azure-native.security.AlertsSuppressionRule

Describes the suppression rule API Version: 2019-01-01-preview.

Example Usage

Update or create suppression rule for subscription

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var alertsSuppressionRule = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRule", new()
    {
        AlertType = "IpAnomaly",
        AlertsSuppressionRuleName = "dismissIpAnomalyAlerts",
        Comment = "Test VM",
        ExpirationDateUtc = "2019-12-01T19:50:47.083633Z",
        Reason = "FalsePositive",
        State = "Enabled",
        SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
        {
            AllOf = new[]
            {
                new AzureNative.Security.Inputs.ScopeElementArgs
                {
                    Field = "entities.ip.address",
                },
                new AzureNative.Security.Inputs.ScopeElementArgs
                {
                    Field = "entities.process.commandline",
                },
            },
        },
    });

});
package main

import (
	security "github.com/pulumi/pulumi-azure-native/sdk/go/azure/security"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRule", &security.AlertsSuppressionRuleArgs{
			AlertType:                 pulumi.String("IpAnomaly"),
			AlertsSuppressionRuleName: pulumi.String("dismissIpAnomalyAlerts"),
			Comment:                   pulumi.String("Test VM"),
			ExpirationDateUtc:         pulumi.String("2019-12-01T19:50:47.083633Z"),
			Reason:                    pulumi.String("FalsePositive"),
			State:                     pulumi.String("Enabled"),
			SuppressionAlertsScope: security.SuppressionAlertsScopeResponse{
				AllOf: []security.ScopeElementArgs{
					{
						Field: pulumi.String("entities.ip.address"),
					},
					{
						Field: pulumi.String("entities.process.commandline"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.AlertsSuppressionRule;
import com.pulumi.azurenative.security.AlertsSuppressionRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var alertsSuppressionRule = new AlertsSuppressionRule("alertsSuppressionRule", AlertsSuppressionRuleArgs.builder()        
            .alertType("IpAnomaly")
            .alertsSuppressionRuleName("dismissIpAnomalyAlerts")
            .comment("Test VM")
            .expirationDateUtc("2019-12-01T19:50:47.083633Z")
            .reason("FalsePositive")
            .state("Enabled")
            .suppressionAlertsScope(Map.of("allOf",             
                Map.of("field", "entities.ip.address"),
                Map.of("field", "entities.process.commandline")))
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

alerts_suppression_rule = azure_native.security.AlertsSuppressionRule("alertsSuppressionRule",
    alert_type="IpAnomaly",
    alerts_suppression_rule_name="dismissIpAnomalyAlerts",
    comment="Test VM",
    expiration_date_utc="2019-12-01T19:50:47.083633Z",
    reason="FalsePositive",
    state="Enabled",
    suppression_alerts_scope=azure_native.security.SuppressionAlertsScopeResponseArgs(
        all_of=[
            azure_native.security.ScopeElementArgs(
                field="entities.ip.address",
            ),
            azure_native.security.ScopeElementArgs(
                field="entities.process.commandline",
            ),
        ],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const alertsSuppressionRule = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRule", {
    alertType: "IpAnomaly",
    alertsSuppressionRuleName: "dismissIpAnomalyAlerts",
    comment: "Test VM",
    expirationDateUtc: "2019-12-01T19:50:47.083633Z",
    reason: "FalsePositive",
    state: "Enabled",
    suppressionAlertsScope: {
        allOf: [
            {
                field: "entities.ip.address",
            },
            {
                field: "entities.process.commandline",
            },
        ],
    },
});
resources:
  alertsSuppressionRule:
    type: azure-native:security:AlertsSuppressionRule
    properties:
      alertType: IpAnomaly
      alertsSuppressionRuleName: dismissIpAnomalyAlerts
      comment: Test VM
      expirationDateUtc: 2019-12-01T19:50:47.083633Z
      reason: FalsePositive
      state: Enabled
      suppressionAlertsScope:
        allOf:
          - field: entities.ip.address
          - field: entities.process.commandline

Create AlertsSuppressionRule Resource

new AlertsSuppressionRule(name: string, args: AlertsSuppressionRuleArgs, opts?: CustomResourceOptions);
@overload
def AlertsSuppressionRule(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          alert_type: Optional[str] = None,
                          alerts_suppression_rule_name: Optional[str] = None,
                          comment: Optional[str] = None,
                          expiration_date_utc: Optional[str] = None,
                          reason: Optional[str] = None,
                          state: Optional[Union[str, RuleState]] = None,
                          suppression_alerts_scope: Optional[SuppressionAlertsScopeArgs] = None)
@overload
def AlertsSuppressionRule(resource_name: str,
                          args: AlertsSuppressionRuleArgs,
                          opts: Optional[ResourceOptions] = None)
func NewAlertsSuppressionRule(ctx *Context, name string, args AlertsSuppressionRuleArgs, opts ...ResourceOption) (*AlertsSuppressionRule, error)
public AlertsSuppressionRule(string name, AlertsSuppressionRuleArgs args, CustomResourceOptions? opts = null)
public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args)
public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args, CustomResourceOptions options)
type: azure-native:security:AlertsSuppressionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AlertsSuppressionRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AlertsSuppressionRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AlertsSuppressionRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AlertsSuppressionRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AlertsSuppressionRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AlertsSuppressionRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AlertsSuppressionRule resource accepts the following input properties:

AlertType string

Type of the alert to automatically suppress. For all alert types, use '*'

Reason string

The reason for dismissing the alert

State string | Pulumi.AzureNative.Security.RuleState

Possible states of the rule

AlertsSuppressionRuleName string

The unique name of the suppression alert rule

Comment string

Any comment regarding the rule

ExpirationDateUtc string

Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

SuppressionAlertsScope Pulumi.AzureNative.Security.Inputs.SuppressionAlertsScopeArgs

The suppression conditions

AlertType string

Type of the alert to automatically suppress. For all alert types, use '*'

Reason string

The reason for dismissing the alert

State string | RuleState

Possible states of the rule

AlertsSuppressionRuleName string

The unique name of the suppression alert rule

Comment string

Any comment regarding the rule

ExpirationDateUtc string

Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

SuppressionAlertsScope SuppressionAlertsScopeArgs

The suppression conditions

alertType String

Type of the alert to automatically suppress. For all alert types, use '*'

reason String

The reason for dismissing the alert

state String | RuleState

Possible states of the rule

alertsSuppressionRuleName String

The unique name of the suppression alert rule

comment String

Any comment regarding the rule

expirationDateUtc String

Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

suppressionAlertsScope SuppressionAlertsScopeArgs

The suppression conditions

alertType string

Type of the alert to automatically suppress. For all alert types, use '*'

reason string

The reason for dismissing the alert

state string | RuleState

Possible states of the rule

alertsSuppressionRuleName string

The unique name of the suppression alert rule

comment string

Any comment regarding the rule

expirationDateUtc string

Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

suppressionAlertsScope SuppressionAlertsScopeArgs

The suppression conditions

alert_type str

Type of the alert to automatically suppress. For all alert types, use '*'

reason str

The reason for dismissing the alert

state str | RuleState

Possible states of the rule

alerts_suppression_rule_name str

The unique name of the suppression alert rule

comment str

Any comment regarding the rule

expiration_date_utc str

Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

suppression_alerts_scope SuppressionAlertsScopeArgs

The suppression conditions

alertType String

Type of the alert to automatically suppress. For all alert types, use '*'

reason String

The reason for dismissing the alert

state String | "Enabled" | "Disabled" | "Expired"

Possible states of the rule

alertsSuppressionRuleName String

The unique name of the suppression alert rule

comment String

Any comment regarding the rule

expirationDateUtc String

Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

suppressionAlertsScope Property Map

The suppression conditions

Outputs

All input properties are implicitly available as output properties. Additionally, the AlertsSuppressionRule resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

LastModifiedUtc string

The last time this rule was modified

Name string

Resource name

Type string

Resource type

Id string

The provider-assigned unique ID for this managed resource.

LastModifiedUtc string

The last time this rule was modified

Name string

Resource name

Type string

Resource type

id String

The provider-assigned unique ID for this managed resource.

lastModifiedUtc String

The last time this rule was modified

name String

Resource name

type String

Resource type

id string

The provider-assigned unique ID for this managed resource.

lastModifiedUtc string

The last time this rule was modified

name string

Resource name

type string

Resource type

id str

The provider-assigned unique ID for this managed resource.

last_modified_utc str

The last time this rule was modified

name str

Resource name

type str

Resource type

id String

The provider-assigned unique ID for this managed resource.

lastModifiedUtc String

The last time this rule was modified

name String

Resource name

type String

Resource type

Supporting Types

RuleState

Enabled
Enabled
Disabled
Disabled
Expired
Expired
RuleStateEnabled
Enabled
RuleStateDisabled
Disabled
RuleStateExpired
Expired
Enabled
Enabled
Disabled
Disabled
Expired
Expired
Enabled
Enabled
Disabled
Disabled
Expired
Expired
ENABLED
Enabled
DISABLED
Disabled
EXPIRED
Expired
"Enabled"
Enabled
"Disabled"
Disabled
"Expired"
Expired

ScopeElement

Field string

The alert entity type to suppress by.

Field string

The alert entity type to suppress by.

field String

The alert entity type to suppress by.

field string

The alert entity type to suppress by.

field str

The alert entity type to suppress by.

field String

The alert entity type to suppress by.

ScopeElementResponse

Field string

The alert entity type to suppress by.

Field string

The alert entity type to suppress by.

field String

The alert entity type to suppress by.

field string

The alert entity type to suppress by.

field str

The alert entity type to suppress by.

field String

The alert entity type to suppress by.

SuppressionAlertsScope

AllOf List<Pulumi.AzureNative.Security.Inputs.ScopeElement>

All the conditions inside need to be true in order to suppress the alert

AllOf []ScopeElement

All the conditions inside need to be true in order to suppress the alert

allOf List<ScopeElement>

All the conditions inside need to be true in order to suppress the alert

allOf ScopeElement[]

All the conditions inside need to be true in order to suppress the alert

all_of Sequence[ScopeElement]

All the conditions inside need to be true in order to suppress the alert

allOf List<Property Map>

All the conditions inside need to be true in order to suppress the alert

SuppressionAlertsScopeResponse

AllOf List<Pulumi.AzureNative.Security.Inputs.ScopeElementResponse>

All the conditions inside need to be true in order to suppress the alert

AllOf []ScopeElementResponse

All the conditions inside need to be true in order to suppress the alert

allOf List<ScopeElementResponse>

All the conditions inside need to be true in order to suppress the alert

allOf ScopeElementResponse[]

All the conditions inside need to be true in order to suppress the alert

all_of Sequence[ScopeElementResponse]

All the conditions inside need to be true in order to suppress the alert

allOf List<Property Map>

All the conditions inside need to be true in order to suppress the alert

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:security:AlertsSuppressionRule dismissIpAnomalyAlerts /subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/alertsSuppressionRules/dismissIpAnomalyAlerts 

Package Details

Repository
Azure Native pulumi/pulumi-azure-native
License
Apache-2.0