1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. getIncident
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

azure-native.securityinsights.getIncident

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi

    Gets a given incident. Azure REST API version: 2023-02-01.

    Other available API versions: 2021-03-01-preview, 2023-02-01-preview, 2023-03-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01.

    Using getIncident

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getIncident(args: GetIncidentArgs, opts?: InvokeOptions): Promise<GetIncidentResult>
    function getIncidentOutput(args: GetIncidentOutputArgs, opts?: InvokeOptions): Output<GetIncidentResult>
    def get_incident(incident_id: Optional[str] = None,
                     resource_group_name: Optional[str] = None,
                     workspace_name: Optional[str] = None,
                     opts: Optional[InvokeOptions] = None) -> GetIncidentResult
    def get_incident_output(incident_id: Optional[pulumi.Input[str]] = None,
                     resource_group_name: Optional[pulumi.Input[str]] = None,
                     workspace_name: Optional[pulumi.Input[str]] = None,
                     opts: Optional[InvokeOptions] = None) -> Output[GetIncidentResult]
    func LookupIncident(ctx *Context, args *LookupIncidentArgs, opts ...InvokeOption) (*LookupIncidentResult, error)
    func LookupIncidentOutput(ctx *Context, args *LookupIncidentOutputArgs, opts ...InvokeOption) LookupIncidentResultOutput

    > Note: This function is named LookupIncident in the Go SDK.

    public static class GetIncident 
    {
        public static Task<GetIncidentResult> InvokeAsync(GetIncidentArgs args, InvokeOptions? opts = null)
        public static Output<GetIncidentResult> Invoke(GetIncidentInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetIncidentResult> getIncident(GetIncidentArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure-native:securityinsights:getIncident
      arguments:
        # arguments dictionary

    The following arguments are supported:

    IncidentId string
    Incident ID
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    WorkspaceName string
    The name of the workspace.
    IncidentId string
    Incident ID
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    WorkspaceName string
    The name of the workspace.
    incidentId String
    Incident ID
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    workspaceName String
    The name of the workspace.
    incidentId string
    Incident ID
    resourceGroupName string
    The name of the resource group. The name is case insensitive.
    workspaceName string
    The name of the workspace.
    incident_id str
    Incident ID
    resource_group_name str
    The name of the resource group. The name is case insensitive.
    workspace_name str
    The name of the workspace.
    incidentId String
    Incident ID
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    workspaceName String
    The name of the workspace.

    getIncident Result

    The following output properties are available:

    AdditionalData Pulumi.AzureNative.SecurityInsights.Outputs.IncidentAdditionalDataResponse
    Additional data on the incident
    CreatedTimeUtc string
    The time the incident was created
    Id string
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    IncidentNumber int
    A sequential number
    IncidentUrl string
    The deep-link url to the incident in Azure portal
    LastModifiedTimeUtc string
    The last time the incident was updated
    Name string
    The name of the resource
    ProviderIncidentId string
    The incident ID assigned by the incident provider
    ProviderName string
    The name of the source provider that generated the incident
    RelatedAnalyticRuleIds List<string>
    List of resource ids of Analytic rules related to the incident
    Severity string
    The severity of the incident
    Status string
    The status of the incident
    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Title string
    The title of the incident
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Classification string
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed
    ClassificationReason string
    The classification reason the incident was closed with
    Description string
    The description of the incident
    Etag string
    Etag of the azure resource
    FirstActivityTimeUtc string
    The time of the first activity in the incident
    Labels List<Pulumi.AzureNative.SecurityInsights.Outputs.IncidentLabelResponse>
    List of labels relevant to this incident
    LastActivityTimeUtc string
    The time of the last activity in the incident
    Owner Pulumi.AzureNative.SecurityInsights.Outputs.IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    AdditionalData IncidentAdditionalDataResponse
    Additional data on the incident
    CreatedTimeUtc string
    The time the incident was created
    Id string
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    IncidentNumber int
    A sequential number
    IncidentUrl string
    The deep-link url to the incident in Azure portal
    LastModifiedTimeUtc string
    The last time the incident was updated
    Name string
    The name of the resource
    ProviderIncidentId string
    The incident ID assigned by the incident provider
    ProviderName string
    The name of the source provider that generated the incident
    RelatedAnalyticRuleIds []string
    List of resource ids of Analytic rules related to the incident
    Severity string
    The severity of the incident
    Status string
    The status of the incident
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Title string
    The title of the incident
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Classification string
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed
    ClassificationReason string
    The classification reason the incident was closed with
    Description string
    The description of the incident
    Etag string
    Etag of the azure resource
    FirstActivityTimeUtc string
    The time of the first activity in the incident
    Labels []IncidentLabelResponse
    List of labels relevant to this incident
    LastActivityTimeUtc string
    The time of the last activity in the incident
    Owner IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    additionalData IncidentAdditionalDataResponse
    Additional data on the incident
    createdTimeUtc String
    The time the incident was created
    id String
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    incidentNumber Integer
    A sequential number
    incidentUrl String
    The deep-link url to the incident in Azure portal
    lastModifiedTimeUtc String
    The last time the incident was updated
    name String
    The name of the resource
    providerIncidentId String
    The incident ID assigned by the incident provider
    providerName String
    The name of the source provider that generated the incident
    relatedAnalyticRuleIds List<String>
    List of resource ids of Analytic rules related to the incident
    severity String
    The severity of the incident
    status String
    The status of the incident
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    title String
    The title of the incident
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    classification String
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed
    classificationReason String
    The classification reason the incident was closed with
    description String
    The description of the incident
    etag String
    Etag of the azure resource
    firstActivityTimeUtc String
    The time of the first activity in the incident
    labels List<IncidentLabelResponse>
    List of labels relevant to this incident
    lastActivityTimeUtc String
    The time of the last activity in the incident
    owner IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    additionalData IncidentAdditionalDataResponse
    Additional data on the incident
    createdTimeUtc string
    The time the incident was created
    id string
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    incidentNumber number
    A sequential number
    incidentUrl string
    The deep-link url to the incident in Azure portal
    lastModifiedTimeUtc string
    The last time the incident was updated
    name string
    The name of the resource
    providerIncidentId string
    The incident ID assigned by the incident provider
    providerName string
    The name of the source provider that generated the incident
    relatedAnalyticRuleIds string[]
    List of resource ids of Analytic rules related to the incident
    severity string
    The severity of the incident
    status string
    The status of the incident
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    title string
    The title of the incident
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    classification string
    The reason the incident was closed
    classificationComment string
    Describes the reason the incident was closed
    classificationReason string
    The classification reason the incident was closed with
    description string
    The description of the incident
    etag string
    Etag of the azure resource
    firstActivityTimeUtc string
    The time of the first activity in the incident
    labels IncidentLabelResponse[]
    List of labels relevant to this incident
    lastActivityTimeUtc string
    The time of the last activity in the incident
    owner IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    additional_data IncidentAdditionalDataResponse
    Additional data on the incident
    created_time_utc str
    The time the incident was created
    id str
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    incident_number int
    A sequential number
    incident_url str
    The deep-link url to the incident in Azure portal
    last_modified_time_utc str
    The last time the incident was updated
    name str
    The name of the resource
    provider_incident_id str
    The incident ID assigned by the incident provider
    provider_name str
    The name of the source provider that generated the incident
    related_analytic_rule_ids Sequence[str]
    List of resource ids of Analytic rules related to the incident
    severity str
    The severity of the incident
    status str
    The status of the incident
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    title str
    The title of the incident
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    classification str
    The reason the incident was closed
    classification_comment str
    Describes the reason the incident was closed
    classification_reason str
    The classification reason the incident was closed with
    description str
    The description of the incident
    etag str
    Etag of the azure resource
    first_activity_time_utc str
    The time of the first activity in the incident
    labels Sequence[IncidentLabelResponse]
    List of labels relevant to this incident
    last_activity_time_utc str
    The time of the last activity in the incident
    owner IncidentOwnerInfoResponse
    Describes a user that the incident is assigned to
    additionalData Property Map
    Additional data on the incident
    createdTimeUtc String
    The time the incident was created
    id String
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    incidentNumber Number
    A sequential number
    incidentUrl String
    The deep-link url to the incident in Azure portal
    lastModifiedTimeUtc String
    The last time the incident was updated
    name String
    The name of the resource
    providerIncidentId String
    The incident ID assigned by the incident provider
    providerName String
    The name of the source provider that generated the incident
    relatedAnalyticRuleIds List<String>
    List of resource ids of Analytic rules related to the incident
    severity String
    The severity of the incident
    status String
    The status of the incident
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    title String
    The title of the incident
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    classification String
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed
    classificationReason String
    The classification reason the incident was closed with
    description String
    The description of the incident
    etag String
    Etag of the azure resource
    firstActivityTimeUtc String
    The time of the first activity in the incident
    labels List<Property Map>
    List of labels relevant to this incident
    lastActivityTimeUtc String
    The time of the last activity in the incident
    owner Property Map
    Describes a user that the incident is assigned to

    Supporting Types

    IncidentAdditionalDataResponse

    AlertProductNames List<string>
    List of product names of alerts in the incident
    AlertsCount int
    The number of alerts in the incident
    BookmarksCount int
    The number of bookmarks in the incident
    CommentsCount int
    The number of comments in the incident
    ProviderIncidentUrl string
    The provider incident url to the incident in Microsoft 365 Defender portal
    Tactics List<string>
    The tactics associated with incident
    AlertProductNames []string
    List of product names of alerts in the incident
    AlertsCount int
    The number of alerts in the incident
    BookmarksCount int
    The number of bookmarks in the incident
    CommentsCount int
    The number of comments in the incident
    ProviderIncidentUrl string
    The provider incident url to the incident in Microsoft 365 Defender portal
    Tactics []string
    The tactics associated with incident
    alertProductNames List<String>
    List of product names of alerts in the incident
    alertsCount Integer
    The number of alerts in the incident
    bookmarksCount Integer
    The number of bookmarks in the incident
    commentsCount Integer
    The number of comments in the incident
    providerIncidentUrl String
    The provider incident url to the incident in Microsoft 365 Defender portal
    tactics List<String>
    The tactics associated with incident
    alertProductNames string[]
    List of product names of alerts in the incident
    alertsCount number
    The number of alerts in the incident
    bookmarksCount number
    The number of bookmarks in the incident
    commentsCount number
    The number of comments in the incident
    providerIncidentUrl string
    The provider incident url to the incident in Microsoft 365 Defender portal
    tactics string[]
    The tactics associated with incident
    alert_product_names Sequence[str]
    List of product names of alerts in the incident
    alerts_count int
    The number of alerts in the incident
    bookmarks_count int
    The number of bookmarks in the incident
    comments_count int
    The number of comments in the incident
    provider_incident_url str
    The provider incident url to the incident in Microsoft 365 Defender portal
    tactics Sequence[str]
    The tactics associated with incident
    alertProductNames List<String>
    List of product names of alerts in the incident
    alertsCount Number
    The number of alerts in the incident
    bookmarksCount Number
    The number of bookmarks in the incident
    commentsCount Number
    The number of comments in the incident
    providerIncidentUrl String
    The provider incident url to the incident in Microsoft 365 Defender portal
    tactics List<String>
    The tactics associated with incident

    IncidentLabelResponse

    LabelName string
    The name of the label
    LabelType string
    The type of the label
    LabelName string
    The name of the label
    LabelType string
    The type of the label
    labelName String
    The name of the label
    labelType String
    The type of the label
    labelName string
    The name of the label
    labelType string
    The type of the label
    label_name str
    The name of the label
    label_type str
    The type of the label
    labelName String
    The name of the label
    labelType String
    The type of the label

    IncidentOwnerInfoResponse

    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.
    assignedTo string
    The name of the user the incident is assigned to.
    email string
    The email of the user the incident is assigned to.
    objectId string
    The object id of the user the incident is assigned to.
    ownerType string
    The type of the owner the incident is assigned to.
    userPrincipalName string
    The user principal name of the user the incident is assigned to.
    assigned_to str
    The name of the user the incident is assigned to.
    email str
    The email of the user the incident is assigned to.
    object_id str
    The object id of the user the incident is assigned to.
    owner_type str
    The type of the owner the incident is assigned to.
    user_principal_name str
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.

    SystemDataResponse

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.34.0 published on Thursday, Mar 28, 2024 by Pulumi