azure-native.securityinsights.AutomationRule

Azure Native v3.13.0, Jan 28 26

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.13.0 published on Wednesday, Jan 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure-native

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.13.0 published on Wednesday, Jan 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure-native

Other available API versions: 2023-02-01, 2023-03-01-preview, 2023-04-01-preview, 2023-05-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview, 2024-10-01-preview, 2025-01-01-preview, 2025-03-01, 2025-04-01-preview, 2025-06-01, 2025-07-01-preview, 2025-09-01. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native securityinsights [ApiVersion]. See the version guide for details.

Example Usage

AutomationRules_CreateOrUpdate

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
    {
        AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        ResourceGroupName = "myRg",
        WorkspaceName = "myWorkspace",
    });

});

package main

import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
			AutomationRuleId:  pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			ResourceGroupName: pulumi.String("myRg"),
			WorkspaceName:     pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()
            .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .resourceGroupName("myRg")
            .workspaceName("myWorkspace")
            .build());

    }
}

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
    automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    resourceGroupName: "myRg",
    workspaceName: "myWorkspace",
});

import pulumi
import pulumi_azure_native as azure_native

automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
    automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    resource_group_name="myRg",
    workspace_name="myWorkspace")

resources:
  automationRule:
    type: azure-native:securityinsights:AutomationRule
    properties:
      automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
      resourceGroupName: myRg
      workspaceName: myWorkspace

Create AutomationRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);

@overload
def AutomationRule(resource_name: str,
                   args: AutomationRuleArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def AutomationRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   actions: Optional[Sequence[Union[AutomationRuleAddIncidentTaskActionArgs, AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                   display_name: Optional[str] = None,
                   order: Optional[int] = None,
                   resource_group_name: Optional[str] = None,
                   triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                   workspace_name: Optional[str] = None,
                   automation_rule_id: Optional[str] = None)

func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)

public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)

public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)

type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var automationRuleResource = new AzureNative.SecurityInsights.AutomationRule("automationRuleResource", new()
{
    Actions = new[]
    {
        new AzureNative.SecurityInsights.Inputs.AutomationRuleAddIncidentTaskActionArgs
        {
            ActionType = "AddIncidentTask",
            Order = 0,
            ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AddIncidentTaskActionPropertiesArgs
            {
                Title = "string",
                Description = "string",
            },
        },
    },
    DisplayName = "string",
    Order = 0,
    ResourceGroupName = "string",
    TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
    {
        IsEnabled = false,
        TriggersOn = "string",
        TriggersWhen = "string",
        Conditions = new[]
        {
            new AzureNative.SecurityInsights.Inputs.BooleanConditionPropertiesArgs
            {
                ConditionType = "Boolean",
                ConditionProperties = new AzureNative.SecurityInsights.Inputs.AutomationRuleBooleanConditionArgs
                {
                    InnerConditions = new[]
                    {
                        booleanConditionProperties,
                    },
                    Operator = "string",
                },
            },
        },
        ExpirationTimeUtc = "string",
    },
    WorkspaceName = "string",
    AutomationRuleId = "string",
});

example, err := securityinsights.NewAutomationRule(ctx, "automationRuleResource", &securityinsights.AutomationRuleArgs{
	Actions: pulumi.Array{
		securityinsights.AutomationRuleAddIncidentTaskAction{
			ActionType: "AddIncidentTask",
			Order:      0,
			ActionConfiguration: securityinsights.AddIncidentTaskActionProperties{
				Title:       "string",
				Description: "string",
			},
		},
	},
	DisplayName:       pulumi.String("string"),
	Order:             pulumi.Int(0),
	ResourceGroupName: pulumi.String("string"),
	TriggeringLogic: &securityinsights.AutomationRuleTriggeringLogicArgs{
		IsEnabled:    pulumi.Bool(false),
		TriggersOn:   pulumi.String("string"),
		TriggersWhen: pulumi.String("string"),
		Conditions: pulumi.Array{
			securityinsights.BooleanConditionProperties{
				ConditionType: "Boolean",
				ConditionProperties: securityinsights.AutomationRuleBooleanCondition{
					InnerConditions: []interface{}{
						booleanConditionProperties,
					},
					Operator: "string",
				},
			},
		},
		ExpirationTimeUtc: pulumi.String("string"),
	},
	WorkspaceName:    pulumi.String("string"),
	AutomationRuleId: pulumi.String("string"),
})

var automationRuleResource = new AutomationRule("automationRuleResource", AutomationRuleArgs.builder()
    .actions(AutomationRuleAddIncidentTaskActionArgs.builder()
        .actionType("AddIncidentTask")
        .order(0)
        .actionConfiguration(AddIncidentTaskActionPropertiesArgs.builder()
            .title("string")
            .description("string")
            .build())
        .build())
    .displayName("string")
    .order(0)
    .resourceGroupName("string")
    .triggeringLogic(AutomationRuleTriggeringLogicArgs.builder()
        .isEnabled(false)
        .triggersOn("string")
        .triggersWhen("string")
        .conditions(Map.ofEntries(
            Map.entry("conditionType", "Boolean"),
            Map.entry("conditionProperties", Map.ofEntries(
                Map.entry("innerConditions", booleanConditionProperties),
                Map.entry("operator", "string")
            ))
        ))
        .expirationTimeUtc("string")
        .build())
    .workspaceName("string")
    .automationRuleId("string")
    .build());

automation_rule_resource = azure_native.securityinsights.AutomationRule("automationRuleResource",
    actions=[{
        "action_type": "AddIncidentTask",
        "order": 0,
        "action_configuration": {
            "title": "string",
            "description": "string",
        },
    }],
    display_name="string",
    order=0,
    resource_group_name="string",
    triggering_logic={
        "is_enabled": False,
        "triggers_on": "string",
        "triggers_when": "string",
        "conditions": [{
            "condition_type": "Boolean",
            "condition_properties": {
                "inner_conditions": [boolean_condition_properties],
                "operator": "string",
            },
        }],
        "expiration_time_utc": "string",
    },
    workspace_name="string",
    automation_rule_id="string")

const automationRuleResource = new azure_native.securityinsights.AutomationRule("automationRuleResource", {
    actions: [{
        actionType: "AddIncidentTask",
        order: 0,
        actionConfiguration: {
            title: "string",
            description: "string",
        },
    }],
    displayName: "string",
    order: 0,
    resourceGroupName: "string",
    triggeringLogic: {
        isEnabled: false,
        triggersOn: "string",
        triggersWhen: "string",
        conditions: [{
            conditionType: "Boolean",
            conditionProperties: {
                innerConditions: [booleanConditionProperties],
                operator: "string",
            },
        }],
        expirationTimeUtc: "string",
    },
    workspaceName: "string",
    automationRuleId: "string",
});

type: azure-native:securityinsights:AutomationRule
properties:
    actions:
        - actionConfiguration:
            description: string
            title: string
          actionType: AddIncidentTask
          order: 0
    automationRuleId: string
    displayName: string
    order: 0
    resourceGroupName: string
    triggeringLogic:
        conditions:
            - conditionProperties:
                innerConditions:
                    - ${booleanConditionProperties}
                operator: string
              conditionType: Boolean
        expirationTimeUtc: string
        isEnabled: false
        triggersOn: string
        triggersWhen: string
    workspaceName: string

AutomationRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AutomationRule resource accepts the following input properties:

Actions List<object>: The actions to execute when the automation rule is triggered.
DisplayName string: The display name of the automation rule.
Order int: The order of execution of the automation rule.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
TriggeringLogic Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
WorkspaceName string: The name of the workspace.
AutomationRuleId string: Automation rule ID

Actions []interface{}: The actions to execute when the automation rule is triggered.
DisplayName string: The display name of the automation rule.
Order int: The order of execution of the automation rule.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
TriggeringLogic AutomationRuleTriggeringLogicArgs: Describes automation rule triggering logic.
WorkspaceName string: The name of the workspace.
AutomationRuleId string: Automation rule ID

actions List<Object>: The actions to execute when the automation rule is triggered.
displayName String: The display name of the automation rule.
order Integer: The order of execution of the automation rule.
resourceGroupName String: The name of the resource group. The name is case insensitive.
triggeringLogic AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
workspaceName String: The name of the workspace.
automationRuleId String: Automation rule ID

actions (AutomationRuleAddIncidentTaskAction | AutomationRuleModifyPropertiesActionArgs | AutomationRuleRunPlaybookActionArgs)[]: The actions to execute when the automation rule is triggered.
displayName string: The display name of the automation rule.
order number: The order of execution of the automation rule.
resourceGroupName string: The name of the resource group. The name is case insensitive.
triggeringLogic AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
workspaceName string: The name of the workspace.
automationRuleId string: Automation rule ID

actions Sequence[Union[AutomationRuleAddIncidentTaskActionArgs, AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]: The actions to execute when the automation rule is triggered.
display_name str: The display name of the automation rule.
order int: The order of execution of the automation rule.
resource_group_name str: The name of the resource group. The name is case insensitive.
triggering_logic AutomationRuleTriggeringLogicArgs: Describes automation rule triggering logic.
workspace_name str: The name of the workspace.
automation_rule_id str: Automation rule ID

actions List<Property Map | Property Map | Property Map>: The actions to execute when the automation rule is triggered.
displayName String: The display name of the automation rule.
order Number: The order of execution of the automation rule.
resourceGroupName String: The name of the resource group. The name is case insensitive.
triggeringLogic Property Map: Describes automation rule triggering logic.
workspaceName String: The name of the workspace.
automationRuleId String: Automation rule ID

Outputs

All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

AzureApiVersion string: The Azure API version of the resource.
CreatedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse: Information on the client (user or application) that made some action
CreatedTimeUtc string: The time the automation rule was created.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse: Information on the client (user or application) that made some action
LastModifiedTimeUtc string: The last time the automation rule was updated.
Name string: The name of the resource
SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Etag string: Etag of the azure resource

AzureApiVersion string: The Azure API version of the resource.
CreatedBy ClientInfoResponse: Information on the client (user or application) that made some action
CreatedTimeUtc string: The time the automation rule was created.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
LastModifiedTimeUtc string: The last time the automation rule was updated.
Name string: The name of the resource
SystemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Etag string: Etag of the azure resource

azureApiVersion String: The Azure API version of the resource.
createdBy ClientInfoResponse: Information on the client (user or application) that made some action
createdTimeUtc String: The time the automation rule was created.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
lastModifiedTimeUtc String: The last time the automation rule was updated.
name String: The name of the resource
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag String: Etag of the azure resource

azureApiVersion string: The Azure API version of the resource.
createdBy ClientInfoResponse: Information on the client (user or application) that made some action
createdTimeUtc string: The time the automation rule was created.
id string: The provider-assigned unique ID for this managed resource.
lastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
lastModifiedTimeUtc string: The last time the automation rule was updated.
name string: The name of the resource
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag string: Etag of the azure resource

azure_api_version str: The Azure API version of the resource.
created_by ClientInfoResponse: Information on the client (user or application) that made some action
created_time_utc str: The time the automation rule was created.
id str: The provider-assigned unique ID for this managed resource.
last_modified_by ClientInfoResponse: Information on the client (user or application) that made some action
last_modified_time_utc str: The last time the automation rule was updated.
name str: The name of the resource
system_data SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type str: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag str: Etag of the azure resource

azureApiVersion String: The Azure API version of the resource.
createdBy Property Map: Information on the client (user or application) that made some action
createdTimeUtc String: The time the automation rule was created.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy Property Map: Information on the client (user or application) that made some action
lastModifiedTimeUtc String: The last time the automation rule was updated.
name String: The name of the resource
systemData Property Map: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag String: Etag of the azure resource

Supporting Types

AddIncidentTaskActionProperties, AddIncidentTaskActionPropertiesArgs

Describes an automation rule action to add a task to an incident.

Title string: The title of the task.
Description string: The description of the task.

Title string: The title of the task.
Description string: The description of the task.

title String: The title of the task.
description String: The description of the task.

title string: The title of the task.
description string: The description of the task.

title str: The title of the task.
description str: The description of the task.

title String: The title of the task.
description String: The description of the task.

AddIncidentTaskActionPropertiesResponse, AddIncidentTaskActionPropertiesResponseArgs

Describes an automation rule action to add a task to an incident.

Title string: The title of the task.
Description string: The description of the task.

Title string: The title of the task.
Description string: The description of the task.

title String: The title of the task.
description String: The description of the task.

title string: The title of the task.
description string: The description of the task.

title str: The title of the task.
description str: The description of the task.

title String: The title of the task.
description String: The description of the task.

AutomationRuleAddIncidentTaskAction, AutomationRuleAddIncidentTaskActionArgs

Describes an automation rule action to add a task to an incident

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AddIncidentTaskActionProperties: Describes an automation rule action to add a task to an incident.

Order int
ActionConfiguration AddIncidentTaskActionProperties: Describes an automation rule action to add a task to an incident.

order Integer
actionConfiguration AddIncidentTaskActionProperties: Describes an automation rule action to add a task to an incident.

order number
actionConfiguration AddIncidentTaskActionProperties: Describes an automation rule action to add a task to an incident.

order int
action_configuration AddIncidentTaskActionProperties: Describes an automation rule action to add a task to an incident.

order Number
actionConfiguration Property Map: Describes an automation rule action to add a task to an incident.

AutomationRuleAddIncidentTaskActionResponse, AutomationRuleAddIncidentTaskActionResponseArgs

Describes an automation rule action to add a task to an incident

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AddIncidentTaskActionPropertiesResponse: Describes an automation rule action to add a task to an incident.

Order int
ActionConfiguration AddIncidentTaskActionPropertiesResponse: Describes an automation rule action to add a task to an incident.

order Integer
actionConfiguration AddIncidentTaskActionPropertiesResponse: Describes an automation rule action to add a task to an incident.

order number
actionConfiguration AddIncidentTaskActionPropertiesResponse: Describes an automation rule action to add a task to an incident.

order int
action_configuration AddIncidentTaskActionPropertiesResponse: Describes an automation rule action to add a task to an incident.

order Number
actionConfiguration Property Map: Describes an automation rule action to add a task to an incident.

AutomationRuleBooleanCondition, AutomationRuleBooleanConditionArgs

Describes an automation rule condition with boolean operators.

InnerConditions List<object>
Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRuleBooleanConditionSupportedOperator: Describes a boolean condition operator.

InnerConditions []interface{}
Operator string | AutomationRuleBooleanConditionSupportedOperator: Describes a boolean condition operator.

innerConditions List<Object>
operator String | AutomationRuleBooleanConditionSupportedOperator: Describes a boolean condition operator.

innerConditions (BooleanConditionProperties | PropertyArrayChangedConditionProperties | PropertyArrayConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties)[]
operator string | AutomationRuleBooleanConditionSupportedOperator: Describes a boolean condition operator.

inner_conditions Sequence[Union[BooleanConditionProperties, PropertyArrayChangedConditionProperties, PropertyArrayConditionProperties, PropertyChangedConditionProperties, PropertyConditionProperties]]
operator str | AutomationRuleBooleanConditionSupportedOperator: Describes a boolean condition operator.

innerConditions List<Property Map | Property Map | Property Map | Property Map | Property Map>
operator String | "And" | "Or": Describes a boolean condition operator.

AutomationRuleBooleanConditionResponse, AutomationRuleBooleanConditionResponseArgs

Describes an automation rule condition with boolean operators.

InnerConditions List<object>
Operator string: Describes a boolean condition operator.

InnerConditions []interface{}
Operator string: Describes a boolean condition operator.

innerConditions List<Object>
operator String: Describes a boolean condition operator.

innerConditions (BooleanConditionPropertiesResponse | PropertyArrayChangedConditionPropertiesResponse | PropertyArrayConditionPropertiesResponse | PropertyChangedConditionPropertiesResponse | PropertyConditionPropertiesResponse)[]
operator string: Describes a boolean condition operator.

inner_conditions Sequence[Union[BooleanConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponse, PropertyArrayConditionPropertiesResponse, PropertyChangedConditionPropertiesResponse, PropertyConditionPropertiesResponse]]
operator str: Describes a boolean condition operator.

innerConditions List<Property Map | Property Map | Property Map | Property Map | Property Map>
operator String: Describes a boolean condition operator.

AutomationRuleBooleanConditionSupportedOperator, AutomationRuleBooleanConditionSupportedOperatorArgs

And: And Evaluates as true if all the item conditions are evaluated as true
Or: Or Evaluates as true if at least one of the item conditions are evaluated as true

AutomationRuleBooleanConditionSupportedOperatorAnd: And Evaluates as true if all the item conditions are evaluated as true
AutomationRuleBooleanConditionSupportedOperatorOr: Or Evaluates as true if at least one of the item conditions are evaluated as true

And: And Evaluates as true if all the item conditions are evaluated as true
Or: Or Evaluates as true if at least one of the item conditions are evaluated as true

And: And Evaluates as true if all the item conditions are evaluated as true
Or: Or Evaluates as true if at least one of the item conditions are evaluated as true

AND_: And Evaluates as true if all the item conditions are evaluated as true
OR_: Or Evaluates as true if at least one of the item conditions are evaluated as true

"And": And Evaluates as true if all the item conditions are evaluated as true
"Or": Or Evaluates as true if at least one of the item conditions are evaluated as true

AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

Describes an automation rule action to modify an object's properties

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.IncidentPropertiesAction

Order int
ActionConfiguration IncidentPropertiesAction

order Integer
actionConfiguration IncidentPropertiesAction

order number
actionConfiguration IncidentPropertiesAction

order int
action_configuration IncidentPropertiesAction

order Number
actionConfiguration Property Map

AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

Describes an automation rule action to modify an object's properties

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.IncidentPropertiesActionResponse

Order int
ActionConfiguration IncidentPropertiesActionResponse

order Integer
actionConfiguration IncidentPropertiesActionResponse

order number
actionConfiguration IncidentPropertiesActionResponse

order int
action_configuration IncidentPropertiesActionResponse

order Number
actionConfiguration Property Map

AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs

Alerts: Alerts Evaluate the condition on the alerts
Labels: Labels Evaluate the condition on the labels
Tactics: Tactics Evaluate the condition on the tactics
Comments: Comments Evaluate the condition on the comments

AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts: Alerts Evaluate the condition on the alerts
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels: Labels Evaluate the condition on the labels
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics: Tactics Evaluate the condition on the tactics
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments: Comments Evaluate the condition on the comments

Alerts: Alerts Evaluate the condition on the alerts
Labels: Labels Evaluate the condition on the labels
Tactics: Tactics Evaluate the condition on the tactics
Comments: Comments Evaluate the condition on the comments

Alerts: Alerts Evaluate the condition on the alerts
Labels: Labels Evaluate the condition on the labels
Tactics: Tactics Evaluate the condition on the tactics
Comments: Comments Evaluate the condition on the comments

ALERTS: Alerts Evaluate the condition on the alerts
LABELS: Labels Evaluate the condition on the labels
TACTICS: Tactics Evaluate the condition on the tactics
COMMENTS: Comments Evaluate the condition on the comments

"Alerts": Alerts Evaluate the condition on the alerts
"Labels": Labels Evaluate the condition on the labels
"Tactics": Tactics Evaluate the condition on the tactics
"Comments": Comments Evaluate the condition on the comments

AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs

Added: Added Evaluate the condition on items added to the array

AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded: Added Evaluate the condition on items added to the array

Added: Added Evaluate the condition on items added to the array

Added: Added Evaluate the condition on items added to the array

ADDED: Added Evaluate the condition on items added to the array

"Added": Added Evaluate the condition on items added to the array

AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs

ArrayType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyArrayChangedConditionSupportedArrayType
ChangeType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyArrayChangedConditionSupportedChangeType

ArrayType string | AutomationRulePropertyArrayChangedConditionSupportedArrayType
ChangeType string | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType String | AutomationRulePropertyArrayChangedConditionSupportedArrayType
changeType String | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType string | AutomationRulePropertyArrayChangedConditionSupportedArrayType
changeType string | AutomationRulePropertyArrayChangedConditionSupportedChangeType

array_type str | AutomationRulePropertyArrayChangedConditionSupportedArrayType
change_type str | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType String | "Alerts" | "Labels" | "Tactics" | "Comments"
changeType String | "Added"

AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs

ArrayType string
ChangeType string

ArrayType string
ChangeType string

arrayType String
changeType String

arrayType string
changeType string

array_type str
change_type str

arrayType String
changeType String

AutomationRulePropertyArrayConditionSupportedArrayConditionType, AutomationRulePropertyArrayConditionSupportedArrayConditionTypeArgs

AnyItem: AnyItem Evaluate the condition as true if any item fulfills it

AutomationRulePropertyArrayConditionSupportedArrayConditionTypeAnyItem: AnyItem Evaluate the condition as true if any item fulfills it

AnyItem: AnyItem Evaluate the condition as true if any item fulfills it

AnyItem: AnyItem Evaluate the condition as true if any item fulfills it

ANY_ITEM: AnyItem Evaluate the condition as true if any item fulfills it

"AnyItem": AnyItem Evaluate the condition as true if any item fulfills it

AutomationRulePropertyArrayConditionSupportedArrayType, AutomationRulePropertyArrayConditionSupportedArrayTypeArgs

CustomDetails: CustomDetails Evaluate the condition on the custom detail keys
CustomDetailValues: CustomDetailValues Evaluate the condition on a custom detail's values

AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetails: CustomDetails Evaluate the condition on the custom detail keys
AutomationRulePropertyArrayConditionSupportedArrayTypeCustomDetailValues: CustomDetailValues Evaluate the condition on a custom detail's values

CustomDetails: CustomDetails Evaluate the condition on the custom detail keys
CustomDetailValues: CustomDetailValues Evaluate the condition on a custom detail's values

CustomDetails: CustomDetails Evaluate the condition on the custom detail keys
CustomDetailValues: CustomDetailValues Evaluate the condition on a custom detail's values

CUSTOM_DETAILS: CustomDetails Evaluate the condition on the custom detail keys
CUSTOM_DETAIL_VALUES: CustomDetailValues Evaluate the condition on a custom detail's values

"CustomDetails": CustomDetails Evaluate the condition on the custom detail keys
"CustomDetailValues": CustomDetailValues Evaluate the condition on a custom detail's values

AutomationRulePropertyArrayValuesCondition, AutomationRulePropertyArrayValuesConditionArgs

Describes an automation rule condition on array properties.

ArrayConditionType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyArrayConditionSupportedArrayConditionType: Describes an array condition evaluation type.
ArrayType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyArrayConditionSupportedArrayType: Describes an array condition evaluated array type.
ItemConditions List<object>

ArrayConditionType string | AutomationRulePropertyArrayConditionSupportedArrayConditionType: Describes an array condition evaluation type.
ArrayType string | AutomationRulePropertyArrayConditionSupportedArrayType: Describes an array condition evaluated array type.
ItemConditions []interface{}

arrayConditionType String | AutomationRulePropertyArrayConditionSupportedArrayConditionType: Describes an array condition evaluation type.
arrayType String | AutomationRulePropertyArrayConditionSupportedArrayType: Describes an array condition evaluated array type.
itemConditions List<Object>

arrayConditionType string | AutomationRulePropertyArrayConditionSupportedArrayConditionType: Describes an array condition evaluation type.
arrayType string | AutomationRulePropertyArrayConditionSupportedArrayType: Describes an array condition evaluated array type.
itemConditions (BooleanConditionProperties | PropertyArrayChangedConditionProperties | PropertyArrayConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties)[]

array_condition_type str | AutomationRulePropertyArrayConditionSupportedArrayConditionType: Describes an array condition evaluation type.
array_type str | AutomationRulePropertyArrayConditionSupportedArrayType: Describes an array condition evaluated array type.
item_conditions Sequence[Union[BooleanConditionProperties, PropertyArrayChangedConditionProperties, PropertyArrayConditionProperties, PropertyChangedConditionProperties, PropertyConditionProperties]]

arrayConditionType String | "AnyItem": Describes an array condition evaluation type.
arrayType String | "CustomDetails" | "CustomDetailValues": Describes an array condition evaluated array type.
itemConditions List<Property Map | Property Map | Property Map | Property Map | Property Map>

AutomationRulePropertyArrayValuesConditionResponse, AutomationRulePropertyArrayValuesConditionResponseArgs

Describes an automation rule condition on array properties.

ArrayConditionType string: Describes an array condition evaluation type.
ArrayType string: Describes an array condition evaluated array type.
ItemConditions List<object>

ArrayConditionType string: Describes an array condition evaluation type.
ArrayType string: Describes an array condition evaluated array type.
ItemConditions []interface{}

arrayConditionType String: Describes an array condition evaluation type.
arrayType String: Describes an array condition evaluated array type.
itemConditions List<Object>

arrayConditionType string: Describes an array condition evaluation type.
arrayType string: Describes an array condition evaluated array type.
itemConditions (BooleanConditionPropertiesResponse | PropertyArrayChangedConditionPropertiesResponse | PropertyArrayConditionPropertiesResponse | PropertyChangedConditionPropertiesResponse | PropertyConditionPropertiesResponse)[]

array_condition_type str: Describes an array condition evaluation type.
array_type str: Describes an array condition evaluated array type.
item_conditions Sequence[Union[BooleanConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponse, PropertyArrayConditionPropertiesResponse, PropertyChangedConditionPropertiesResponse, PropertyConditionPropertiesResponse]]

arrayConditionType String: Describes an array condition evaluation type.
arrayType String: Describes an array condition evaluated array type.
itemConditions List<Property Map | Property Map | Property Map | Property Map | Property Map>

AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs

ChangedFrom: ChangedFrom Evaluate the condition on the previous value of the property
ChangedTo: ChangedTo Evaluate the condition on the updated value of the property

AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom: ChangedFrom Evaluate the condition on the previous value of the property
AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo: ChangedTo Evaluate the condition on the updated value of the property

ChangedFrom: ChangedFrom Evaluate the condition on the previous value of the property
ChangedTo: ChangedTo Evaluate the condition on the updated value of the property

ChangedFrom: ChangedFrom Evaluate the condition on the previous value of the property
ChangedTo: ChangedTo Evaluate the condition on the updated value of the property

CHANGED_FROM: ChangedFrom Evaluate the condition on the previous value of the property
CHANGED_TO: ChangedTo Evaluate the condition on the updated value of the property

"ChangedFrom": ChangedFrom Evaluate the condition on the previous value of the property
"ChangedTo": ChangedTo Evaluate the condition on the updated value of the property

AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs

IncidentSeverity: IncidentSeverity Evaluate the condition on the incident severity
IncidentStatus: IncidentStatus Evaluate the condition on the incident status
IncidentOwner: IncidentOwner Evaluate the condition on the incident owner

AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity: IncidentSeverity Evaluate the condition on the incident severity
AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus: IncidentStatus Evaluate the condition on the incident status
AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner: IncidentOwner Evaluate the condition on the incident owner

IncidentSeverity: IncidentSeverity Evaluate the condition on the incident severity
IncidentStatus: IncidentStatus Evaluate the condition on the incident status
IncidentOwner: IncidentOwner Evaluate the condition on the incident owner

IncidentSeverity: IncidentSeverity Evaluate the condition on the incident severity
IncidentStatus: IncidentStatus Evaluate the condition on the incident status
IncidentOwner: IncidentOwner Evaluate the condition on the incident owner

INCIDENT_SEVERITY: IncidentSeverity Evaluate the condition on the incident severity
INCIDENT_STATUS: IncidentStatus Evaluate the condition on the incident status
INCIDENT_OWNER: IncidentOwner Evaluate the condition on the incident owner

"IncidentSeverity": IncidentSeverity Evaluate the condition on the incident severity
"IncidentStatus": IncidentStatus Evaluate the condition on the incident status
"IncidentOwner": IncidentOwner Evaluate the condition on the incident owner

AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

EqualsValue: Equals Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals Evaluates if the property does not equal any of the condition values
Contains: Contains Evaluates if the property contains at least one of the condition values
NotContains: NotContains Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith Evaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedOperatorEquals: Equals Evaluates if the property equals at least one of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEquals: NotEquals Evaluates if the property does not equal any of the condition values
AutomationRulePropertyConditionSupportedOperatorContains: Contains Evaluates if the property contains at least one of the condition values
AutomationRulePropertyConditionSupportedOperatorNotContains: NotContains Evaluates if the property does not contain any of the condition values
AutomationRulePropertyConditionSupportedOperatorStartsWith: StartsWith Evaluates if the property starts with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotStartsWith: NotStartsWith Evaluates if the property does not start with any of the condition values
AutomationRulePropertyConditionSupportedOperatorEndsWith: EndsWith Evaluates if the property ends with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEndsWith: NotEndsWith Evaluates if the property does not end with any of the condition values

Equals: Equals Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals Evaluates if the property does not equal any of the condition values
Contains: Contains Evaluates if the property contains at least one of the condition values
NotContains: NotContains Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith Evaluates if the property does not end with any of the condition values

Equals: Equals Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals Evaluates if the property does not equal any of the condition values
Contains: Contains Evaluates if the property contains at least one of the condition values
NotContains: NotContains Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith Evaluates if the property does not end with any of the condition values

EQUALS: Equals Evaluates if the property equals at least one of the condition values
NOT_EQUALS: NotEquals Evaluates if the property does not equal any of the condition values
CONTAINS: Contains Evaluates if the property contains at least one of the condition values
NOT_CONTAINS: NotContains Evaluates if the property does not contain any of the condition values
STARTS_WITH: StartsWith Evaluates if the property starts with any of the condition values
NOT_STARTS_WITH: NotStartsWith Evaluates if the property does not start with any of the condition values
ENDS_WITH: EndsWith Evaluates if the property ends with any of the condition values
NOT_ENDS_WITH: NotEndsWith Evaluates if the property does not end with any of the condition values

"Equals": Equals Evaluates if the property equals at least one of the condition values
"NotEquals": NotEquals Evaluates if the property does not equal any of the condition values
"Contains": Contains Evaluates if the property contains at least one of the condition values
"NotContains": NotContains Evaluates if the property does not contain any of the condition values
"StartsWith": StartsWith Evaluates if the property starts with any of the condition values
"NotStartsWith": NotStartsWith Evaluates if the property does not start with any of the condition values
"EndsWith": EndsWith Evaluates if the property ends with any of the condition values
"NotEndsWith": NotEndsWith Evaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

IncidentTitle: IncidentTitle The title of the incident
IncidentDescription: IncidentDescription The description of the incident
IncidentSeverity: IncidentSeverity The severity of the incident
IncidentStatus: IncidentStatus The status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds The related Analytic rule ids of the incident
IncidentTactics: IncidentTactics The tactics of the incident
IncidentLabel: IncidentLabel The labels of the incident
IncidentProviderName: IncidentProviderName The provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySource The update source of the incident
IncidentCustomDetailsKey: IncidentCustomDetailsKey The incident custom detail key
IncidentCustomDetailsValue: IncidentCustomDetailsValue The incident custom detail value
AccountAadTenantId: AccountAadTenantId The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId The account Azure Active Directory user id
AccountName: AccountName The account name
AccountNTDomain: AccountNTDomain The account NetBIOS domain name
AccountPUID: AccountPUID The account Azure Active Directory Passport User ID
AccountSid: AccountSid The account security identifier
AccountObjectGuid: AccountObjectGuid The account unique identifier
AccountUPNSuffix: AccountUPNSuffix The account user principal name suffix
AlertProductNames: AlertProductNames The name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIds The analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceId The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName The cloud application name
DNSDomainName: DNSDomainName The dns record domain name
FileDirectory: FileDirectory The file directory full path
FileName: FileName The file name without path
FileHashValue: FileHashValue The file hash value
HostAzureID: HostAzureID The host Azure resource id
HostName: HostName The host name without domain
HostNetBiosName: HostNetBiosName The host NetBIOS name
HostNTDomain: HostNTDomain The host NT domain
HostOSVersion: HostOSVersion The host operating system
IoTDeviceId: IoTDeviceId "The IoT device id
IoTDeviceName: IoTDeviceName The IoT device name
IoTDeviceType: IoTDeviceType The IoT device type
IoTDeviceVendor: IoTDeviceVendor The IoT device vendor
IoTDeviceModel: IoTDeviceModel The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem The IoT device operating system
IPAddress: IPAddress The IP address
MailboxDisplayName: MailboxDisplayName The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress The mailbox primary address
MailboxUPN: MailboxUPN The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation The mail message delivery location
MailMessageRecipient: MailMessageRecipient The mail message recipient
MailMessageSenderIP: MailMessageSenderIP The mail message sender IP address
MailMessageSubject: MailMessageSubject The mail message subject
MailMessageP1Sender: MailMessageP1Sender The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender The mail message P2 sender
MalwareCategory: MalwareCategory The malware category
MalwareName: MalwareName The malware name
ProcessCommandLine: ProcessCommandLine The process execution command line
ProcessId: ProcessId The process id
RegistryKey: RegistryKey The registry key path
RegistryValueData: RegistryValueData The registry key value in string formatted representation
Url: Url The url

AutomationRulePropertyConditionSupportedPropertyIncidentTitle: IncidentTitle The title of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentDescription: IncidentDescription The description of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentSeverity: IncidentSeverity The severity of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentStatus: IncidentStatus The status of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds The related Analytic rule ids of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentTactics: IncidentTactics The tactics of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentLabel: IncidentLabel The labels of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentProviderName: IncidentProviderName The provider name of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource: IncidentUpdatedBySource The update source of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsKey: IncidentCustomDetailsKey The incident custom detail key
AutomationRulePropertyConditionSupportedPropertyIncidentCustomDetailsValue: IncidentCustomDetailsValue The incident custom detail value
AutomationRulePropertyConditionSupportedPropertyAccountAadTenantId: AccountAadTenantId The account Azure Active Directory tenant id
AutomationRulePropertyConditionSupportedPropertyAccountAadUserId: AccountAadUserId The account Azure Active Directory user id
AutomationRulePropertyConditionSupportedPropertyAccountName: AccountName The account name
AutomationRulePropertyConditionSupportedPropertyAccountNTDomain: AccountNTDomain The account NetBIOS domain name
AutomationRulePropertyConditionSupportedPropertyAccountPUID: AccountPUID The account Azure Active Directory Passport User ID
AutomationRulePropertyConditionSupportedPropertyAccountSid: AccountSid The account security identifier
AutomationRulePropertyConditionSupportedPropertyAccountObjectGuid: AccountObjectGuid The account unique identifier
AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix: AccountUPNSuffix The account user principal name suffix
AutomationRulePropertyConditionSupportedPropertyAlertProductNames: AlertProductNames The name of the product of the alert
AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIds: AlertAnalyticRuleIds The analytic rule ids of the alert
AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceId: AzureResourceResourceId The Azure resource id
AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionId: AzureResourceSubscriptionId The Azure resource subscription id
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppId: CloudApplicationAppId The cloud application identifier
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName: CloudApplicationAppName The cloud application name
AutomationRulePropertyConditionSupportedPropertyDNSDomainName: DNSDomainName The dns record domain name
AutomationRulePropertyConditionSupportedPropertyFileDirectory: FileDirectory The file directory full path
AutomationRulePropertyConditionSupportedPropertyFileName: FileName The file name without path
AutomationRulePropertyConditionSupportedPropertyFileHashValue: FileHashValue The file hash value
AutomationRulePropertyConditionSupportedPropertyHostAzureID: HostAzureID The host Azure resource id
AutomationRulePropertyConditionSupportedPropertyHostName: HostName The host name without domain
AutomationRulePropertyConditionSupportedPropertyHostNetBiosName: HostNetBiosName The host NetBIOS name
AutomationRulePropertyConditionSupportedPropertyHostNTDomain: HostNTDomain The host NT domain
AutomationRulePropertyConditionSupportedPropertyHostOSVersion: HostOSVersion The host operating system
AutomationRulePropertyConditionSupportedPropertyIoTDeviceId: IoTDeviceId "The IoT device id
AutomationRulePropertyConditionSupportedPropertyIoTDeviceName: IoTDeviceName The IoT device name
AutomationRulePropertyConditionSupportedPropertyIoTDeviceType: IoTDeviceType The IoT device type
AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor: IoTDeviceVendor The IoT device vendor
AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel: IoTDeviceModel The IoT device model
AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem: IoTDeviceOperatingSystem The IoT device operating system
AutomationRulePropertyConditionSupportedPropertyIPAddress: IPAddress The IP address
AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName: MailboxDisplayName The mailbox display name
AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress: MailboxPrimaryAddress The mailbox primary address
AutomationRulePropertyConditionSupportedPropertyMailboxUPN: MailboxUPN The mailbox user principal name
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction: MailMessageDeliveryAction The mail message delivery action
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation: MailMessageDeliveryLocation The mail message delivery location
AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient: MailMessageRecipient The mail message recipient
AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP: MailMessageSenderIP The mail message sender IP address
AutomationRulePropertyConditionSupportedPropertyMailMessageSubject: MailMessageSubject The mail message subject
AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender: MailMessageP1Sender The mail message P1 sender
AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender: MailMessageP2Sender The mail message P2 sender
AutomationRulePropertyConditionSupportedPropertyMalwareCategory: MalwareCategory The malware category
AutomationRulePropertyConditionSupportedPropertyMalwareName: MalwareName The malware name
AutomationRulePropertyConditionSupportedPropertyProcessCommandLine: ProcessCommandLine The process execution command line
AutomationRulePropertyConditionSupportedPropertyProcessId: ProcessId The process id
AutomationRulePropertyConditionSupportedPropertyRegistryKey: RegistryKey The registry key path
AutomationRulePropertyConditionSupportedPropertyRegistryValueData: RegistryValueData The registry key value in string formatted representation
AutomationRulePropertyConditionSupportedPropertyUrl: Url The url

IncidentTitle: IncidentTitle The title of the incident
IncidentDescription: IncidentDescription The description of the incident
IncidentSeverity: IncidentSeverity The severity of the incident
IncidentStatus: IncidentStatus The status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds The related Analytic rule ids of the incident
IncidentTactics: IncidentTactics The tactics of the incident
IncidentLabel: IncidentLabel The labels of the incident
IncidentProviderName: IncidentProviderName The provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySource The update source of the incident
IncidentCustomDetailsKey: IncidentCustomDetailsKey The incident custom detail key
IncidentCustomDetailsValue: IncidentCustomDetailsValue The incident custom detail value
AccountAadTenantId: AccountAadTenantId The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId The account Azure Active Directory user id
AccountName: AccountName The account name
AccountNTDomain: AccountNTDomain The account NetBIOS domain name
AccountPUID: AccountPUID The account Azure Active Directory Passport User ID
AccountSid: AccountSid The account security identifier
AccountObjectGuid: AccountObjectGuid The account unique identifier
AccountUPNSuffix: AccountUPNSuffix The account user principal name suffix
AlertProductNames: AlertProductNames The name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIds The analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceId The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName The cloud application name
DNSDomainName: DNSDomainName The dns record domain name
FileDirectory: FileDirectory The file directory full path
FileName: FileName The file name without path
FileHashValue: FileHashValue The file hash value
HostAzureID: HostAzureID The host Azure resource id
HostName: HostName The host name without domain
HostNetBiosName: HostNetBiosName The host NetBIOS name
HostNTDomain: HostNTDomain The host NT domain
HostOSVersion: HostOSVersion The host operating system
IoTDeviceId: IoTDeviceId "The IoT device id
IoTDeviceName: IoTDeviceName The IoT device name
IoTDeviceType: IoTDeviceType The IoT device type
IoTDeviceVendor: IoTDeviceVendor The IoT device vendor
IoTDeviceModel: IoTDeviceModel The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem The IoT device operating system
IPAddress: IPAddress The IP address
MailboxDisplayName: MailboxDisplayName The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress The mailbox primary address
MailboxUPN: MailboxUPN The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation The mail message delivery location
MailMessageRecipient: MailMessageRecipient The mail message recipient
MailMessageSenderIP: MailMessageSenderIP The mail message sender IP address
MailMessageSubject: MailMessageSubject The mail message subject
MailMessageP1Sender: MailMessageP1Sender The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender The mail message P2 sender
MalwareCategory: MalwareCategory The malware category
MalwareName: MalwareName The malware name
ProcessCommandLine: ProcessCommandLine The process execution command line
ProcessId: ProcessId The process id
RegistryKey: RegistryKey The registry key path
RegistryValueData: RegistryValueData The registry key value in string formatted representation
Url: Url The url

IncidentTitle: IncidentTitle The title of the incident
IncidentDescription: IncidentDescription The description of the incident
IncidentSeverity: IncidentSeverity The severity of the incident
IncidentStatus: IncidentStatus The status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds The related Analytic rule ids of the incident
IncidentTactics: IncidentTactics The tactics of the incident
IncidentLabel: IncidentLabel The labels of the incident
IncidentProviderName: IncidentProviderName The provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySource The update source of the incident
IncidentCustomDetailsKey: IncidentCustomDetailsKey The incident custom detail key
IncidentCustomDetailsValue: IncidentCustomDetailsValue The incident custom detail value
AccountAadTenantId: AccountAadTenantId The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId The account Azure Active Directory user id
AccountName: AccountName The account name
AccountNTDomain: AccountNTDomain The account NetBIOS domain name
AccountPUID: AccountPUID The account Azure Active Directory Passport User ID
AccountSid: AccountSid The account security identifier
AccountObjectGuid: AccountObjectGuid The account unique identifier
AccountUPNSuffix: AccountUPNSuffix The account user principal name suffix
AlertProductNames: AlertProductNames The name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIds The analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceId The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName The cloud application name
DNSDomainName: DNSDomainName The dns record domain name
FileDirectory: FileDirectory The file directory full path
FileName: FileName The file name without path
FileHashValue: FileHashValue The file hash value
HostAzureID: HostAzureID The host Azure resource id
HostName: HostName The host name without domain
HostNetBiosName: HostNetBiosName The host NetBIOS name
HostNTDomain: HostNTDomain The host NT domain
HostOSVersion: HostOSVersion The host operating system
IoTDeviceId: IoTDeviceId "The IoT device id
IoTDeviceName: IoTDeviceName The IoT device name
IoTDeviceType: IoTDeviceType The IoT device type
IoTDeviceVendor: IoTDeviceVendor The IoT device vendor
IoTDeviceModel: IoTDeviceModel The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem The IoT device operating system
IPAddress: IPAddress The IP address
MailboxDisplayName: MailboxDisplayName The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress The mailbox primary address
MailboxUPN: MailboxUPN The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation The mail message delivery location
MailMessageRecipient: MailMessageRecipient The mail message recipient
MailMessageSenderIP: MailMessageSenderIP The mail message sender IP address
MailMessageSubject: MailMessageSubject The mail message subject
MailMessageP1Sender: MailMessageP1Sender The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender The mail message P2 sender
MalwareCategory: MalwareCategory The malware category
MalwareName: MalwareName The malware name
ProcessCommandLine: ProcessCommandLine The process execution command line
ProcessId: ProcessId The process id
RegistryKey: RegistryKey The registry key path
RegistryValueData: RegistryValueData The registry key value in string formatted representation
Url: Url The url

INCIDENT_TITLE: IncidentTitle The title of the incident
INCIDENT_DESCRIPTION: IncidentDescription The description of the incident
INCIDENT_SEVERITY: IncidentSeverity The severity of the incident
INCIDENT_STATUS: IncidentStatus The status of the incident
INCIDENT_RELATED_ANALYTIC_RULE_IDS: IncidentRelatedAnalyticRuleIds The related Analytic rule ids of the incident
INCIDENT_TACTICS: IncidentTactics The tactics of the incident
INCIDENT_LABEL: IncidentLabel The labels of the incident
INCIDENT_PROVIDER_NAME: IncidentProviderName The provider name of the incident
INCIDENT_UPDATED_BY_SOURCE: IncidentUpdatedBySource The update source of the incident
INCIDENT_CUSTOM_DETAILS_KEY: IncidentCustomDetailsKey The incident custom detail key
INCIDENT_CUSTOM_DETAILS_VALUE: IncidentCustomDetailsValue The incident custom detail value
ACCOUNT_AAD_TENANT_ID: AccountAadTenantId The account Azure Active Directory tenant id
ACCOUNT_AAD_USER_ID: AccountAadUserId The account Azure Active Directory user id
ACCOUNT_NAME: AccountName The account name
ACCOUNT_NT_DOMAIN: AccountNTDomain The account NetBIOS domain name
ACCOUNT_PUID: AccountPUID The account Azure Active Directory Passport User ID
ACCOUNT_SID: AccountSid The account security identifier
ACCOUNT_OBJECT_GUID: AccountObjectGuid The account unique identifier
ACCOUNT_UPN_SUFFIX: AccountUPNSuffix The account user principal name suffix
ALERT_PRODUCT_NAMES: AlertProductNames The name of the product of the alert
ALERT_ANALYTIC_RULE_IDS: AlertAnalyticRuleIds The analytic rule ids of the alert
AZURE_RESOURCE_RESOURCE_ID: AzureResourceResourceId The Azure resource id
AZURE_RESOURCE_SUBSCRIPTION_ID: AzureResourceSubscriptionId The Azure resource subscription id
CLOUD_APPLICATION_APP_ID: CloudApplicationAppId The cloud application identifier
CLOUD_APPLICATION_APP_NAME: CloudApplicationAppName The cloud application name
DNS_DOMAIN_NAME: DNSDomainName The dns record domain name
FILE_DIRECTORY: FileDirectory The file directory full path
FILE_NAME: FileName The file name without path
FILE_HASH_VALUE: FileHashValue The file hash value
HOST_AZURE_ID: HostAzureID The host Azure resource id
HOST_NAME: HostName The host name without domain
HOST_NET_BIOS_NAME: HostNetBiosName The host NetBIOS name
HOST_NT_DOMAIN: HostNTDomain The host NT domain
HOST_OS_VERSION: HostOSVersion The host operating system
IO_T_DEVICE_ID: IoTDeviceId "The IoT device id
IO_T_DEVICE_NAME: IoTDeviceName The IoT device name
IO_T_DEVICE_TYPE: IoTDeviceType The IoT device type
IO_T_DEVICE_VENDOR: IoTDeviceVendor The IoT device vendor
IO_T_DEVICE_MODEL: IoTDeviceModel The IoT device model
IO_T_DEVICE_OPERATING_SYSTEM: IoTDeviceOperatingSystem The IoT device operating system
IP_ADDRESS: IPAddress The IP address
MAILBOX_DISPLAY_NAME: MailboxDisplayName The mailbox display name
MAILBOX_PRIMARY_ADDRESS: MailboxPrimaryAddress The mailbox primary address
MAILBOX_UPN: MailboxUPN The mailbox user principal name
MAIL_MESSAGE_DELIVERY_ACTION: MailMessageDeliveryAction The mail message delivery action
MAIL_MESSAGE_DELIVERY_LOCATION: MailMessageDeliveryLocation The mail message delivery location
MAIL_MESSAGE_RECIPIENT: MailMessageRecipient The mail message recipient
MAIL_MESSAGE_SENDER_IP: MailMessageSenderIP The mail message sender IP address
MAIL_MESSAGE_SUBJECT: MailMessageSubject The mail message subject
MAIL_MESSAGE_P1_SENDER: MailMessageP1Sender The mail message P1 sender
MAIL_MESSAGE_P2_SENDER: MailMessageP2Sender The mail message P2 sender
MALWARE_CATEGORY: MalwareCategory The malware category
MALWARE_NAME: MalwareName The malware name
PROCESS_COMMAND_LINE: ProcessCommandLine The process execution command line
PROCESS_ID: ProcessId The process id
REGISTRY_KEY: RegistryKey The registry key path
REGISTRY_VALUE_DATA: RegistryValueData The registry key value in string formatted representation
URL: Url The url

"IncidentTitle": IncidentTitle The title of the incident
"IncidentDescription": IncidentDescription The description of the incident
"IncidentSeverity": IncidentSeverity The severity of the incident
"IncidentStatus": IncidentStatus The status of the incident
"IncidentRelatedAnalyticRuleIds": IncidentRelatedAnalyticRuleIds The related Analytic rule ids of the incident
"IncidentTactics": IncidentTactics The tactics of the incident
"IncidentLabel": IncidentLabel The labels of the incident
"IncidentProviderName": IncidentProviderName The provider name of the incident
"IncidentUpdatedBySource": IncidentUpdatedBySource The update source of the incident
"IncidentCustomDetailsKey": IncidentCustomDetailsKey The incident custom detail key
"IncidentCustomDetailsValue": IncidentCustomDetailsValue The incident custom detail value
"AccountAadTenantId": AccountAadTenantId The account Azure Active Directory tenant id
"AccountAadUserId": AccountAadUserId The account Azure Active Directory user id
"AccountName": AccountName The account name
"AccountNTDomain": AccountNTDomain The account NetBIOS domain name
"AccountPUID": AccountPUID The account Azure Active Directory Passport User ID
"AccountSid": AccountSid The account security identifier
"AccountObjectGuid": AccountObjectGuid The account unique identifier
"AccountUPNSuffix": AccountUPNSuffix The account user principal name suffix
"AlertProductNames": AlertProductNames The name of the product of the alert
"AlertAnalyticRuleIds": AlertAnalyticRuleIds The analytic rule ids of the alert
"AzureResourceResourceId": AzureResourceResourceId The Azure resource id
"AzureResourceSubscriptionId": AzureResourceSubscriptionId The Azure resource subscription id
"CloudApplicationAppId": CloudApplicationAppId The cloud application identifier
"CloudApplicationAppName": CloudApplicationAppName The cloud application name
"DNSDomainName": DNSDomainName The dns record domain name
"FileDirectory": FileDirectory The file directory full path
"FileName": FileName The file name without path
"FileHashValue": FileHashValue The file hash value
"HostAzureID": HostAzureID The host Azure resource id
"HostName": HostName The host name without domain
"HostNetBiosName": HostNetBiosName The host NetBIOS name
"HostNTDomain": HostNTDomain The host NT domain
"HostOSVersion": HostOSVersion The host operating system
"IoTDeviceId": IoTDeviceId "The IoT device id
"IoTDeviceName": IoTDeviceName The IoT device name
"IoTDeviceType": IoTDeviceType The IoT device type
"IoTDeviceVendor": IoTDeviceVendor The IoT device vendor
"IoTDeviceModel": IoTDeviceModel The IoT device model
"IoTDeviceOperatingSystem": IoTDeviceOperatingSystem The IoT device operating system
"IPAddress": IPAddress The IP address
"MailboxDisplayName": MailboxDisplayName The mailbox display name
"MailboxPrimaryAddress": MailboxPrimaryAddress The mailbox primary address
"MailboxUPN": MailboxUPN The mailbox user principal name
"MailMessageDeliveryAction": MailMessageDeliveryAction The mail message delivery action
"MailMessageDeliveryLocation": MailMessageDeliveryLocation The mail message delivery location
"MailMessageRecipient": MailMessageRecipient The mail message recipient
"MailMessageSenderIP": MailMessageSenderIP The mail message sender IP address
"MailMessageSubject": MailMessageSubject The mail message subject
"MailMessageP1Sender": MailMessageP1Sender The mail message P1 sender
"MailMessageP2Sender": MailMessageP2Sender The mail message P2 sender
"MalwareCategory": MalwareCategory The malware category
"MalwareName": MalwareName The malware name
"ProcessCommandLine": ProcessCommandLine The process execution command line
"ProcessId": ProcessId The process id
"RegistryKey": RegistryKey The registry key path
"RegistryValueData": RegistryValueData The registry key value in string formatted representation
"Url": Url The url

AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs

ChangeType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyChangedConditionSupportedChangedType
Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator
PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyChangedConditionSupportedPropertyType
PropertyValues List<string>

ChangeType string | AutomationRulePropertyChangedConditionSupportedChangedType
Operator string | AutomationRulePropertyConditionSupportedOperator
PropertyName string | AutomationRulePropertyChangedConditionSupportedPropertyType
PropertyValues []string

changeType String | AutomationRulePropertyChangedConditionSupportedChangedType
operator String | AutomationRulePropertyConditionSupportedOperator
propertyName String | AutomationRulePropertyChangedConditionSupportedPropertyType
propertyValues List<String>

changeType string | AutomationRulePropertyChangedConditionSupportedChangedType
operator string | AutomationRulePropertyConditionSupportedOperator
propertyName string | AutomationRulePropertyChangedConditionSupportedPropertyType
propertyValues string[]

change_type str | AutomationRulePropertyChangedConditionSupportedChangedType
operator str | AutomationRulePropertyConditionSupportedOperator
property_name str | AutomationRulePropertyChangedConditionSupportedPropertyType
property_values Sequence[str]

changeType String | "ChangedFrom" | "ChangedTo"
operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
propertyName String | "IncidentSeverity" | "IncidentStatus" | "IncidentOwner"
propertyValues List<String>

AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs

ChangeType string
Operator string
PropertyName string
PropertyValues List<string>

ChangeType string
Operator string
PropertyName string
PropertyValues []string

changeType String
operator String
propertyName String
propertyValues List<String>

changeType string
operator string
propertyName string
propertyValues string[]

change_type str
operator str
property_name str
property_values Sequence[str]

changeType String
operator String
propertyName String
propertyValues List<String>

AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator
PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
PropertyValues List<string>

Operator string | AutomationRulePropertyConditionSupportedOperator
PropertyName string | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
PropertyValues []string

operator String | AutomationRulePropertyConditionSupportedOperator
propertyName String | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
propertyValues List<String>

operator string | AutomationRulePropertyConditionSupportedOperator
propertyName string | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
propertyValues string[]

operator str | AutomationRulePropertyConditionSupportedOperator
property_name str | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
property_values Sequence[str]

operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
propertyName String | "IncidentTitle" | "IncidentDescription" | "IncidentSeverity" | "IncidentStatus" | "IncidentRelatedAnalyticRuleIds" | "IncidentTactics" | "IncidentLabel" | "IncidentProviderName" | "IncidentUpdatedBySource" | "IncidentCustomDetailsKey" | "IncidentCustomDetailsValue" | "AccountAadTenantId" | "AccountAadUserId" | "AccountName" | "AccountNTDomain" | "AccountPUID" | "AccountSid" | "AccountObjectGuid" | "AccountUPNSuffix" | "AlertProductNames" | "AlertAnalyticRuleIds" | "AzureResourceResourceId" | "AzureResourceSubscriptionId" | "CloudApplicationAppId" | "CloudApplicationAppName" | "DNSDomainName" | "FileDirectory" | "FileName" | "FileHashValue" | "HostAzureID" | "HostName" | "HostNetBiosName" | "HostNTDomain" | "HostOSVersion" | "IoTDeviceId" | "IoTDeviceName" | "IoTDeviceType" | "IoTDeviceVendor" | "IoTDeviceModel" | "IoTDeviceOperatingSystem" | "IPAddress" | "MailboxDisplayName" | "MailboxPrimaryAddress" | "MailboxUPN" | "MailMessageDeliveryAction" | "MailMessageDeliveryLocation" | "MailMessageRecipient" | "MailMessageSenderIP" | "MailMessageSubject" | "MailMessageP1Sender" | "MailMessageP2Sender" | "MalwareCategory" | "MalwareName" | "ProcessCommandLine" | "ProcessId" | "RegistryKey" | "RegistryValueData" | "Url": The property to evaluate in an automation rule property condition.
propertyValues List<String>

AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

Operator string
PropertyName string: The property to evaluate in an automation rule property condition.
PropertyValues List<string>

Operator string
PropertyName string: The property to evaluate in an automation rule property condition.
PropertyValues []string

operator String
propertyName String: The property to evaluate in an automation rule property condition.
propertyValues List<String>

operator string
propertyName string: The property to evaluate in an automation rule property condition.
propertyValues string[]

operator str
property_name str: The property to evaluate in an automation rule property condition.
property_values Sequence[str]

operator String
propertyName String: The property to evaluate in an automation rule property condition.
propertyValues List<String>

AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

Describes an automation rule action to run a playbook

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.PlaybookActionProperties

Order int
ActionConfiguration PlaybookActionProperties

order Integer
actionConfiguration PlaybookActionProperties

order number
actionConfiguration PlaybookActionProperties

order int
action_configuration PlaybookActionProperties

order Number
actionConfiguration Property Map

AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

Describes an automation rule action to run a playbook

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.PlaybookActionPropertiesResponse

Order int
ActionConfiguration PlaybookActionPropertiesResponse

order Integer
actionConfiguration PlaybookActionPropertiesResponse

order number
actionConfiguration PlaybookActionPropertiesResponse

order int
action_configuration PlaybookActionPropertiesResponse

order Number
actionConfiguration Property Map

AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

Describes automation rule triggering logic.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string | Pulumi.AzureNative.SecurityInsights.TriggersOn
TriggersWhen string | Pulumi.AzureNative.SecurityInsights.TriggersWhen
Conditions List<object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string | TriggersOn
TriggersWhen string | TriggersWhen
Conditions []interface{}: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String | TriggersOn
triggersWhen String | TriggersWhen
conditions List<Object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean: Determines whether the automation rule is enabled or disabled.
triggersOn string | TriggersOn
triggersWhen string | TriggersWhen
conditions (BooleanConditionProperties | PropertyArrayChangedConditionProperties | PropertyArrayConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties)[]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

is_enabled bool: Determines whether the automation rule is enabled or disabled.
triggers_on str | TriggersOn
triggers_when str | TriggersWhen
conditions Sequence[Union[BooleanConditionProperties, PropertyArrayChangedConditionProperties, PropertyArrayConditionProperties, PropertyChangedConditionProperties, PropertyConditionProperties]]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expiration_time_utc str: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String | "Incidents" | "Alerts"
triggersWhen String | "Created" | "Updated"
conditions List<Property Map | Property Map | Property Map | Property Map | Property Map>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

Describes automation rule triggering logic.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string
TriggersWhen string
Conditions List<object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string
TriggersWhen string
Conditions []interface{}: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String
triggersWhen String
conditions List<Object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean: Determines whether the automation rule is enabled or disabled.
triggersOn string
triggersWhen string
conditions (BooleanConditionPropertiesResponse | PropertyArrayChangedConditionPropertiesResponse | PropertyArrayConditionPropertiesResponse | PropertyChangedConditionPropertiesResponse | PropertyConditionPropertiesResponse)[]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

is_enabled bool: Determines whether the automation rule is enabled or disabled.
triggers_on str
triggers_when str
conditions Sequence[Union[BooleanConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponse, PropertyArrayConditionPropertiesResponse, PropertyChangedConditionPropertiesResponse, PropertyConditionPropertiesResponse]]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expiration_time_utc str: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String
triggersWhen String
conditions List<Property Map | Property Map | Property Map | Property Map | Property Map>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

BooleanConditionProperties, BooleanConditionPropertiesArgs

Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleBooleanCondition: Describes an automation rule condition with boolean operators.

ConditionProperties AutomationRuleBooleanCondition: Describes an automation rule condition with boolean operators.

conditionProperties AutomationRuleBooleanCondition: Describes an automation rule condition with boolean operators.

conditionProperties AutomationRuleBooleanCondition: Describes an automation rule condition with boolean operators.

condition_properties AutomationRuleBooleanCondition: Describes an automation rule condition with boolean operators.

conditionProperties Property Map: Describes an automation rule condition with boolean operators.

BooleanConditionPropertiesResponse, BooleanConditionPropertiesResponseArgs

Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleBooleanConditionResponse: Describes an automation rule condition with boolean operators.

ConditionProperties AutomationRuleBooleanConditionResponse: Describes an automation rule condition with boolean operators.

conditionProperties AutomationRuleBooleanConditionResponse: Describes an automation rule condition with boolean operators.

conditionProperties AutomationRuleBooleanConditionResponse: Describes an automation rule condition with boolean operators.

condition_properties AutomationRuleBooleanConditionResponse: Describes an automation rule condition with boolean operators.

conditionProperties Property Map: Describes an automation rule condition with boolean operators.

ClientInfoResponse, ClientInfoResponseArgs

Information on the client (user or application) that made some action

Email string: The email of the client.
Name string: The name of the client.
ObjectId string: The object id of the client.
UserPrincipalName string: The user principal name of the client.

Email string: The email of the client.
Name string: The name of the client.
ObjectId string: The object id of the client.
UserPrincipalName string: The user principal name of the client.

email String: The email of the client.
name String: The name of the client.
objectId String: The object id of the client.
userPrincipalName String: The user principal name of the client.

email string: The email of the client.
name string: The name of the client.
objectId string: The object id of the client.
userPrincipalName string: The user principal name of the client.

email str: The email of the client.
name str: The name of the client.
object_id str: The object id of the client.
user_principal_name str: The user principal name of the client.

email String: The email of the client.
name String: The name of the client.
objectId String: The object id of the client.
userPrincipalName String: The user principal name of the client.

IncidentClassification, IncidentClassificationArgs

Undetermined: Undetermined Incident classification was undetermined
TruePositive: TruePositive Incident was true positive
BenignPositive: BenignPositive Incident was benign positive
FalsePositive: FalsePositive Incident was false positive

IncidentClassificationUndetermined: Undetermined Incident classification was undetermined
IncidentClassificationTruePositive: TruePositive Incident was true positive
IncidentClassificationBenignPositive: BenignPositive Incident was benign positive
IncidentClassificationFalsePositive: FalsePositive Incident was false positive

Undetermined: Undetermined Incident classification was undetermined
TruePositive: TruePositive Incident was true positive
BenignPositive: BenignPositive Incident was benign positive
FalsePositive: FalsePositive Incident was false positive

Undetermined: Undetermined Incident classification was undetermined
TruePositive: TruePositive Incident was true positive
BenignPositive: BenignPositive Incident was benign positive
FalsePositive: FalsePositive Incident was false positive

UNDETERMINED: Undetermined Incident classification was undetermined
TRUE_POSITIVE: TruePositive Incident was true positive
BENIGN_POSITIVE: BenignPositive Incident was benign positive
FALSE_POSITIVE: FalsePositive Incident was false positive

"Undetermined": Undetermined Incident classification was undetermined
"TruePositive": TruePositive Incident was true positive
"BenignPositive": BenignPositive Incident was benign positive
"FalsePositive": FalsePositive Incident was false positive

IncidentClassificationReason, IncidentClassificationReasonArgs

SuspiciousActivity: SuspiciousActivity Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic Classification reason was incorrect alert logic
InaccurateData: InaccurateData Classification reason was inaccurate data

IncidentClassificationReasonSuspiciousActivity: SuspiciousActivity Classification reason was suspicious activity
IncidentClassificationReasonSuspiciousButExpected: SuspiciousButExpected Classification reason was suspicious but expected
IncidentClassificationReasonIncorrectAlertLogic: IncorrectAlertLogic Classification reason was incorrect alert logic
IncidentClassificationReasonInaccurateData: InaccurateData Classification reason was inaccurate data

SuspiciousActivity: SuspiciousActivity Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic Classification reason was incorrect alert logic
InaccurateData: InaccurateData Classification reason was inaccurate data

SuspiciousActivity: SuspiciousActivity Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic Classification reason was incorrect alert logic
InaccurateData: InaccurateData Classification reason was inaccurate data

SUSPICIOUS_ACTIVITY: SuspiciousActivity Classification reason was suspicious activity
SUSPICIOUS_BUT_EXPECTED: SuspiciousButExpected Classification reason was suspicious but expected
INCORRECT_ALERT_LOGIC: IncorrectAlertLogic Classification reason was incorrect alert logic
INACCURATE_DATA: InaccurateData Classification reason was inaccurate data

"SuspiciousActivity": SuspiciousActivity Classification reason was suspicious activity
"SuspiciousButExpected": SuspiciousButExpected Classification reason was suspicious but expected
"IncorrectAlertLogic": IncorrectAlertLogic Classification reason was incorrect alert logic
"InaccurateData": InaccurateData Classification reason was inaccurate data

IncidentLabel, IncidentLabelArgs

Represents an incident label

LabelName string: The name of the label

LabelName string: The name of the label

labelName String: The name of the label

labelName string: The name of the label

label_name str: The name of the label

labelName String: The name of the label

IncidentLabelResponse, IncidentLabelResponseArgs

Represents an incident label

LabelName string: The name of the label
LabelType string: The type of the label

LabelName string: The name of the label
LabelType string: The type of the label

labelName String: The name of the label
labelType String: The type of the label

labelName string: The name of the label
labelType string: The type of the label

label_name str: The name of the label
label_type str: The type of the label

labelName String: The name of the label
labelType String: The type of the label

IncidentOwnerInfo, IncidentOwnerInfoArgs

Information on the user an incident is assigned to

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string | Pulumi.AzureNative.SecurityInsights.OwnerType: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string | OwnerType: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String | OwnerType: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
ownerType string | OwnerType: The type of the owner the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
owner_type str | OwnerType: The type of the owner the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String | "Unknown" | "User" | "Group": The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

Information on the user an incident is assigned to

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
ownerType string: The type of the owner the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
owner_type str: The type of the owner the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

IncidentPropertiesAction, IncidentPropertiesActionArgs

Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason: The classification reason the incident was closed with
Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>: List of labels to add to the incident.
Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo: Information on the user an incident is assigned to
Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity: The severity of the incident
Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus: The status of the incident

Classification string | IncidentClassification: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string | IncidentClassificationReason: The classification reason the incident was closed with
Labels []IncidentLabel: List of labels to add to the incident.
Owner IncidentOwnerInfo: Information on the user an incident is assigned to
Severity string | IncidentSeverity: The severity of the incident
Status string | IncidentStatus: The status of the incident

classification String | IncidentClassification: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String | IncidentClassificationReason: The classification reason the incident was closed with
labels List<IncidentLabel>: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity String | IncidentSeverity: The severity of the incident
status String | IncidentStatus: The status of the incident

classification string | IncidentClassification: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed.
classificationReason string | IncidentClassificationReason: The classification reason the incident was closed with
labels IncidentLabel[]: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity string | IncidentSeverity: The severity of the incident
status string | IncidentStatus: The status of the incident

classification str | IncidentClassification: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed.
classification_reason str | IncidentClassificationReason: The classification reason the incident was closed with
labels Sequence[IncidentLabel]: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity str | IncidentSeverity: The severity of the incident
status str | IncidentStatus: The status of the incident

classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive": The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData": The classification reason the incident was closed with
labels List<Property Map>: List of labels to add to the incident.
owner Property Map: Information on the user an incident is assigned to
severity String | "High" | "Medium" | "Low" | "Informational": The severity of the incident
status String | "New" | "Active" | "Closed": The status of the incident

IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs

Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string: The classification reason the incident was closed with
Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabelResponse>: List of labels to add to the incident.
Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoResponse: Information on the user an incident is assigned to
Severity string: The severity of the incident
Status string: The status of the incident

Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string: The classification reason the incident was closed with
Labels []IncidentLabelResponse: List of labels to add to the incident.
Owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
Severity string: The severity of the incident
Status string: The status of the incident

classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String: The classification reason the incident was closed with
labels List<IncidentLabelResponse>: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity String: The severity of the incident
status String: The status of the incident

classification string: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed.
classificationReason string: The classification reason the incident was closed with
labels IncidentLabelResponse[]: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity string: The severity of the incident
status string: The status of the incident

classification str: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed.
classification_reason str: The classification reason the incident was closed with
labels Sequence[IncidentLabelResponse]: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity str: The severity of the incident
status str: The status of the incident

classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String: The classification reason the incident was closed with
labels List<Property Map>: List of labels to add to the incident.
owner Property Map: Information on the user an incident is assigned to
severity String: The severity of the incident
status String: The status of the incident

IncidentSeverity, IncidentSeverityArgs

High: High High severity
Medium: Medium Medium severity
Low: Low Low severity
Informational: Informational Informational severity

IncidentSeverityHigh: High High severity
IncidentSeverityMedium: Medium Medium severity
IncidentSeverityLow: Low Low severity
IncidentSeverityInformational: Informational Informational severity

High: High High severity
Medium: Medium Medium severity
Low: Low Low severity
Informational: Informational Informational severity

High: High High severity
Medium: Medium Medium severity
Low: Low Low severity
Informational: Informational Informational severity

HIGH: High High severity
MEDIUM: Medium Medium severity
LOW: Low Low severity
INFORMATIONAL: Informational Informational severity

"High": High High severity
"Medium": Medium Medium severity
"Low": Low Low severity
"Informational": Informational Informational severity

IncidentStatus, IncidentStatusArgs

New: New An active incident which isn't being handled currently
Active: Active An active incident which is being handled
Closed: Closed A non-active incident

IncidentStatusNew: New An active incident which isn't being handled currently
IncidentStatusActive: Active An active incident which is being handled
IncidentStatusClosed: Closed A non-active incident

New: New An active incident which isn't being handled currently
Active: Active An active incident which is being handled
Closed: Closed A non-active incident

New: New An active incident which isn't being handled currently
Active: Active An active incident which is being handled
Closed: Closed A non-active incident

NEW: New An active incident which isn't being handled currently
ACTIVE: Active An active incident which is being handled
CLOSED: Closed A non-active incident

"New": New An active incident which isn't being handled currently
"Active": Active An active incident which is being handled
"Closed": Closed A non-active incident

OwnerType, OwnerTypeArgs

Unknown: Unknown The incident owner type is unknown
User: User The incident owner type is an AAD user
Group: Group The incident owner type is an AAD group

OwnerTypeUnknown: Unknown The incident owner type is unknown
OwnerTypeUser: User The incident owner type is an AAD user
OwnerTypeGroup: Group The incident owner type is an AAD group

Unknown: Unknown The incident owner type is unknown
User: User The incident owner type is an AAD user
Group: Group The incident owner type is an AAD group

Unknown: Unknown The incident owner type is unknown
User: User The incident owner type is an AAD user
Group: Group The incident owner type is an AAD group

UNKNOWN: Unknown The incident owner type is unknown
USER: User The incident owner type is an AAD user
GROUP: Group The incident owner type is an AAD group

"Unknown": Unknown The incident owner type is unknown
"User": User The incident owner type is an AAD user
"Group": Group The incident owner type is an AAD group

PlaybookActionProperties, PlaybookActionPropertiesArgs

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

logicAppResourceId string: The resource id of the playbook resource.
tenantId string: The tenant id of the playbook resource.

logic_app_resource_id str: The resource id of the playbook resource.
tenant_id str: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

logicAppResourceId string: The resource id of the playbook resource.
tenantId string: The tenant id of the playbook resource.

logic_app_resource_id str: The resource id of the playbook resource.
tenant_id str: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs

Describes an automation rule condition that evaluates an array property's value change

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesCondition

ConditionProperties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties AutomationRulePropertyArrayChangedValuesCondition

condition_properties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties Property Map

PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs

Describes an automation rule condition that evaluates an array property's value change

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesConditionResponse

ConditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

condition_properties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties Property Map

PropertyArrayConditionProperties, PropertyArrayConditionPropertiesArgs

Describes an automation rule condition that evaluates an array property's value

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayValuesCondition: Describes an automation rule condition on array properties.

ConditionProperties AutomationRulePropertyArrayValuesCondition: Describes an automation rule condition on array properties.

conditionProperties AutomationRulePropertyArrayValuesCondition: Describes an automation rule condition on array properties.

conditionProperties AutomationRulePropertyArrayValuesCondition: Describes an automation rule condition on array properties.

condition_properties AutomationRulePropertyArrayValuesCondition: Describes an automation rule condition on array properties.

conditionProperties Property Map: Describes an automation rule condition on array properties.

PropertyArrayConditionPropertiesResponse, PropertyArrayConditionPropertiesResponseArgs

Describes an automation rule condition that evaluates an array property's value

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayValuesConditionResponse: Describes an automation rule condition on array properties.

ConditionProperties AutomationRulePropertyArrayValuesConditionResponse: Describes an automation rule condition on array properties.

conditionProperties AutomationRulePropertyArrayValuesConditionResponse: Describes an automation rule condition on array properties.

conditionProperties AutomationRulePropertyArrayValuesConditionResponse: Describes an automation rule condition on array properties.

condition_properties AutomationRulePropertyArrayValuesConditionResponse: Describes an automation rule condition on array properties.

conditionProperties Property Map: Describes an automation rule condition on array properties.

PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs

Describes an automation rule condition that evaluates a property's value change

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesChangedCondition

ConditionProperties AutomationRulePropertyValuesChangedCondition

conditionProperties AutomationRulePropertyValuesChangedCondition

conditionProperties AutomationRulePropertyValuesChangedCondition

condition_properties AutomationRulePropertyValuesChangedCondition

conditionProperties Property Map

PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs

Describes an automation rule condition that evaluates a property's value change

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesChangedConditionResponse

ConditionProperties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties AutomationRulePropertyValuesChangedConditionResponse

condition_properties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties Property Map

PropertyConditionProperties, PropertyConditionPropertiesArgs

Describes an automation rule condition that evaluates a property's value

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesCondition

ConditionProperties AutomationRulePropertyValuesCondition

conditionProperties AutomationRulePropertyValuesCondition

conditionProperties AutomationRulePropertyValuesCondition

condition_properties AutomationRulePropertyValuesCondition

conditionProperties Property Map

PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs

Describes an automation rule condition that evaluates a property's value

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionResponse

ConditionProperties AutomationRulePropertyValuesConditionResponse

conditionProperties AutomationRulePropertyValuesConditionResponse

conditionProperties AutomationRulePropertyValuesConditionResponse

condition_properties AutomationRulePropertyValuesConditionResponse

conditionProperties Property Map

SystemDataResponse, SystemDataResponseArgs

Metadata pertaining to creation and last modification of the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

TriggersOn, TriggersOnArgs

Incidents: Incidents Trigger on Incidents
Alerts: Alerts Trigger on Alerts

TriggersOnIncidents: Incidents Trigger on Incidents
TriggersOnAlerts: Alerts Trigger on Alerts

Incidents: Incidents Trigger on Incidents
Alerts: Alerts Trigger on Alerts

Incidents: Incidents Trigger on Incidents
Alerts: Alerts Trigger on Alerts

INCIDENTS: Incidents Trigger on Incidents
ALERTS: Alerts Trigger on Alerts

"Incidents": Incidents Trigger on Incidents
"Alerts": Alerts Trigger on Alerts

TriggersWhen, TriggersWhenArgs

Created: Created Trigger on created objects
Updated: Updated Trigger on updated objects

TriggersWhenCreated: Created Trigger on created objects
TriggersWhenUpdated: Updated Trigger on updated objects

Created: Created Trigger on created objects
Updated: Updated Trigger on updated objects

Created: Created Trigger on created objects
Updated: Updated Trigger on updated objects

CREATED: Created Trigger on created objects
UPDATED: Updated Trigger on updated objects

"Created": Created Trigger on created objects
"Updated": Updated Trigger on updated objects

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.13.0 published on Wednesday, Jan 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure-native

azure-native.securityinsights.AutomationRule

On this page

On this page

Example Usage

AutomationRules_CreateOrUpdate

Create AutomationRule Resource

Constructor syntax

Parameters

Constructor example

AutomationRule Resource Properties

Inputs

Outputs

Supporting Types

AddIncidentTaskActionProperties, AddIncidentTaskActionPropertiesArgs

AddIncidentTaskActionPropertiesResponse, AddIncidentTaskActionPropertiesResponseArgs

AutomationRuleAddIncidentTaskAction, AutomationRuleAddIncidentTaskActionArgs

AutomationRuleAddIncidentTaskActionResponse, AutomationRuleAddIncidentTaskActionResponseArgs

AutomationRuleBooleanCondition, AutomationRuleBooleanConditionArgs

AutomationRuleBooleanConditionResponse, AutomationRuleBooleanConditionResponseArgs

AutomationRuleBooleanConditionSupportedOperator, AutomationRuleBooleanConditionSupportedOperatorArgs

AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs

AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs

AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs

AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs

AutomationRulePropertyArrayConditionSupportedArrayConditionType, AutomationRulePropertyArrayConditionSupportedArrayConditionTypeArgs

AutomationRulePropertyArrayConditionSupportedArrayType, AutomationRulePropertyArrayConditionSupportedArrayTypeArgs

AutomationRulePropertyArrayValuesCondition, AutomationRulePropertyArrayValuesConditionArgs

AutomationRulePropertyArrayValuesConditionResponse, AutomationRulePropertyArrayValuesConditionResponseArgs

AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs

AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs

AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs

AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs

AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

BooleanConditionProperties, BooleanConditionPropertiesArgs

BooleanConditionPropertiesResponse, BooleanConditionPropertiesResponseArgs

ClientInfoResponse, ClientInfoResponseArgs

IncidentClassification, IncidentClassificationArgs

IncidentClassificationReason, IncidentClassificationReasonArgs

IncidentLabel, IncidentLabelArgs

IncidentLabelResponse, IncidentLabelResponseArgs

IncidentOwnerInfo, IncidentOwnerInfoArgs

IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

IncidentPropertiesAction, IncidentPropertiesActionArgs

IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs

IncidentSeverity, IncidentSeverityArgs

IncidentStatus, IncidentStatusArgs

OwnerType, OwnerTypeArgs

PlaybookActionProperties, PlaybookActionPropertiesArgs

PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs

PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs

PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs

PropertyArrayConditionProperties, PropertyArrayConditionPropertiesArgs

PropertyArrayConditionPropertiesResponse, PropertyArrayConditionPropertiesResponseArgs

PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs

PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs

PropertyConditionProperties, PropertyConditionPropertiesArgs

PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs

SystemDataResponse, SystemDataResponseArgs

TriggersOn, TriggersOnArgs

TriggersWhen, TriggersWhenArgs

Import

Package Details

On this page

On this page