azure-native.security.AlertsSuppressionRule
Explore with Pulumi AI
Describes the suppression rule Azure REST API version: 2019-01-01-preview. Prior API version in Azure Native 1.x: 2019-01-01-preview
Example Usage
Update or create suppression rule for subscription
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var alertsSuppressionRule = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRule", new()
{
AlertType = "IpAnomaly",
AlertsSuppressionRuleName = "dismissIpAnomalyAlerts",
Comment = "Test VM",
ExpirationDateUtc = "2019-12-01T19:50:47.083633Z",
Reason = "FalsePositive",
State = "Enabled",
SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
{
AllOf = new[]
{
new AzureNative.Security.Inputs.ScopeElementArgs
{
Field = "entities.ip.address",
},
new AzureNative.Security.Inputs.ScopeElementArgs
{
Field = "entities.process.commandline",
},
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRule", &security.AlertsSuppressionRuleArgs{
AlertType: pulumi.String("IpAnomaly"),
AlertsSuppressionRuleName: pulumi.String("dismissIpAnomalyAlerts"),
Comment: pulumi.String("Test VM"),
ExpirationDateUtc: pulumi.String("2019-12-01T19:50:47.083633Z"),
Reason: pulumi.String("FalsePositive"),
State: pulumi.String("Enabled"),
SuppressionAlertsScope: security.SuppressionAlertsScopeResponse{
AllOf: security.ScopeElementArray{
&security.ScopeElementArgs{
Field: pulumi.String("entities.ip.address"),
},
&security.ScopeElementArgs{
Field: pulumi.String("entities.process.commandline"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.AlertsSuppressionRule;
import com.pulumi.azurenative.security.AlertsSuppressionRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var alertsSuppressionRule = new AlertsSuppressionRule("alertsSuppressionRule", AlertsSuppressionRuleArgs.builder()
.alertType("IpAnomaly")
.alertsSuppressionRuleName("dismissIpAnomalyAlerts")
.comment("Test VM")
.expirationDateUtc("2019-12-01T19:50:47.083633Z")
.reason("FalsePositive")
.state("Enabled")
.suppressionAlertsScope(Map.of("allOf",
Map.of("field", "entities.ip.address"),
Map.of("field", "entities.process.commandline")))
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
alerts_suppression_rule = azure_native.security.AlertsSuppressionRule("alertsSuppressionRule",
alert_type="IpAnomaly",
alerts_suppression_rule_name="dismissIpAnomalyAlerts",
comment="Test VM",
expiration_date_utc="2019-12-01T19:50:47.083633Z",
reason="FalsePositive",
state="Enabled",
suppression_alerts_scope=azure_native.security.SuppressionAlertsScopeResponseArgs(
all_of=[
azure_native.security.ScopeElementArgs(
field="entities.ip.address",
),
azure_native.security.ScopeElementArgs(
field="entities.process.commandline",
),
],
))
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const alertsSuppressionRule = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRule", {
alertType: "IpAnomaly",
alertsSuppressionRuleName: "dismissIpAnomalyAlerts",
comment: "Test VM",
expirationDateUtc: "2019-12-01T19:50:47.083633Z",
reason: "FalsePositive",
state: "Enabled",
suppressionAlertsScope: {
allOf: [
{
field: "entities.ip.address",
},
{
field: "entities.process.commandline",
},
],
},
});
resources:
alertsSuppressionRule:
type: azure-native:security:AlertsSuppressionRule
properties:
alertType: IpAnomaly
alertsSuppressionRuleName: dismissIpAnomalyAlerts
comment: Test VM
expirationDateUtc: 2019-12-01T19:50:47.083633Z
reason: FalsePositive
state: Enabled
suppressionAlertsScope:
allOf:
- field: entities.ip.address
- field: entities.process.commandline
Create AlertsSuppressionRule Resource
new AlertsSuppressionRule(name: string, args: AlertsSuppressionRuleArgs, opts?: CustomResourceOptions);
@overload
def AlertsSuppressionRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
alert_type: Optional[str] = None,
alerts_suppression_rule_name: Optional[str] = None,
comment: Optional[str] = None,
expiration_date_utc: Optional[str] = None,
reason: Optional[str] = None,
state: Optional[Union[str, RuleState]] = None,
suppression_alerts_scope: Optional[SuppressionAlertsScopeArgs] = None)
@overload
def AlertsSuppressionRule(resource_name: str,
args: AlertsSuppressionRuleArgs,
opts: Optional[ResourceOptions] = None)
func NewAlertsSuppressionRule(ctx *Context, name string, args AlertsSuppressionRuleArgs, opts ...ResourceOption) (*AlertsSuppressionRule, error)
public AlertsSuppressionRule(string name, AlertsSuppressionRuleArgs args, CustomResourceOptions? opts = null)
public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args)
public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args, CustomResourceOptions options)
type: azure-native:security:AlertsSuppressionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AlertsSuppressionRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AlertsSuppressionRule resource accepts the following input properties:
- Alert
Type string Type of the alert to automatically suppress. For all alert types, use '*'
- Reason string
The reason for dismissing the alert
- State
string | Pulumi.
Azure Native. Security. Rule State Possible states of the rule
- Alerts
Suppression stringRule Name The unique name of the suppression alert rule
- Comment string
Any comment regarding the rule
- Expiration
Date stringUtc Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
- Suppression
Alerts Pulumi.Scope Azure Native. Security. Inputs. Suppression Alerts Scope The suppression conditions
- Alert
Type string Type of the alert to automatically suppress. For all alert types, use '*'
- Reason string
The reason for dismissing the alert
- State
string | Rule
State Possible states of the rule
- Alerts
Suppression stringRule Name The unique name of the suppression alert rule
- Comment string
Any comment regarding the rule
- Expiration
Date stringUtc Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
- Suppression
Alerts SuppressionScope Alerts Scope Args The suppression conditions
- alert
Type String Type of the alert to automatically suppress. For all alert types, use '*'
- reason String
The reason for dismissing the alert
- state
String | Rule
State Possible states of the rule
- alerts
Suppression StringRule Name The unique name of the suppression alert rule
- comment String
Any comment regarding the rule
- expiration
Date StringUtc Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
- suppression
Alerts SuppressionScope Alerts Scope The suppression conditions
- alert
Type string Type of the alert to automatically suppress. For all alert types, use '*'
- reason string
The reason for dismissing the alert
- state
string | Rule
State Possible states of the rule
- alerts
Suppression stringRule Name The unique name of the suppression alert rule
- comment string
Any comment regarding the rule
- expiration
Date stringUtc Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
- suppression
Alerts SuppressionScope Alerts Scope The suppression conditions
- alert_
type str Type of the alert to automatically suppress. For all alert types, use '*'
- reason str
The reason for dismissing the alert
- state
str | Rule
State Possible states of the rule
- alerts_
suppression_ strrule_ name The unique name of the suppression alert rule
- comment str
Any comment regarding the rule
- expiration_
date_ strutc Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
- suppression_
alerts_ Suppressionscope Alerts Scope Args The suppression conditions
- alert
Type String Type of the alert to automatically suppress. For all alert types, use '*'
- reason String
The reason for dismissing the alert
- state String | "Enabled" | "Disabled" | "Expired"
Possible states of the rule
- alerts
Suppression StringRule Name The unique name of the suppression alert rule
- comment String
Any comment regarding the rule
- expiration
Date StringUtc Expiration date of the rule, if value is not provided or provided as null this field will default to the maximum allowed expiration date.
- suppression
Alerts Property MapScope The suppression conditions
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertsSuppressionRule resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc The last time this rule was modified
- Name string
Resource name
- Type string
Resource type
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc The last time this rule was modified
- Name string
Resource name
- Type string
Resource type
- id String
The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc The last time this rule was modified
- name String
Resource name
- type String
Resource type
- id string
The provider-assigned unique ID for this managed resource.
- last
Modified stringUtc The last time this rule was modified
- name string
Resource name
- type string
Resource type
- id str
The provider-assigned unique ID for this managed resource.
- last_
modified_ strutc The last time this rule was modified
- name str
Resource name
- type str
Resource type
- id String
The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc The last time this rule was modified
- name String
Resource name
- type String
Resource type
Supporting Types
RuleState, RuleStateArgs
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- Rule
State Enabled - Enabled
- Rule
State Disabled - Disabled
- Rule
State Expired - Expired
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- ENABLED
- Enabled
- DISABLED
- Disabled
- EXPIRED
- Expired
- "Enabled"
- Enabled
- "Disabled"
- Disabled
- "Expired"
- Expired
ScopeElement, ScopeElementArgs
- Field string
The alert entity type to suppress by.
- Field string
The alert entity type to suppress by.
- field String
The alert entity type to suppress by.
- field string
The alert entity type to suppress by.
- field str
The alert entity type to suppress by.
- field String
The alert entity type to suppress by.
ScopeElementResponse, ScopeElementResponseArgs
- Field string
The alert entity type to suppress by.
- Field string
The alert entity type to suppress by.
- field String
The alert entity type to suppress by.
- field string
The alert entity type to suppress by.
- field str
The alert entity type to suppress by.
- field String
The alert entity type to suppress by.
SuppressionAlertsScope, SuppressionAlertsScopeArgs
- All
Of List<Pulumi.Azure Native. Security. Inputs. Scope Element> All the conditions inside need to be true in order to suppress the alert
- All
Of []ScopeElement All the conditions inside need to be true in order to suppress the alert
- all
Of List<ScopeElement> All the conditions inside need to be true in order to suppress the alert
- all
Of ScopeElement[] All the conditions inside need to be true in order to suppress the alert
- all_
of Sequence[ScopeElement] All the conditions inside need to be true in order to suppress the alert
- all
Of List<Property Map> All the conditions inside need to be true in order to suppress the alert
SuppressionAlertsScopeResponse, SuppressionAlertsScopeResponseArgs
- All
Of List<Pulumi.Azure Native. Security. Inputs. Scope Element Response> All the conditions inside need to be true in order to suppress the alert
- All
Of []ScopeElement Response All the conditions inside need to be true in order to suppress the alert
- all
Of List<ScopeElement Response> All the conditions inside need to be true in order to suppress the alert
- all
Of ScopeElement Response[] All the conditions inside need to be true in order to suppress the alert
- all_
of Sequence[ScopeElement Response] All the conditions inside need to be true in order to suppress the alert
- all
Of List<Property Map> All the conditions inside need to be true in order to suppress the alert
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:security:AlertsSuppressionRule dismissIpAnomalyAlerts /subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName}
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0