzureResource"
    AzureResourceAzure resource entity type
    "FileHash"
    FileHashFile-hash entity type
    "RegistryKey"
    RegistryKeyRegistry key entity type
    "RegistryValue"
    RegistryValueRegistry value entity type
    "SecurityGroup"
    SecurityGroupSecurity group entity type
    "URL"
    URLURL entity type
    "Mailbox"
    MailboxMailbox entity type
    "MailCluster"
    MailClusterMail cluster entity type
    "MailMessage"
    MailMessageMail message entity type
    "SubmissionMail"
    SubmissionMailSubmission mail entity type

    EventGroupingAggregationKind, EventGroupingAggregationKindArgs

    SingleAlert
    SingleAlert
    AlertPerResult
    AlertPerResult
    EventGroupingAggregationKindSingleAlert
    SingleAlert
    EventGroupingAggregationKindAlertPerResult
    AlertPerResult
    SingleAlert
    SingleAlert
    AlertPerResult
    AlertPerResult
    SingleAlert
    SingleAlert
    AlertPerResult
    AlertPerResult
    SINGLE_ALERT
    SingleAlert
    ALERT_PER_RESULT
    AlertPerResult
    "SingleAlert"
    SingleAlert
    "AlertPerResult"
    AlertPerResult

    EventGroupingSettings, EventGroupingSettingsArgs

    AggregationKind string | EventGroupingAggregationKind
    The event grouping aggregation kinds
    aggregationKind String | EventGroupingAggregationKind
    The event grouping aggregation kinds
    aggregationKind string | EventGroupingAggregationKind
    The event grouping aggregation kinds
    aggregation_kind str | EventGroupingAggregationKind
    The event grouping aggregation kinds
    aggregationKind String | "SingleAlert" | "AlertPerResult"
    The event grouping aggregation kinds

    EventGroupingSettingsResponse, EventGroupingSettingsResponseArgs

    AggregationKind string
    The event grouping aggregation kinds
    AggregationKind string
    The event grouping aggregation kinds
    aggregationKind String
    The event grouping aggregation kinds
    aggregationKind string
    The event grouping aggregation kinds
    aggregation_kind str
    The event grouping aggregation kinds
    aggregationKind String
    The event grouping aggregation kinds

    FieldMapping, FieldMappingArgs

    ColumnName string
    the column name to be mapped to the identifier
    Identifier string
    the V3 identifier of the entity
    ColumnName string
    the column name to be mapped to the identifier
    Identifier string
    the V3 identifier of the entity
    columnName String
    the column name to be mapped to the identifier
    identifier String
    the V3 identifier of the entity
    columnName string
    the column name to be mapped to the identifier
    identifier string
    the V3 identifier of the entity
    column_name str
    the column name to be mapped to the identifier
    identifier str
    the V3 identifier of the entity
    columnName String
    the column name to be mapped to the identifier
    identifier String
    the V3 identifier of the entity

    FieldMappingResponse, FieldMappingResponseArgs

    ColumnName string
    the column name to be mapped to the identifier
    Identifier string
    the V3 identifier of the entity
    ColumnName string
    the column name to be mapped to the identifier
    Identifier string
    the V3 identifier of the entity
    columnName String
    the column name to be mapped to the identifier
    identifier String
    the V3 identifier of the entity
    columnName string
    the column name to be mapped to the identifier
    identifier string
    the V3 identifier of the entity
    column_name str
    the column name to be mapped to the identifier
    identifier str
    the V3 identifier of the entity
    columnName String
    the column name to be mapped to the identifier
    identifier String
    the V3 identifier of the entity

    GroupingConfiguration, GroupingConfigurationArgs

    Enabled bool
    Grouping enabled
    LookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    MatchingMethod string | Pulumi.AzureNative.SecurityInsights.MatchingMethod
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    ReopenClosedIncident bool
    Re-open closed matching incidents
    GroupByAlertDetails List<Union<string, Pulumi.AzureNative.SecurityInsights.AlertDetail>>
    A list of alert details to group by (when matchingMethod is Selected)
    GroupByCustomDetails List<string>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    GroupByEntities List<Union<string, Pulumi.AzureNative.SecurityInsights.EntityMappingType>>
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    Enabled bool
    Grouping enabled
    LookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    MatchingMethod string | MatchingMethod
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    ReopenClosedIncident bool
    Re-open closed matching incidents
    GroupByAlertDetails []string
    A list of alert details to group by (when matchingMethod is Selected)
    GroupByCustomDetails []string
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    GroupByEntities []string
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled Boolean
    Grouping enabled
    lookbackDuration String
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod String | MatchingMethod
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident Boolean
    Re-open closed matching incidents
    groupByAlertDetails List<Either<String,AlertDetail>>
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails List<String>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities List<Either<String,EntityMappingType>>
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled boolean
    Grouping enabled
    lookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod string | MatchingMethod
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident boolean
    Re-open closed matching incidents
    groupByAlertDetails (string | AlertDetail)[]
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails string[]
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities (string | EntityMappingType)[]
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled bool
    Grouping enabled
    lookback_duration str
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matching_method str | MatchingMethod
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopen_closed_incident bool
    Re-open closed matching incidents
    group_by_alert_details Sequence[Union[str, AlertDetail]]
    A list of alert details to group by (when matchingMethod is Selected)
    group_by_custom_details Sequence[str]
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    group_by_entities Sequence[Union[str, EntityMappingType]]
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled Boolean
    Grouping enabled
    lookbackDuration String
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod String | "AllEntities" | "AnyAlert" | "Selected"
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident Boolean
    Re-open closed matching incidents
    groupByAlertDetails List<String | "DisplayName" | "Severity">
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails List<String>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities List<String | "Account" | "Host" | "IP" | "Malware" | "File" | "Process" | "CloudApplication" | "DNS" | "AzureResource" | "FileHash" | "RegistryKey" | "RegistryValue" | "SecurityGroup" | "URL" | "Mailbox" | "MailCluster" | "MailMessage" | "SubmissionMail">
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    GroupingConfigurationResponse, GroupingConfigurationResponseArgs

    Enabled bool
    Grouping enabled
    LookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    MatchingMethod string
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    ReopenClosedIncident bool
    Re-open closed matching incidents
    GroupByAlertDetails List<string>
    A list of alert details to group by (when matchingMethod is Selected)
    GroupByCustomDetails List<string>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    GroupByEntities List<string>
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    Enabled bool
    Grouping enabled
    LookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    MatchingMethod string
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    ReopenClosedIncident bool
    Re-open closed matching incidents
    GroupByAlertDetails []string
    A list of alert details to group by (when matchingMethod is Selected)
    GroupByCustomDetails []string
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    GroupByEntities []string
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled Boolean
    Grouping enabled
    lookbackDuration String
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod String
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident Boolean
    Re-open closed matching incidents
    groupByAlertDetails List<String>
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails List<String>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities List<String>
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled boolean
    Grouping enabled
    lookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod string
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident boolean
    Re-open closed matching incidents
    groupByAlertDetails string[]
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails string[]
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities string[]
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled bool
    Grouping enabled
    lookback_duration str
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matching_method str
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopen_closed_incident bool
    Re-open closed matching incidents
    group_by_alert_details Sequence[str]
    A list of alert details to group by (when matchingMethod is Selected)
    group_by_custom_details Sequence[str]
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    group_by_entities Sequence[str]
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled Boolean
    Grouping enabled
    lookbackDuration String
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod String
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident Boolean
    Re-open closed matching incidents
    groupByAlertDetails List<String>
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails List<String>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities List<String>
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    IncidentConfiguration, IncidentConfigurationArgs

    CreateIncident bool
    Create incidents from alerts triggered by this analytics rule
    GroupingConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.GroupingConfiguration
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    CreateIncident bool
    Create incidents from alerts triggered by this analytics rule
    GroupingConfiguration GroupingConfiguration
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident Boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration GroupingConfiguration
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration GroupingConfiguration
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    create_incident bool
    Create incidents from alerts triggered by this analytics rule
    grouping_configuration GroupingConfiguration
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident Boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration Property Map
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    IncidentConfigurationResponse, IncidentConfigurationResponseArgs

    CreateIncident bool
    Create incidents from alerts triggered by this analytics rule
    GroupingConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    CreateIncident bool
    Create incidents from alerts triggered by this analytics rule
    GroupingConfiguration GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident Boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    create_incident bool
    Create incidents from alerts triggered by this analytics rule
    grouping_configuration GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident Boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration Property Map
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    MatchingMethod, MatchingMethodArgs

    AllEntities
    AllEntitiesGrouping alerts into a single incident if all the entities match
    AnyAlert
    AnyAlertGrouping any alerts triggered by this rule into a single incident
    Selected
    SelectedGrouping alerts into a single incident if the selected entities, custom details and alert details match
    MatchingMethodAllEntities
    AllEntitiesGrouping alerts into a single incident if all the entities match
    MatchingMethodAnyAlert
    AnyAlertGrouping any alerts triggered by this rule into a single incident
    MatchingMethodSelected
    SelectedGrouping alerts into a single incident if the selected entities, custom details and alert details match
    AllEntities
    AllEntitiesGrouping alerts into a single incident if all the entities match
    AnyAlert
    AnyAlertGrouping any alerts triggered by this rule into a single incident
    Selected
    SelectedGrouping alerts into a single incident if the selected entities, custom details and alert details match
    AllEntities
    AllEntitiesGrouping alerts into a single incident if all the entities match
    AnyAlert
    AnyAlertGrouping any alerts triggered by this rule into a single incident
    Selected
    SelectedGrouping alerts into a single incident if the selected entities, custom details and alert details match
    ALL_ENTITIES
    AllEntitiesGrouping alerts into a single incident if all the entities match
    ANY_ALERT
    AnyAlertGrouping any alerts triggered by this rule into a single incident
    SELECTED
    SelectedGrouping alerts into a single incident if the selected entities, custom details and alert details match
    "AllEntities"
    AllEntitiesGrouping alerts into a single incident if all the entities match
    "AnyAlert"
    AnyAlertGrouping any alerts triggered by this rule into a single incident
    "Selected"
    SelectedGrouping alerts into a single incident if the selected entities, custom details and alert details match

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    TriggerOperator, TriggerOperatorArgs

    GreaterThan
    GreaterThan
    LessThan
    LessThan
    Equal
    Equal
    NotEqual
    NotEqual
    TriggerOperatorGreaterThan
    GreaterThan
    TriggerOperatorLessThan
    LessThan
    TriggerOperatorEqual
    Equal
    TriggerOperatorNotEqual
    NotEqual
    GreaterThan
    GreaterThan
    LessThan
    LessThan
    Equal
    Equal
    NotEqual
    NotEqual
    GreaterThan
    GreaterThan
    LessThan
    LessThan
    Equal
    Equal
    NotEqual
    NotEqual
    GREATER_THAN
    GreaterThan
    LESS_THAN
    LessThan
    EQUAL
    Equal
    NOT_EQUAL
    NotEqual
    "GreaterThan"
    GreaterThan
    "LessThan"
    LessThan
    "Equal"
    Equal
    "NotEqual"
    NotEqual

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:ScheduledAlertRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi