1. Packages
  2. Azure Native
  3. API Docs
  4. security
  5. AlertsSuppressionRule
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.8.0 published on Monday, Sep 18, 2023 by Pulumi

azure-native.security.AlertsSuppressionRule

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.8.0 published on Monday, Sep 18, 2023 by Pulumi

    Describes the suppression rule Azure REST API version: 2019-01-01-preview. Prior API version in Azure Native 1.x: 2019-01-01-preview

    Example Usage

    Update or create suppression rule for subscription

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var alertsSuppressionRule = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRule", new()
        {
            AlertType = "IpAnomaly",
            AlertsSuppressionRuleName = "dismissIpAnomalyAlerts",
            Comment = "Test VM",
            ExpirationDateUtc = "2019-12-01T19:50:47.083633Z",
            Reason = "FalsePositive",
            State = "Enabled",
            SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
            {
                AllOf = new[]
                {
                    new AzureNative.Security.Inputs.ScopeElementArgs
                    {
                        Field = "entities.ip.address",
                    },
                    new AzureNative.Security.Inputs.ScopeElementArgs
                    {
                        Field = "entities.process.commandline",
                    },
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/security/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRule", &security.AlertsSuppressionRuleArgs{
    			AlertType:                 pulumi.String("IpAnomaly"),
    			AlertsSuppressionRuleName: pulumi.String("dismissIpAnomalyAlerts"),
    			Comment:                   pulumi.String("Test VM"),
    			ExpirationDateUtc:         pulumi.String("2019-12-01T19:50:47.083633Z"),
    			Reason:                    pulumi.String("FalsePositive"),
    			State:                     pulumi.String("Enabled"),
    			SuppressionAlertsScope: security.SuppressionAlertsScopeResponse{
    				AllOf: security.ScopeElementArray{
    					&security.ScopeElementArgs{
    						Field: pulumi.String("entities.ip.address"),
    					},
    					&security.ScopeElementArgs{
    						Field: pulumi.String("entities.process.commandline"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.security.AlertsSuppressionRule;
    import com.pulumi.azurenative.security.AlertsSuppressionRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var alertsSuppressionRule = new AlertsSuppressionRule("alertsSuppressionRule", AlertsSuppressionRuleArgs.builder()        
                .alertType("IpAnomaly")
                .alertsSuppressionRuleName("dismissIpAnomalyAlerts")
                .comment("Test VM")
                .expirationDateUtc("2019-12-01T19:50:47.083633Z")
                .reason("FalsePositive")
                .state("Enabled")
                .suppressionAlertsScope(Map.of("allOf",             
                    Map.of("field", "entities.ip.address"),
                    Map.of("field", "entities.process.commandline")))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    alerts_suppression_rule = azure_native.security.AlertsSuppressionRule("alertsSuppressionRule",
        alert_type="IpAnomaly",
        alerts_suppression_rule_name="dismissIpAnomalyAlerts",
        comment="Test VM",
        expiration_date_utc="2019-12-01T19:50:47.083633Z",
        reason="FalsePositive",
        state="Enabled",
        suppression_alerts_scope=azure_native.security.SuppressionAlertsScopeResponseArgs(
            all_of=[
                azure_native.security.ScopeElementArgs(
                    field="entities.ip.address",
                ),
                azure_native.security.ScopeElementArgs(
                    field="entities.process.commandline",
                ),
            ],
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const alertsSuppressionRule = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRule", {
        alertType: "IpAnomaly",
        alertsSuppressionRuleName: "dismissIpAnomalyAlerts",
        comment: "Test VM",
        expirationDateUtc: "2019-12-01T19:50:47.083633Z",
        reason: "FalsePositive",
        state: "Enabled",
        suppressionAlertsScope: {
            allOf: [
                {
                    field: "entities.ip.address",
                },
                {
                    field: "entities.process.commandline",
                },
            ],
        },
    });
    
    resources:
      alertsSuppressionRule:
        type: azure-native:security:AlertsSuppressionRule
        properties:
          alertType: IpAnomaly
          alertsSuppressionRuleName: dismissIpAnomalyAlerts
          comment: Test VM
          expirationDateUtc: 2019-12-01T19:50:47.083633Z
          reason: FalsePositive
          state: Enabled
          suppressionAlertsScope:
            allOf:
              - field: entities.ip.address
              - field: entities.process.commandline
    

    Create AlertsSuppressionRule Resource

    new AlertsSuppressionRule(name: string, args: AlertsSuppressionRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AlertsSuppressionRule(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              alert_type: Optional[str] = None,
                              alerts_suppression_rule_name: Optional[str] = None,
                              comment: Optional[str] = None,
                              expiration_date_utc: Optional[str] = None,
                              reason: Optional[str] = None,
                              state: Optional[Union[str, RuleState]] = None,
                              suppression_alerts_scope: Optional[SuppressionAlertsScopeArgs] = None)
    @overload
    def AlertsSuppressionRule(resource_name: str,
                              args: AlertsSuppressionRuleArgs,
                              opts: Optional[ResourceOptions] = None)
    func NewAlertsSuppressionRule(ctx *Context, name string, args AlertsSuppressionRuleArgs, opts ...ResourceOption) (*AlertsSuppressionRule, error)
    public AlertsSuppressionRule(string name, AlertsSuppressionRuleArgs args, CustomResourceOptions? opts = null)
    public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args)
    public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args, CustomResourceOptions options)
    
    type: azure-native:security:AlertsSuppressionRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AlertsSuppressionRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AlertsSuppressionRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AlertsSuppressionRule resource accepts the following input properties:

    AlertType string

    Type of the alert to automatically suppress. For all alert types, use '*'

    Reason string

    The reason for dismissing the alert

    State string | Pulumi.AzureNative.Security.RuleState

    Possible states of the rule

    AlertsSuppressionRuleName string

    The unique name of the suppression alert rule

    Comment string

    Any comment regarding the rule

    ExpirationDateUtc string

    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

    SuppressionAlertsScope Pulumi.AzureNative.Security.Inputs.SuppressionAlertsScope

    The suppression conditions

    AlertType string

    Type of the alert to automatically suppress. For all alert types, use '*'

    Reason string

    The reason for dismissing the alert

    State string | RuleState

    Possible states of the rule

    AlertsSuppressionRuleName string

    The unique name of the suppression alert rule

    Comment string

    Any comment regarding the rule

    ExpirationDateUtc string

    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

    SuppressionAlertsScope SuppressionAlertsScopeArgs

    The suppression conditions

    alertType String

    Type of the alert to automatically suppress. For all alert types, use '*'

    reason String

    The reason for dismissing the alert

    state String | RuleState

    Possible states of the rule

    alertsSuppressionRuleName String

    The unique name of the suppression alert rule

    comment String

    Any comment regarding the rule

    expirationDateUtc String

    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

    suppressionAlertsScope SuppressionAlertsScope

    The suppression conditions

    alertType string

    Type of the alert to automatically suppress. For all alert types, use '*'

    reason string

    The reason for dismissing the alert

    state string | RuleState

    Possible states of the rule

    alertsSuppressionRuleName string

    The unique name of the suppression alert rule

    comment string

    Any comment regarding the rule

    expirationDateUtc string

    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

    suppressionAlertsScope SuppressionAlertsScope

    The suppression conditions

    alert_type str

    Type of the alert to automatically suppress. For all alert types, use '*'

    reason str

    The reason for dismissing the alert

    state str | RuleState

    Possible states of the rule

    alerts_suppression_rule_name str

    The unique name of the suppression alert rule

    comment str

    Any comment regarding the rule

    expiration_date_utc str

    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

    suppression_alerts_scope SuppressionAlertsScopeArgs

    The suppression conditions

    alertType String

    Type of the alert to automatically suppress. For all alert types, use '*'

    reason String

    The reason for dismissing the alert

    state String | "Enabled" | "Disabled" | "Expired"

    Possible states of the rule

    alertsSuppressionRuleName String

    The unique name of the suppression alert rule

    comment String

    Any comment regarding the rule

    expirationDateUtc String

    Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.

    suppressionAlertsScope Property Map

    The suppression conditions

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AlertsSuppressionRule resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    LastModifiedUtc string

    The last time this rule was modified

    Name string

    Resource name

    Type string

    Resource type

    Id string

    The provider-assigned unique ID for this managed resource.

    LastModifiedUtc string

    The last time this rule was modified

    Name string

    Resource name

    Type string

    Resource type

    id String

    The provider-assigned unique ID for this managed resource.

    lastModifiedUtc String

    The last time this rule was modified

    name String

    Resource name

    type String

    Resource type

    id string

    The provider-assigned unique ID for this managed resource.

    lastModifiedUtc string

    The last time this rule was modified

    name string

    Resource name

    type string

    Resource type

    id str

    The provider-assigned unique ID for this managed resource.

    last_modified_utc str

    The last time this rule was modified

    name str

    Resource name

    type str

    Resource type

    id String

    The provider-assigned unique ID for this managed resource.

    lastModifiedUtc String

    The last time this rule was modified

    name String

    Resource name

    type String

    Resource type

    Supporting Types

    RuleState, RuleStateArgs

    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    RuleStateEnabled
    Enabled
    RuleStateDisabled
    Disabled
    RuleStateExpired
    Expired
    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    Enabled
    Enabled
    Disabled
    Disabled
    Expired
    Expired
    ENABLED
    Enabled
    DISABLED
    Disabled
    EXPIRED
    Expired
    "Enabled"
    Enabled
    "Disabled"
    Disabled
    "Expired"
    Expired

    ScopeElement, ScopeElementArgs

    Field string

    The alert entity type to suppress by.

    Field string

    The alert entity type to suppress by.

    field String

    The alert entity type to suppress by.

    field string

    The alert entity type to suppress by.

    field str

    The alert entity type to suppress by.

    field String

    The alert entity type to suppress by.

    ScopeElementResponse, ScopeElementResponseArgs

    Field string

    The alert entity type to suppress by.

    Field string

    The alert entity type to suppress by.

    field String

    The alert entity type to suppress by.

    field string

    The alert entity type to suppress by.

    field str

    The alert entity type to suppress by.

    field String

    The alert entity type to suppress by.

    SuppressionAlertsScope, SuppressionAlertsScopeArgs

    AllOf List<Pulumi.AzureNative.Security.Inputs.ScopeElement>

    All the conditions inside need to be true in order to suppress the alert

    AllOf []ScopeElement

    All the conditions inside need to be true in order to suppress the alert

    allOf List<ScopeElement>

    All the conditions inside need to be true in order to suppress the alert

    allOf ScopeElement[]

    All the conditions inside need to be true in order to suppress the alert

    all_of Sequence[ScopeElement]

    All the conditions inside need to be true in order to suppress the alert

    allOf List<Property Map>

    All the conditions inside need to be true in order to suppress the alert

    SuppressionAlertsScopeResponse, SuppressionAlertsScopeResponseArgs

    AllOf List<Pulumi.AzureNative.Security.Inputs.ScopeElementResponse>

    All the conditions inside need to be true in order to suppress the alert

    AllOf []ScopeElementResponse

    All the conditions inside need to be true in order to suppress the alert

    allOf List<ScopeElementResponse>

    All the conditions inside need to be true in order to suppress the alert

    allOf ScopeElementResponse[]

    All the conditions inside need to be true in order to suppress the alert

    all_of Sequence[ScopeElementResponse]

    All the conditions inside need to be true in order to suppress the alert

    allOf List<Property Map>

    All the conditions inside need to be true in order to suppress the alert

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:security:AlertsSuppressionRule dismissIpAnomalyAlerts /subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.8.0 published on Monday, Sep 18, 2023 by Pulumi