1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. Incident
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

azure-native.securityinsights.Incident

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

    Represents an incident in Azure Security Insights. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-01-01.

    Other available API versions: 2021-03-01-preview, 2023-02-01-preview, 2023-03-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01.

    Example Usage

    Creates or updates an incident.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var incident = new AzureNative.SecurityInsights.Incident("incident", new()
        {
            Classification = AzureNative.SecurityInsights.IncidentClassification.FalsePositive,
            ClassificationComment = "Not a malicious activity",
            ClassificationReason = AzureNative.SecurityInsights.IncidentClassificationReason.IncorrectAlertLogic,
            Description = "This is a demo incident",
            FirstActivityTimeUtc = "2019-01-01T13:00:30Z",
            IncidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
            LastActivityTimeUtc = "2019-01-01T13:05:30Z",
            Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
            {
                ObjectId = "2046feea-040d-4a46-9e2b-91c2941bfa70",
            },
            ResourceGroupName = "myRg",
            Severity = AzureNative.SecurityInsights.IncidentSeverity.High,
            Status = AzureNative.SecurityInsights.IncidentStatus.Closed,
            Title = "My incident",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewIncident(ctx, "incident", &securityinsights.IncidentArgs{
    			Classification:        pulumi.String(securityinsights.IncidentClassificationFalsePositive),
    			ClassificationComment: pulumi.String("Not a malicious activity"),
    			ClassificationReason:  pulumi.String(securityinsights.IncidentClassificationReasonIncorrectAlertLogic),
    			Description:           pulumi.String("This is a demo incident"),
    			FirstActivityTimeUtc:  pulumi.String("2019-01-01T13:00:30Z"),
    			IncidentId:            pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
    			LastActivityTimeUtc:   pulumi.String("2019-01-01T13:05:30Z"),
    			Owner: &securityinsights.IncidentOwnerInfoArgs{
    				ObjectId: pulumi.String("2046feea-040d-4a46-9e2b-91c2941bfa70"),
    			},
    			ResourceGroupName: pulumi.String("myRg"),
    			Severity:          pulumi.String(securityinsights.IncidentSeverityHigh),
    			Status:            pulumi.String(securityinsights.IncidentStatusClosed),
    			Title:             pulumi.String("My incident"),
    			WorkspaceName:     pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.Incident;
    import com.pulumi.azurenative.securityinsights.IncidentArgs;
    import com.pulumi.azurenative.securityinsights.inputs.IncidentOwnerInfoArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var incident = new Incident("incident", IncidentArgs.builder()        
                .classification("FalsePositive")
                .classificationComment("Not a malicious activity")
                .classificationReason("IncorrectAlertLogic")
                .description("This is a demo incident")
                .firstActivityTimeUtc("2019-01-01T13:00:30Z")
                .incidentId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
                .lastActivityTimeUtc("2019-01-01T13:05:30Z")
                .owner(IncidentOwnerInfoArgs.builder()
                    .objectId("2046feea-040d-4a46-9e2b-91c2941bfa70")
                    .build())
                .resourceGroupName("myRg")
                .severity("High")
                .status("Closed")
                .title("My incident")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    incident = azure_native.securityinsights.Incident("incident",
        classification=azure_native.securityinsights.IncidentClassification.FALSE_POSITIVE,
        classification_comment="Not a malicious activity",
        classification_reason=azure_native.securityinsights.IncidentClassificationReason.INCORRECT_ALERT_LOGIC,
        description="This is a demo incident",
        first_activity_time_utc="2019-01-01T13:00:30Z",
        incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        last_activity_time_utc="2019-01-01T13:05:30Z",
        owner=azure_native.securityinsights.IncidentOwnerInfoArgs(
            object_id="2046feea-040d-4a46-9e2b-91c2941bfa70",
        ),
        resource_group_name="myRg",
        severity=azure_native.securityinsights.IncidentSeverity.HIGH,
        status=azure_native.securityinsights.IncidentStatus.CLOSED,
        title="My incident",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const incident = new azure_native.securityinsights.Incident("incident", {
        classification: azure_native.securityinsights.IncidentClassification.FalsePositive,
        classificationComment: "Not a malicious activity",
        classificationReason: azure_native.securityinsights.IncidentClassificationReason.IncorrectAlertLogic,
        description: "This is a demo incident",
        firstActivityTimeUtc: "2019-01-01T13:00:30Z",
        incidentId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        lastActivityTimeUtc: "2019-01-01T13:05:30Z",
        owner: {
            objectId: "2046feea-040d-4a46-9e2b-91c2941bfa70",
        },
        resourceGroupName: "myRg",
        severity: azure_native.securityinsights.IncidentSeverity.High,
        status: azure_native.securityinsights.IncidentStatus.Closed,
        title: "My incident",
        workspaceName: "myWorkspace",
    });
    
    resources:
      incident:
        type: azure-native:securityinsights:Incident
        properties:
          classification: FalsePositive
          classificationComment: Not a malicious activity
          classificationReason: IncorrectAlertLogic
          description: This is a demo incident
          firstActivityTimeUtc: 2019-01-01T13:00:30Z
          incidentId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
          lastActivityTimeUtc: 2019-01-01T13:05:30Z
          owner:
            objectId: 2046feea-040d-4a46-9e2b-91c2941bfa70
          resourceGroupName: myRg
          severity: High
          status: Closed
          title: My incident
          workspaceName: myWorkspace
    

    Create Incident Resource

    new Incident(name: string, args: IncidentArgs, opts?: CustomResourceOptions);
    @overload
    def Incident(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 classification: Optional[Union[str, IncidentClassification]] = None,
                 classification_comment: Optional[str] = None,
                 classification_reason: Optional[Union[str, IncidentClassificationReason]] = None,
                 description: Optional[str] = None,
                 first_activity_time_utc: Optional[str] = None,
                 incident_id: Optional[str] = None,
                 labels: Optional[Sequence[IncidentLabelArgs]] = None,
                 last_activity_time_utc: Optional[str] = None,
                 owner: Optional[IncidentOwnerInfoArgs] = None,
                 resource_group_name: Optional[str] = None,
                 severity: Optional[Union[str, IncidentSeverity]] = None,
                 status: Optional[Union[str, IncidentStatus]] = None,
                 title: Optional[str] = None,
                 workspace_name: Optional[str] = None)
    @overload
    def Incident(resource_name: str,
                 args: IncidentArgs,
                 opts: Optional[ResourceOptions] = None)
    func NewIncident(ctx *Context, name string, args IncidentArgs, opts ...ResourceOption) (*Incident, error)
    public Incident(string name, IncidentArgs args, CustomResourceOptions? opts = null)
    public Incident(String name, IncidentArgs args)
    public Incident(String name, IncidentArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:Incident
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args IncidentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args IncidentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args IncidentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args IncidentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args IncidentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Incident Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Incident resource accepts the following input properties:

    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity
    The severity of the incident
    Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus
    The status of the incident
    Title string
    The title of the incident
    WorkspaceName string
    The name of the workspace.
    Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed
    ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason
    The classification reason the incident was closed with
    Description string
    The description of the incident
    FirstActivityTimeUtc string
    The time of the first activity in the incident
    IncidentId string
    Incident ID
    Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>
    List of labels relevant to this incident
    LastActivityTimeUtc string
    The time of the last activity in the incident
    Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo
    Describes a user that the incident is assigned to
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    Severity string | IncidentSeverity
    The severity of the incident
    Status string | IncidentStatus
    The status of the incident
    Title string
    The title of the incident
    WorkspaceName string
    The name of the workspace.
    Classification string | IncidentClassification
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed
    ClassificationReason string | IncidentClassificationReason
    The classification reason the incident was closed with
    Description string
    The description of the incident
    FirstActivityTimeUtc string
    The time of the first activity in the incident
    IncidentId string
    Incident ID
    Labels []IncidentLabelArgs
    List of labels relevant to this incident
    LastActivityTimeUtc string
    The time of the last activity in the incident
    Owner IncidentOwnerInfoArgs
    Describes a user that the incident is assigned to
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    severity String | IncidentSeverity
    The severity of the incident
    status String | IncidentStatus
    The status of the incident
    title String
    The title of the incident
    workspaceName String
    The name of the workspace.
    classification String | IncidentClassification
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed
    classificationReason String | IncidentClassificationReason
    The classification reason the incident was closed with
    description String
    The description of the incident
    firstActivityTimeUtc String
    The time of the first activity in the incident
    incidentId String
    Incident ID
    labels List<IncidentLabel>
    List of labels relevant to this incident
    lastActivityTimeUtc String
    The time of the last activity in the incident
    owner IncidentOwnerInfo
    Describes a user that the incident is assigned to
    resourceGroupName string
    The name of the resource group. The name is case insensitive.
    severity string | IncidentSeverity
    The severity of the incident
    status string | IncidentStatus
    The status of the incident
    title string
    The title of the incident
    workspaceName string
    The name of the workspace.
    classification string | IncidentClassification
    The reason the incident was closed
    classificationComment string
    Describes the reason the incident was closed
    classificationReason string | IncidentClassificationReason
    The classification reason the incident was closed with
    description string
    The description of the incident
    firstActivityTimeUtc string
    The time of the first activity in the incident
    incidentId string
    Incident ID
    labels IncidentLabel[]
    List of labels relevant to this incident
    lastActivityTimeUtc string
    The time of the last activity in the incident
    owner IncidentOwnerInfo
    Describes a user that the incident is assigned to
    resource_group_name str
    The name of the resource group. The name is case insensitive.
    severity str | IncidentSeverity
    The severity of the incident
    status str | IncidentStatus
    The status of the incident
    title str
    The title of the incident
    workspace_name str
    The name of the workspace.
    classification str | IncidentClassification
    The reason the incident was closed
    classification_comment str
    Describes the reason the incident was closed
    classification_reason str | IncidentClassificationReason
    The classification reason the incident was closed with
    description str
    The description of the incident
    first_activity_time_utc str
    The time of the first activity in the incident
    incident_id str
    Incident ID
    labels Sequence[IncidentLabelArgs]
    List of labels relevant to this incident
    last_activity_time_utc str
    The time of the last activity in the incident
    owner IncidentOwnerInfoArgs
    Describes a user that the incident is assigned to
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    severity String | "High" | "Medium" | "Low" | "Informational"
    The severity of the incident
    status String | "New" | "Active" | "Closed"
    The status of the incident
    title String
    The title of the incident
    workspaceName String
    The name of the workspace.
    classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive"
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed
    classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData"
    The classification reason the incident was closed with
    description String
    The description of the incident
    firstActivityTimeUtc String
    The time of the first activity in the incident
    incidentId String
    Incident ID
    labels List<Property Map>
    List of labels relevant to this incident
    lastActivityTimeUtc String
    The time of the last activity in the incident
    owner Property Map
    Describes a user that the incident is assigned to

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Incident resource produces the following output properties:

    AdditionalData Pulumi.AzureNative.SecurityInsights.Outputs.IncidentAdditionalDataResponse
    Additional data on the incident
    CreatedTimeUtc string
    The time the incident was created
    Id string
    The provider-assigned unique ID for this managed resource.
    IncidentNumber int
    A sequential number
    IncidentUrl string
    The deep-link url to the incident in Azure portal
    LastModifiedTimeUtc string
    The last time the incident was updated
    Name string
    The name of the resource
    ProviderIncidentId string
    The incident ID assigned by the incident provider
    ProviderName string
    The name of the source provider that generated the incident
    RelatedAnalyticRuleIds List<string>
    List of resource ids of Analytic rules related to the incident
    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    AdditionalData IncidentAdditionalDataResponse
    Additional data on the incident
    CreatedTimeUtc string
    The time the incident was created
    Id string
    The provider-assigned unique ID for this managed resource.
    IncidentNumber int
    A sequential number
    IncidentUrl string
    The deep-link url to the incident in Azure portal
    LastModifiedTimeUtc string
    The last time the incident was updated
    Name string
    The name of the resource
    ProviderIncidentId string
    The incident ID assigned by the incident provider
    ProviderName string
    The name of the source provider that generated the incident
    RelatedAnalyticRuleIds []string
    List of resource ids of Analytic rules related to the incident
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    additionalData IncidentAdditionalDataResponse
    Additional data on the incident
    createdTimeUtc String
    The time the incident was created
    id String
    The provider-assigned unique ID for this managed resource.
    incidentNumber Integer
    A sequential number
    incidentUrl String
    The deep-link url to the incident in Azure portal
    lastModifiedTimeUtc String
    The last time the incident was updated
    name String
    The name of the resource
    providerIncidentId String
    The incident ID assigned by the incident provider
    providerName String
    The name of the source provider that generated the incident
    relatedAnalyticRuleIds List<String>
    List of resource ids of Analytic rules related to the incident
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource
    additionalData IncidentAdditionalDataResponse
    Additional data on the incident
    createdTimeUtc string
    The time the incident was created
    id string
    The provider-assigned unique ID for this managed resource.
    incidentNumber number
    A sequential number
    incidentUrl string
    The deep-link url to the incident in Azure portal
    lastModifiedTimeUtc string
    The last time the incident was updated
    name string
    The name of the resource
    providerIncidentId string
    The incident ID assigned by the incident provider
    providerName string
    The name of the source provider that generated the incident
    relatedAnalyticRuleIds string[]
    List of resource ids of Analytic rules related to the incident
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag string
    Etag of the azure resource
    additional_data IncidentAdditionalDataResponse
    Additional data on the incident
    created_time_utc str
    The time the incident was created
    id str
    The provider-assigned unique ID for this managed resource.
    incident_number int
    A sequential number
    incident_url str
    The deep-link url to the incident in Azure portal
    last_modified_time_utc str
    The last time the incident was updated
    name str
    The name of the resource
    provider_incident_id str
    The incident ID assigned by the incident provider
    provider_name str
    The name of the source provider that generated the incident
    related_analytic_rule_ids Sequence[str]
    List of resource ids of Analytic rules related to the incident
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag str
    Etag of the azure resource
    additionalData Property Map
    Additional data on the incident
    createdTimeUtc String
    The time the incident was created
    id String
    The provider-assigned unique ID for this managed resource.
    incidentNumber Number
    A sequential number
    incidentUrl String
    The deep-link url to the incident in Azure portal
    lastModifiedTimeUtc String
    The last time the incident was updated
    name String
    The name of the resource
    providerIncidentId String
    The incident ID assigned by the incident provider
    providerName String
    The name of the source provider that generated the incident
    relatedAnalyticRuleIds List<String>
    List of resource ids of Analytic rules related to the incident
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource

    Supporting Types

    IncidentAdditionalDataResponse, IncidentAdditionalDataResponseArgs

    AlertProductNames List<string>
    List of product names of alerts in the incident
    AlertsCount int
    The number of alerts in the incident
    BookmarksCount int
    The number of bookmarks in the incident
    CommentsCount int
    The number of comments in the incident
    ProviderIncidentUrl string
    The provider incident url to the incident in Microsoft 365 Defender portal
    Tactics List<string>
    The tactics associated with incident
    AlertProductNames []string
    List of product names of alerts in the incident
    AlertsCount int
    The number of alerts in the incident
    BookmarksCount int
    The number of bookmarks in the incident
    CommentsCount int
    The number of comments in the incident
    ProviderIncidentUrl string
    The provider incident url to the incident in Microsoft 365 Defender portal
    Tactics []string
    The tactics associated with incident
    alertProductNames List<String>
    List of product names of alerts in the incident
    alertsCount Integer
    The number of alerts in the incident
    bookmarksCount Integer
    The number of bookmarks in the incident
    commentsCount Integer
    The number of comments in the incident
    providerIncidentUrl String
    The provider incident url to the incident in Microsoft 365 Defender portal
    tactics List<String>
    The tactics associated with incident
    alertProductNames string[]
    List of product names of alerts in the incident
    alertsCount number
    The number of alerts in the incident
    bookmarksCount number
    The number of bookmarks in the incident
    commentsCount number
    The number of comments in the incident
    providerIncidentUrl string
    The provider incident url to the incident in Microsoft 365 Defender portal
    tactics string[]
    The tactics associated with incident
    alert_product_names Sequence[str]
    List of product names of alerts in the incident
    alerts_count int
    The number of alerts in the incident
    bookmarks_count int
    The number of bookmarks in the incident
    comments_count int
    The number of comments in the incident
    provider_incident_url str
    The provider incident url to the incident in Microsoft 365 Defender portal
    tactics Sequence[str]
    The tactics associated with incident
    alertProductNames List<String>
    List of product names of alerts in the incident
    alertsCount Number
    The number of alerts in the incident
    bookmarksCount Number
    The number of bookmarks in the incident
    commentsCount Number
    The number of comments in the incident
    providerIncidentUrl String
    The provider incident url to the incident in Microsoft 365 Defender portal
    tactics List<String>
    The tactics associated with incident

    IncidentClassification, IncidentClassificationArgs

    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    IncidentClassificationUndetermined
    UndeterminedIncident classification was undetermined
    IncidentClassificationTruePositive
    TruePositiveIncident was true positive
    IncidentClassificationBenignPositive
    BenignPositiveIncident was benign positive
    IncidentClassificationFalsePositive
    FalsePositiveIncident was false positive
    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    UNDETERMINED
    UndeterminedIncident classification was undetermined
    TRUE_POSITIVE
    TruePositiveIncident was true positive
    BENIGN_POSITIVE
    BenignPositiveIncident was benign positive
    FALSE_POSITIVE
    FalsePositiveIncident was false positive
    "Undetermined"
    UndeterminedIncident classification was undetermined
    "TruePositive"
    TruePositiveIncident was true positive
    "BenignPositive"
    BenignPositiveIncident was benign positive
    "FalsePositive"
    FalsePositiveIncident was false positive

    IncidentClassificationReason, IncidentClassificationReasonArgs

    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    IncidentClassificationReasonSuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    IncidentClassificationReasonSuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncidentClassificationReasonIncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    IncidentClassificationReasonInaccurateData
    InaccurateDataClassification reason was inaccurate data
    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    SUSPICIOUS_ACTIVITY
    SuspiciousActivityClassification reason was suspicious activity
    SUSPICIOUS_BUT_EXPECTED
    SuspiciousButExpectedClassification reason was suspicious but expected
    INCORRECT_ALERT_LOGIC
    IncorrectAlertLogicClassification reason was incorrect alert logic
    INACCURATE_DATA
    InaccurateDataClassification reason was inaccurate data
    "SuspiciousActivity"
    SuspiciousActivityClassification reason was suspicious activity
    "SuspiciousButExpected"
    SuspiciousButExpectedClassification reason was suspicious but expected
    "IncorrectAlertLogic"
    IncorrectAlertLogicClassification reason was incorrect alert logic
    "InaccurateData"
    InaccurateDataClassification reason was inaccurate data

    IncidentLabel, IncidentLabelArgs

    LabelName string
    The name of the label
    LabelName string
    The name of the label
    labelName String
    The name of the label
    labelName string
    The name of the label
    label_name str
    The name of the label
    labelName String
    The name of the label

    IncidentLabelResponse, IncidentLabelResponseArgs

    LabelName string
    The name of the label
    LabelType string
    The type of the label
    LabelName string
    The name of the label
    LabelType string
    The type of the label
    labelName String
    The name of the label
    labelType String
    The type of the label
    labelName string
    The name of the label
    labelType string
    The type of the label
    label_name str
    The name of the label
    label_type str
    The type of the label
    labelName String
    The name of the label
    labelType String
    The type of the label

    IncidentOwnerInfo, IncidentOwnerInfoArgs

    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string | Pulumi.AzureNative.SecurityInsights.OwnerType
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string | OwnerType
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String | OwnerType
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.
    assignedTo string
    The name of the user the incident is assigned to.
    email string
    The email of the user the incident is assigned to.
    objectId string
    The object id of the user the incident is assigned to.
    ownerType string | OwnerType
    The type of the owner the incident is assigned to.
    userPrincipalName string
    The user principal name of the user the incident is assigned to.
    assigned_to str
    The name of the user the incident is assigned to.
    email str
    The email of the user the incident is assigned to.
    object_id str
    The object id of the user the incident is assigned to.
    owner_type str | OwnerType
    The type of the owner the incident is assigned to.
    user_principal_name str
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String | "Unknown" | "User" | "Group"
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.

    IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.
    assignedTo string
    The name of the user the incident is assigned to.
    email string
    The email of the user the incident is assigned to.
    objectId string
    The object id of the user the incident is assigned to.
    ownerType string
    The type of the owner the incident is assigned to.
    userPrincipalName string
    The user principal name of the user the incident is assigned to.
    assigned_to str
    The name of the user the incident is assigned to.
    email str
    The email of the user the incident is assigned to.
    object_id str
    The object id of the user the incident is assigned to.
    owner_type str
    The type of the owner the incident is assigned to.
    user_principal_name str
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.

    IncidentSeverity, IncidentSeverityArgs

    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    IncidentSeverityHigh
    HighHigh severity
    IncidentSeverityMedium
    MediumMedium severity
    IncidentSeverityLow
    LowLow severity
    IncidentSeverityInformational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    HIGH
    HighHigh severity
    MEDIUM
    MediumMedium severity
    LOW
    LowLow severity
    INFORMATIONAL
    InformationalInformational severity
    "High"
    HighHigh severity
    "Medium"
    MediumMedium severity
    "Low"
    LowLow severity
    "Informational"
    InformationalInformational severity

    IncidentStatus, IncidentStatusArgs

    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    IncidentStatusNew
    NewAn active incident which isn't being handled currently
    IncidentStatusActive
    ActiveAn active incident which is being handled
    IncidentStatusClosed
    ClosedA non-active incident
    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    NEW
    NewAn active incident which isn't being handled currently
    ACTIVE
    ActiveAn active incident which is being handled
    CLOSED
    ClosedA non-active incident
    "New"
    NewAn active incident which isn't being handled currently
    "Active"
    ActiveAn active incident which is being handled
    "Closed"
    ClosedA non-active incident

    OwnerType, OwnerTypeArgs

    Unknown
    UnknownThe incident owner type is unknown
    User
    UserThe incident owner type is an AAD user
    Group
    GroupThe incident owner type is an AAD group
    OwnerTypeUnknown
    UnknownThe incident owner type is unknown
    OwnerTypeUser
    UserThe incident owner type is an AAD user
    OwnerTypeGroup
    GroupThe incident owner type is an AAD group
    Unknown
    UnknownThe incident owner type is unknown
    User
    UserThe incident owner type is an AAD user
    Group
    GroupThe incident owner type is an AAD group
    Unknown
    UnknownThe incident owner type is unknown
    User
    UserThe incident owner type is an AAD user
    Group
    GroupThe incident owner type is an AAD group
    UNKNOWN
    UnknownThe incident owner type is unknown
    USER
    UserThe incident owner type is an AAD user
    GROUP
    GroupThe incident owner type is an AAD group
    "Unknown"
    UnknownThe incident owner type is unknown
    "User"
    UserThe incident owner type is an AAD user
    "Group"
    GroupThe incident owner type is an AAD group

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:Incident 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi