1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. AutomationRule
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.9.0 published on Wednesday, Sep 27, 2023 by Pulumi

azure-native.securityinsights.AutomationRule

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.9.0 published on Wednesday, Sep 27, 2023 by Pulumi

    Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-01-01-preview

    Example Usage

    AutomationRules_CreateOrUpdate

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
        {
            AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
            ResourceGroupName = "myRg",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
    			AutomationRuleId:  pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
    			ResourceGroupName: pulumi.String("myRg"),
    			WorkspaceName:     pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.AutomationRule;
    import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()        
                .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
                .resourceGroupName("myRg")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
        automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        resource_group_name="myRg",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
        automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        resourceGroupName: "myRg",
        workspaceName: "myWorkspace",
    });
    
    resources:
      automationRule:
        type: azure-native:securityinsights:AutomationRule
        properties:
          automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
          resourceGroupName: myRg
          workspaceName: myWorkspace
    

    Create AutomationRule Resource

    new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AutomationRule(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                       automation_rule_id: Optional[str] = None,
                       display_name: Optional[str] = None,
                       order: Optional[int] = None,
                       resource_group_name: Optional[str] = None,
                       triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                       workspace_name: Optional[str] = None)
    @overload
    def AutomationRule(resource_name: str,
                       args: AutomationRuleArgs,
                       opts: Optional[ResourceOptions] = None)
    func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
    public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
    public AutomationRule(String name, AutomationRuleArgs args)
    public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:AutomationRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AutomationRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AutomationRule resource accepts the following input properties:

    Actions List<Union<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesAction, Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs>>

    The actions to execute when the automation rule is triggered.

    DisplayName string

    The display name of the automation rule.

    Order int

    The order of execution of the automation rule.

    ResourceGroupName string

    The name of the resource group. The name is case insensitive.

    TriggeringLogic Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogic

    Describes automation rule triggering logic.

    WorkspaceName string

    The name of the workspace.

    AutomationRuleId string

    Automation rule ID

    Actions []interface{}

    The actions to execute when the automation rule is triggered.

    DisplayName string

    The display name of the automation rule.

    Order int

    The order of execution of the automation rule.

    ResourceGroupName string

    The name of the resource group. The name is case insensitive.

    TriggeringLogic AutomationRuleTriggeringLogicArgs

    Describes automation rule triggering logic.

    WorkspaceName string

    The name of the workspace.

    AutomationRuleId string

    Automation rule ID

    actions List<Either<AutomationRuleModifyPropertiesAction,AutomationRuleRunPlaybookActionArgs>>

    The actions to execute when the automation rule is triggered.

    displayName String

    The display name of the automation rule.

    order Integer

    The order of execution of the automation rule.

    resourceGroupName String

    The name of the resource group. The name is case insensitive.

    triggeringLogic AutomationRuleTriggeringLogic

    Describes automation rule triggering logic.

    workspaceName String

    The name of the workspace.

    automationRuleId String

    Automation rule ID

    actions (AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookActionArgs)[]

    The actions to execute when the automation rule is triggered.

    displayName string

    The display name of the automation rule.

    order number

    The order of execution of the automation rule.

    resourceGroupName string

    The name of the resource group. The name is case insensitive.

    triggeringLogic AutomationRuleTriggeringLogic

    Describes automation rule triggering logic.

    workspaceName string

    The name of the workspace.

    automationRuleId string

    Automation rule ID

    actions Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]

    The actions to execute when the automation rule is triggered.

    display_name str

    The display name of the automation rule.

    order int

    The order of execution of the automation rule.

    resource_group_name str

    The name of the resource group. The name is case insensitive.

    triggering_logic AutomationRuleTriggeringLogicArgs

    Describes automation rule triggering logic.

    workspace_name str

    The name of the workspace.

    automation_rule_id str

    Automation rule ID

    actions List<Property Map | Property Map>

    The actions to execute when the automation rule is triggered.

    displayName String

    The display name of the automation rule.

    order Number

    The order of execution of the automation rule.

    resourceGroupName String

    The name of the resource group. The name is case insensitive.

    triggeringLogic Property Map

    Describes automation rule triggering logic.

    workspaceName String

    The name of the workspace.

    automationRuleId String

    Automation rule ID

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

    CreatedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse

    Information on the client (user or application) that made some action

    CreatedTimeUtc string

    The time the automation rule was created.

    Id string

    The provider-assigned unique ID for this managed resource.

    LastModifiedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse

    Information on the client (user or application) that made some action

    LastModifiedTimeUtc string

    The last time the automation rule was updated.

    Name string

    The name of the resource

    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    Type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    Etag string

    Etag of the azure resource

    CreatedBy ClientInfoResponse

    Information on the client (user or application) that made some action

    CreatedTimeUtc string

    The time the automation rule was created.

    Id string

    The provider-assigned unique ID for this managed resource.

    LastModifiedBy ClientInfoResponse

    Information on the client (user or application) that made some action

    LastModifiedTimeUtc string

    The last time the automation rule was updated.

    Name string

    The name of the resource

    SystemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    Type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    Etag string

    Etag of the azure resource

    createdBy ClientInfoResponse

    Information on the client (user or application) that made some action

    createdTimeUtc String

    The time the automation rule was created.

    id String

    The provider-assigned unique ID for this managed resource.

    lastModifiedBy ClientInfoResponse

    Information on the client (user or application) that made some action

    lastModifiedTimeUtc String

    The last time the automation rule was updated.

    name String

    The name of the resource

    systemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    type String

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    etag String

    Etag of the azure resource

    createdBy ClientInfoResponse

    Information on the client (user or application) that made some action

    createdTimeUtc string

    The time the automation rule was created.

    id string

    The provider-assigned unique ID for this managed resource.

    lastModifiedBy ClientInfoResponse

    Information on the client (user or application) that made some action

    lastModifiedTimeUtc string

    The last time the automation rule was updated.

    name string

    The name of the resource

    systemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    etag string

    Etag of the azure resource

    created_by ClientInfoResponse

    Information on the client (user or application) that made some action

    created_time_utc str

    The time the automation rule was created.

    id str

    The provider-assigned unique ID for this managed resource.

    last_modified_by ClientInfoResponse

    Information on the client (user or application) that made some action

    last_modified_time_utc str

    The last time the automation rule was updated.

    name str

    The name of the resource

    system_data SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    type str

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    etag str

    Etag of the azure resource

    createdBy Property Map

    Information on the client (user or application) that made some action

    createdTimeUtc String

    The time the automation rule was created.

    id String

    The provider-assigned unique ID for this managed resource.

    lastModifiedBy Property Map

    Information on the client (user or application) that made some action

    lastModifiedTimeUtc String

    The last time the automation rule was updated.

    name String

    The name of the resource

    systemData Property Map

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    type String

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    etag String

    Etag of the azure resource

    Supporting Types

    AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

    AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

    AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs

    Alerts
    Alerts

    Evaluate the condition on the alerts

    Labels
    Labels

    Evaluate the condition on the labels

    Tactics
    Tactics

    Evaluate the condition on the tactics

    Comments
    Comments

    Evaluate the condition on the comments

    AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts
    Alerts

    Evaluate the condition on the alerts

    AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels
    Labels

    Evaluate the condition on the labels

    AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics
    Tactics

    Evaluate the condition on the tactics

    AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments
    Comments

    Evaluate the condition on the comments

    Alerts
    Alerts

    Evaluate the condition on the alerts

    Labels
    Labels

    Evaluate the condition on the labels

    Tactics
    Tactics

    Evaluate the condition on the tactics

    Comments
    Comments

    Evaluate the condition on the comments

    Alerts
    Alerts

    Evaluate the condition on the alerts

    Labels
    Labels

    Evaluate the condition on the labels

    Tactics
    Tactics

    Evaluate the condition on the tactics

    Comments
    Comments

    Evaluate the condition on the comments

    ALERTS
    Alerts

    Evaluate the condition on the alerts

    LABELS
    Labels

    Evaluate the condition on the labels

    TACTICS
    Tactics

    Evaluate the condition on the tactics

    COMMENTS
    Comments

    Evaluate the condition on the comments

    "Alerts"
    Alerts

    Evaluate the condition on the alerts

    "Labels"
    Labels

    Evaluate the condition on the labels

    "Tactics"
    Tactics

    Evaluate the condition on the tactics

    "Comments"
    Comments

    Evaluate the condition on the comments

    AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs

    Added
    Added

    Evaluate the condition on items added to the array

    AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded
    Added

    Evaluate the condition on items added to the array

    Added
    Added

    Evaluate the condition on items added to the array

    Added
    Added

    Evaluate the condition on items added to the array

    ADDED
    Added

    Evaluate the condition on items added to the array

    "Added"
    Added

    Evaluate the condition on items added to the array

    AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs

    AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs

    ArrayType string
    ChangeType string
    ArrayType string
    ChangeType string
    arrayType String
    changeType String
    arrayType string
    changeType string
    arrayType String
    changeType String

    AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs

    ChangedFrom
    ChangedFrom

    Evaluate the condition on the previous value of the property

    ChangedTo
    ChangedTo

    Evaluate the condition on the updated value of the property

    AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom
    ChangedFrom

    Evaluate the condition on the previous value of the property

    AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo
    ChangedTo

    Evaluate the condition on the updated value of the property

    ChangedFrom
    ChangedFrom

    Evaluate the condition on the previous value of the property

    ChangedTo
    ChangedTo

    Evaluate the condition on the updated value of the property

    ChangedFrom
    ChangedFrom

    Evaluate the condition on the previous value of the property

    ChangedTo
    ChangedTo

    Evaluate the condition on the updated value of the property

    CHANGED_FROM
    ChangedFrom

    Evaluate the condition on the previous value of the property

    CHANGED_TO
    ChangedTo

    Evaluate the condition on the updated value of the property

    "ChangedFrom"
    ChangedFrom

    Evaluate the condition on the previous value of the property

    "ChangedTo"
    ChangedTo

    Evaluate the condition on the updated value of the property

    AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs

    IncidentSeverity
    IncidentSeverity

    Evaluate the condition on the incident severity

    IncidentStatus
    IncidentStatus

    Evaluate the condition on the incident status

    IncidentOwner
    IncidentOwner

    Evaluate the condition on the incident owner

    AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity
    IncidentSeverity

    Evaluate the condition on the incident severity

    AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus
    IncidentStatus

    Evaluate the condition on the incident status

    AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner
    IncidentOwner

    Evaluate the condition on the incident owner

    IncidentSeverity
    IncidentSeverity

    Evaluate the condition on the incident severity

    IncidentStatus
    IncidentStatus

    Evaluate the condition on the incident status

    IncidentOwner
    IncidentOwner

    Evaluate the condition on the incident owner

    IncidentSeverity
    IncidentSeverity

    Evaluate the condition on the incident severity

    IncidentStatus
    IncidentStatus

    Evaluate the condition on the incident status

    IncidentOwner
    IncidentOwner

    Evaluate the condition on the incident owner

    INCIDENT_SEVERITY
    IncidentSeverity

    Evaluate the condition on the incident severity

    INCIDENT_STATUS
    IncidentStatus

    Evaluate the condition on the incident status

    INCIDENT_OWNER
    IncidentOwner

    Evaluate the condition on the incident owner

    "IncidentSeverity"
    IncidentSeverity

    Evaluate the condition on the incident severity

    "IncidentStatus"
    IncidentStatus

    Evaluate the condition on the incident status

    "IncidentOwner"
    IncidentOwner

    Evaluate the condition on the incident owner

    AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

    EqualsValue
    Equals

    Evaluates if the property equals at least one of the condition values

    NotEquals
    NotEquals

    Evaluates if the property does not equal any of the condition values

    Contains
    Contains

    Evaluates if the property contains at least one of the condition values

    NotContains
    NotContains

    Evaluates if the property does not contain any of the condition values

    StartsWith
    StartsWith

    Evaluates if the property starts with any of the condition values

    NotStartsWith
    NotStartsWith

    Evaluates if the property does not start with any of the condition values

    EndsWith
    EndsWith

    Evaluates if the property ends with any of the condition values

    NotEndsWith
    NotEndsWith

    Evaluates if the property does not end with any of the condition values

    AutomationRulePropertyConditionSupportedOperatorEquals
    Equals

    Evaluates if the property equals at least one of the condition values

    AutomationRulePropertyConditionSupportedOperatorNotEquals
    NotEquals

    Evaluates if the property does not equal any of the condition values

    AutomationRulePropertyConditionSupportedOperatorContains
    Contains

    Evaluates if the property contains at least one of the condition values

    AutomationRulePropertyConditionSupportedOperatorNotContains
    NotContains

    Evaluates if the property does not contain any of the condition values

    AutomationRulePropertyConditionSupportedOperatorStartsWith
    StartsWith

    Evaluates if the property starts with any of the condition values

    AutomationRulePropertyConditionSupportedOperatorNotStartsWith
    NotStartsWith

    Evaluates if the property does not start with any of the condition values

    AutomationRulePropertyConditionSupportedOperatorEndsWith
    EndsWith

    Evaluates if the property ends with any of the condition values

    AutomationRulePropertyConditionSupportedOperatorNotEndsWith
    NotEndsWith

    Evaluates if the property does not end with any of the condition values

    Equals
    Equals

    Evaluates if the property equals at least one of the condition values

    NotEquals
    NotEquals

    Evaluates if the property does not equal any of the condition values

    Contains
    Contains

    Evaluates if the property contains at least one of the condition values

    NotContains
    NotContains

    Evaluates if the property does not contain any of the condition values

    StartsWith
    StartsWith

    Evaluates if the property starts with any of the condition values

    NotStartsWith
    NotStartsWith

    Evaluates if the property does not start with any of the condition values

    EndsWith
    EndsWith

    Evaluates if the property ends with any of the condition values

    NotEndsWith
    NotEndsWith

    Evaluates if the property does not end with any of the condition values

    Equals
    Equals

    Evaluates if the property equals at least one of the condition values

    NotEquals
    NotEquals

    Evaluates if the property does not equal any of the condition values

    Contains
    Contains

    Evaluates if the property contains at least one of the condition values

    NotContains
    NotContains

    Evaluates if the property does not contain any of the condition values

    StartsWith
    StartsWith

    Evaluates if the property starts with any of the condition values

    NotStartsWith
    NotStartsWith

    Evaluates if the property does not start with any of the condition values

    EndsWith
    EndsWith

    Evaluates if the property ends with any of the condition values

    NotEndsWith
    NotEndsWith

    Evaluates if the property does not end with any of the condition values

    EQUALS
    Equals

    Evaluates if the property equals at least one of the condition values

    NOT_EQUALS
    NotEquals

    Evaluates if the property does not equal any of the condition values

    CONTAINS
    Contains

    Evaluates if the property contains at least one of the condition values

    NOT_CONTAINS
    NotContains

    Evaluates if the property does not contain any of the condition values

    STARTS_WITH
    StartsWith

    Evaluates if the property starts with any of the condition values

    NOT_STARTS_WITH
    NotStartsWith

    Evaluates if the property does not start with any of the condition values

    ENDS_WITH
    EndsWith

    Evaluates if the property ends with any of the condition values

    NOT_ENDS_WITH
    NotEndsWith

    Evaluates if the property does not end with any of the condition values

    "Equals"
    Equals

    Evaluates if the property equals at least one of the condition values

    "NotEquals"
    NotEquals

    Evaluates if the property does not equal any of the condition values

    "Contains"
    Contains

    Evaluates if the property contains at least one of the condition values

    "NotContains"
    NotContains

    Evaluates if the property does not contain any of the condition values

    "StartsWith"
    StartsWith

    Evaluates if the property starts with any of the condition values

    "NotStartsWith"
    NotStartsWith

    Evaluates if the property does not start with any of the condition values

    "EndsWith"
    EndsWith

    Evaluates if the property ends with any of the condition values

    "NotEndsWith"
    NotEndsWith

    Evaluates if the property does not end with any of the condition values

    AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

    IncidentTitle
    IncidentTitle

    The title of the incident

    IncidentDescription
    IncidentDescription

    The description of the incident

    IncidentSeverity
    IncidentSeverity

    The severity of the incident

    IncidentStatus
    IncidentStatus

    The status of the incident

    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIds

    The related Analytic rule ids of the incident

    IncidentTactics
    IncidentTactics

    The tactics of the incident

    IncidentLabel
    IncidentLabel

    The labels of the incident

    IncidentProviderName
    IncidentProviderName

    The provider name of the incident

    IncidentUpdatedBySource
    IncidentUpdatedBySource

    The update source of the incident

    AccountAadTenantId
    AccountAadTenantId

    The account Azure Active Directory tenant id

    AccountAadUserId
    AccountAadUserId

    The account Azure Active Directory user id

    AccountName
    AccountName

    The account name

    AccountNTDomain
    AccountNTDomain

    The account NetBIOS domain name

    AccountPUID
    AccountPUID

    The account Azure Active Directory Passport User ID

    AccountSid
    AccountSid

    The account security identifier

    AccountObjectGuid
    AccountObjectGuid

    The account unique identifier

    AccountUPNSuffix
    AccountUPNSuffix

    The account user principal name suffix

    AlertProductNames
    AlertProductNames

    The name of the product of the alert

    AlertAnalyticRuleIds
    AlertAnalyticRuleIds

    The analytic rule ids of the alert

    AzureResourceResourceId
    AzureResourceResourceId

    The Azure resource id

    AzureResourceSubscriptionId
    AzureResourceSubscriptionId

    The Azure resource subscription id

    CloudApplicationAppId
    CloudApplicationAppId

    The cloud application identifier

    CloudApplicationAppName
    CloudApplicationAppName

    The cloud application name

    DNSDomainName
    DNSDomainName

    The dns record domain name

    FileDirectory
    FileDirectory

    The file directory full path

    FileName
    FileName

    The file name without path

    FileHashValue
    FileHashValue

    The file hash value

    HostAzureID
    HostAzureID

    The host Azure resource id

    HostName
    HostName

    The host name without domain

    HostNetBiosName
    HostNetBiosName

    The host NetBIOS name

    HostNTDomain
    HostNTDomain

    The host NT domain

    HostOSVersion
    HostOSVersion

    The host operating system

    IoTDeviceId
    IoTDeviceId

    "The IoT device id

    IoTDeviceName
    IoTDeviceName

    The IoT device name

    IoTDeviceType
    IoTDeviceType

    The IoT device type

    IoTDeviceVendor
    IoTDeviceVendor

    The IoT device vendor

    IoTDeviceModel
    IoTDeviceModel

    The IoT device model

    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystem

    The IoT device operating system

    IPAddress
    IPAddress

    The IP address

    MailboxDisplayName
    MailboxDisplayName

    The mailbox display name

    MailboxPrimaryAddress
    MailboxPrimaryAddress

    The mailbox primary address

    MailboxUPN
    MailboxUPN

    The mailbox user principal name

    MailMessageDeliveryAction
    MailMessageDeliveryAction

    The mail message delivery action

    MailMessageDeliveryLocation
    MailMessageDeliveryLocation

    The mail message delivery location

    MailMessageRecipient
    MailMessageRecipient

    The mail message recipient

    MailMessageSenderIP
    MailMessageSenderIP

    The mail message sender IP address

    MailMessageSubject
    MailMessageSubject

    The mail message subject

    MailMessageP1Sender
    MailMessageP1Sender

    The mail message P1 sender

    MailMessageP2Sender
    MailMessageP2Sender

    The mail message P2 sender

    MalwareCategory
    MalwareCategory

    The malware category

    MalwareName
    MalwareName

    The malware name

    ProcessCommandLine
    ProcessCommandLine

    The process execution command line

    ProcessId
    ProcessId

    The process id

    RegistryKey
    RegistryKey

    The registry key path

    RegistryValueData
    RegistryValueData

    The registry key value in string formatted representation

    Url
    Url

    The url

    AutomationRulePropertyConditionSupportedPropertyIncidentTitle
    IncidentTitle

    The title of the incident

    AutomationRulePropertyConditionSupportedPropertyIncidentDescription
    IncidentDescription

    The description of the incident

    AutomationRulePropertyConditionSupportedPropertyIncidentSeverity
    IncidentSeverity

    The severity of the incident

    AutomationRulePropertyConditionSupportedPropertyIncidentStatus
    IncidentStatus

    The status of the incident

    AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIds

    The related Analytic rule ids of the incident

    AutomationRulePropertyConditionSupportedPropertyIncidentTactics
    IncidentTactics

    The tactics of the incident

    AutomationRulePropertyConditionSupportedPropertyIncidentLabel
    IncidentLabel

    The labels of the incident

    AutomationRulePropertyConditionSupportedPropertyIncidentProviderName
    IncidentProviderName

    The provider name of the incident

    AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource
    IncidentUpdatedBySource

    The update source of the incident

    AutomationRulePropertyConditionSupportedPropertyAccountAadTenantId
    AccountAadTenantId

    The account Azure Active Directory tenant id

    AutomationRulePropertyConditionSupportedPropertyAccountAadUserId
    AccountAadUserId

    The account Azure Active Directory user id

    AutomationRulePropertyConditionSupportedPropertyAccountName
    AccountName

    The account name

    AutomationRulePropertyConditionSupportedPropertyAccountNTDomain
    AccountNTDomain

    The account NetBIOS domain name

    AutomationRulePropertyConditionSupportedPropertyAccountPUID
    AccountPUID

    The account Azure Active Directory Passport User ID

    AutomationRulePropertyConditionSupportedPropertyAccountSid
    AccountSid

    The account security identifier

    AutomationRulePropertyConditionSupportedPropertyAccountObjectGuid
    AccountObjectGuid

    The account unique identifier

    AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix
    AccountUPNSuffix

    The account user principal name suffix

    AutomationRulePropertyConditionSupportedPropertyAlertProductNames
    AlertProductNames

    The name of the product of the alert

    AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIds
    AlertAnalyticRuleIds

    The analytic rule ids of the alert

    AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceId
    AzureResourceResourceId

    The Azure resource id

    AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionId
    AzureResourceSubscriptionId

    The Azure resource subscription id

    AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppId
    CloudApplicationAppId

    The cloud application identifier

    AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName
    CloudApplicationAppName

    The cloud application name

    AutomationRulePropertyConditionSupportedPropertyDNSDomainName
    DNSDomainName

    The dns record domain name

    AutomationRulePropertyConditionSupportedPropertyFileDirectory
    FileDirectory

    The file directory full path

    AutomationRulePropertyConditionSupportedPropertyFileName
    FileName

    The file name without path

    AutomationRulePropertyConditionSupportedPropertyFileHashValue
    FileHashValue

    The file hash value

    AutomationRulePropertyConditionSupportedPropertyHostAzureID
    HostAzureID

    The host Azure resource id

    AutomationRulePropertyConditionSupportedPropertyHostName
    HostName

    The host name without domain

    AutomationRulePropertyConditionSupportedPropertyHostNetBiosName
    HostNetBiosName

    The host NetBIOS name

    AutomationRulePropertyConditionSupportedPropertyHostNTDomain
    HostNTDomain

    The host NT domain

    AutomationRulePropertyConditionSupportedPropertyHostOSVersion
    HostOSVersion

    The host operating system

    AutomationRulePropertyConditionSupportedPropertyIoTDeviceId
    IoTDeviceId

    "The IoT device id

    AutomationRulePropertyConditionSupportedPropertyIoTDeviceName
    IoTDeviceName

    The IoT device name

    AutomationRulePropertyConditionSupportedPropertyIoTDeviceType
    IoTDeviceType

    The IoT device type

    AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor
    IoTDeviceVendor

    The IoT device vendor

    AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel
    IoTDeviceModel

    The IoT device model

    AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem
    IoTDeviceOperatingSystem

    The IoT device operating system

    AutomationRulePropertyConditionSupportedPropertyIPAddress
    IPAddress

    The IP address

    AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName
    MailboxDisplayName

    The mailbox display name

    AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress
    MailboxPrimaryAddress

    The mailbox primary address

    AutomationRulePropertyConditionSupportedPropertyMailboxUPN
    MailboxUPN

    The mailbox user principal name

    AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction
    MailMessageDeliveryAction

    The mail message delivery action

    AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation
    MailMessageDeliveryLocation

    The mail message delivery location

    AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient
    MailMessageRecipient

    The mail message recipient

    AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP
    MailMessageSenderIP

    The mail message sender IP address

    AutomationRulePropertyConditionSupportedPropertyMailMessageSubject
    MailMessageSubject

    The mail message subject

    AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender
    MailMessageP1Sender

    The mail message P1 sender

    AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender
    MailMessageP2Sender

    The mail message P2 sender

    AutomationRulePropertyConditionSupportedPropertyMalwareCategory
    MalwareCategory

    The malware category

    AutomationRulePropertyConditionSupportedPropertyMalwareName
    MalwareName

    The malware name

    AutomationRulePropertyConditionSupportedPropertyProcessCommandLine
    ProcessCommandLine

    The process execution command line

    AutomationRulePropertyConditionSupportedPropertyProcessId
    ProcessId

    The process id

    AutomationRulePropertyConditionSupportedPropertyRegistryKey
    RegistryKey

    The registry key path

    AutomationRulePropertyConditionSupportedPropertyRegistryValueData
    RegistryValueData

    The registry key value in string formatted representation

    AutomationRulePropertyConditionSupportedPropertyUrl
    Url

    The url

    IncidentTitle
    IncidentTitle

    The title of the incident

    IncidentDescription
    IncidentDescription

    The description of the incident

    IncidentSeverity
    IncidentSeverity

    The severity of the incident

    IncidentStatus
    IncidentStatus

    The status of the incident

    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIds

    The related Analytic rule ids of the incident

    IncidentTactics
    IncidentTactics

    The tactics of the incident

    IncidentLabel
    IncidentLabel

    The labels of the incident

    IncidentProviderName
    IncidentProviderName

    The provider name of the incident

    IncidentUpdatedBySource
    IncidentUpdatedBySource

    The update source of the incident

    AccountAadTenantId
    AccountAadTenantId

    The account Azure Active Directory tenant id

    AccountAadUserId
    AccountAadUserId

    The account Azure Active Directory user id

    AccountName
    AccountName

    The account name

    AccountNTDomain
    AccountNTDomain

    The account NetBIOS domain name

    AccountPUID
    AccountPUID

    The account Azure Active Directory Passport User ID

    AccountSid
    AccountSid

    The account security identifier

    AccountObjectGuid
    AccountObjectGuid

    The account unique identifier

    AccountUPNSuffix
    AccountUPNSuffix

    The account user principal name suffix

    AlertProductNames
    AlertProductNames

    The name of the product of the alert

    AlertAnalyticRuleIds
    AlertAnalyticRuleIds

    The analytic rule ids of the alert

    AzureResourceResourceId
    AzureResourceResourceId

    The Azure resource id

    AzureResourceSubscriptionId
    AzureResourceSubscriptionId

    The Azure resource subscription id

    CloudApplicationAppId
    CloudApplicationAppId

    The cloud application identifier

    CloudApplicationAppName
    CloudApplicationAppName

    The cloud application name

    DNSDomainName
    DNSDomainName

    The dns record domain name

    FileDirectory
    FileDirectory

    The file directory full path

    FileName
    FileName

    The file name without path

    FileHashValue
    FileHashValue

    The file hash value

    HostAzureID
    HostAzureID

    The host Azure resource id

    HostName
    HostName

    The host name without domain

    HostNetBiosName
    HostNetBiosName

    The host NetBIOS name

    HostNTDomain
    HostNTDomain

    The host NT domain

    HostOSVersion
    HostOSVersion

    The host operating system

    IoTDeviceId
    IoTDeviceId

    "The IoT device id

    IoTDeviceName
    IoTDeviceName

    The IoT device name

    IoTDeviceType
    IoTDeviceType

    The IoT device type

    IoTDeviceVendor
    IoTDeviceVendor

    The IoT device vendor

    IoTDeviceModel
    IoTDeviceModel

    The IoT device model

    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystem

    The IoT device operating system

    IPAddress
    IPAddress

    The IP address

    MailboxDisplayName
    MailboxDisplayName

    The mailbox display name

    MailboxPrimaryAddress
    MailboxPrimaryAddress

    The mailbox primary address

    MailboxUPN
    MailboxUPN

    The mailbox user principal name

    MailMessageDeliveryAction
    MailMessageDeliveryAction

    The mail message delivery action

    MailMessageDeliveryLocation
    MailMessageDeliveryLocation

    The mail message delivery location

    MailMessageRecipient
    MailMessageRecipient

    The mail message recipient

    MailMessageSenderIP
    MailMessageSenderIP

    The mail message sender IP address

    MailMessageSubject
    MailMessageSubject

    The mail message subject

    MailMessageP1Sender
    MailMessageP1Sender

    The mail message P1 sender

    MailMessageP2Sender
    MailMessageP2Sender

    The mail message P2 sender

    MalwareCategory
    MalwareCategory

    The malware category

    MalwareName
    MalwareName

    The malware name

    ProcessCommandLine
    ProcessCommandLine

    The process execution command line

    ProcessId
    ProcessId

    The process id

    RegistryKey
    RegistryKey

    The registry key path

    RegistryValueData
    RegistryValueData

    The registry key value in string formatted representation

    Url
    Url

    The url

    IncidentTitle
    IncidentTitle

    The title of the incident

    IncidentDescription
    IncidentDescription

    The description of the incident

    IncidentSeverity
    IncidentSeverity

    The severity of the incident

    IncidentStatus
    IncidentStatus

    The status of the incident

    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIds

    The related Analytic rule ids of the incident

    IncidentTactics
    IncidentTactics

    The tactics of the incident

    IncidentLabel
    IncidentLabel

    The labels of the incident

    IncidentProviderName
    IncidentProviderName

    The provider name of the incident

    IncidentUpdatedBySource
    IncidentUpdatedBySource

    The update source of the incident

    AccountAadTenantId
    AccountAadTenantId

    The account Azure Active Directory tenant id

    AccountAadUserId
    AccountAadUserId

    The account Azure Active Directory user id

    AccountName
    AccountName

    The account name

    AccountNTDomain
    AccountNTDomain

    The account NetBIOS domain name

    AccountPUID
    AccountPUID

    The account Azure Active Directory Passport User ID

    AccountSid
    AccountSid

    The account security identifier

    AccountObjectGuid
    AccountObjectGuid

    The account unique identifier

    AccountUPNSuffix
    AccountUPNSuffix

    The account user principal name suffix

    AlertProductNames
    AlertProductNames

    The name of the product of the alert

    AlertAnalyticRuleIds
    AlertAnalyticRuleIds

    The analytic rule ids of the alert

    AzureResourceResourceId
    AzureResourceResourceId

    The Azure resource id

    AzureResourceSubscriptionId
    AzureResourceSubscriptionId

    The Azure resource subscription id

    CloudApplicationAppId
    CloudApplicationAppId

    The cloud application identifier

    CloudApplicationAppName
    CloudApplicationAppName

    The cloud application name

    DNSDomainName
    DNSDomainName

    The dns record domain name

    FileDirectory
    FileDirectory

    The file directory full path

    FileName
    FileName

    The file name without path

    FileHashValue
    FileHashValue

    The file hash value

    HostAzureID
    HostAzureID

    The host Azure resource id

    HostName
    HostName

    The host name without domain

    HostNetBiosName
    HostNetBiosName

    The host NetBIOS name

    HostNTDomain
    HostNTDomain

    The host NT domain

    HostOSVersion
    HostOSVersion

    The host operating system

    IoTDeviceId
    IoTDeviceId

    "The IoT device id

    IoTDeviceName
    IoTDeviceName

    The IoT device name

    IoTDeviceType
    IoTDeviceType

    The IoT device type

    IoTDeviceVendor
    IoTDeviceVendor

    The IoT device vendor

    IoTDeviceModel
    IoTDeviceModel

    The IoT device model

    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystem

    The IoT device operating system

    IPAddress
    IPAddress

    The IP address

    MailboxDisplayName
    MailboxDisplayName

    The mailbox display name

    MailboxPrimaryAddress
    MailboxPrimaryAddress

    The mailbox primary address

    MailboxUPN
    MailboxUPN

    The mailbox user principal name

    MailMessageDeliveryAction
    MailMessageDeliveryAction

    The mail message delivery action

    MailMessageDeliveryLocation
    MailMessageDeliveryLocation

    The mail message delivery location

    MailMessageRecipient
    MailMessageRecipient

    The mail message recipient

    MailMessageSenderIP
    MailMessageSenderIP

    The mail message sender IP address

    MailMessageSubject
    MailMessageSubject

    The mail message subject

    MailMessageP1Sender
    MailMessageP1Sender

    The mail message P1 sender

    MailMessageP2Sender
    MailMessageP2Sender

    The mail message P2 sender

    MalwareCategory
    MalwareCategory

    The malware category

    MalwareName
    MalwareName

    The malware name

    ProcessCommandLine
    ProcessCommandLine

    The process execution command line

    ProcessId
    ProcessId

    The process id

    RegistryKey
    RegistryKey

    The registry key path

    RegistryValueData
    RegistryValueData

    The registry key value in string formatted representation

    Url
    Url

    The url

    INCIDENT_TITLE
    IncidentTitle

    The title of the incident

    INCIDENT_DESCRIPTION
    IncidentDescription

    The description of the incident

    INCIDENT_SEVERITY
    IncidentSeverity

    The severity of the incident

    INCIDENT_STATUS
    IncidentStatus

    The status of the incident

    INCIDENT_RELATED_ANALYTIC_RULE_IDS
    IncidentRelatedAnalyticRuleIds

    The related Analytic rule ids of the incident

    INCIDENT_TACTICS
    IncidentTactics

    The tactics of the incident

    INCIDENT_LABEL
    IncidentLabel

    The labels of the incident

    INCIDENT_PROVIDER_NAME
    IncidentProviderName

    The provider name of the incident

    INCIDENT_UPDATED_BY_SOURCE
    IncidentUpdatedBySource

    The update source of the incident

    ACCOUNT_AAD_TENANT_ID
    AccountAadTenantId

    The account Azure Active Directory tenant id

    ACCOUNT_AAD_USER_ID
    AccountAadUserId

    The account Azure Active Directory user id

    ACCOUNT_NAME
    AccountName

    The account name

    ACCOUNT_NT_DOMAIN
    AccountNTDomain

    The account NetBIOS domain name

    ACCOUNT_PUID
    AccountPUID

    The account Azure Active Directory Passport User ID

    ACCOUNT_SID
    AccountSid

    The account security identifier

    ACCOUNT_OBJECT_GUID
    AccountObjectGuid

    The account unique identifier

    ACCOUNT_UPN_SUFFIX
    AccountUPNSuffix

    The account user principal name suffix

    ALERT_PRODUCT_NAMES
    AlertProductNames

    The name of the product of the alert

    ALERT_ANALYTIC_RULE_IDS
    AlertAnalyticRuleIds

    The analytic rule ids of the alert

    AZURE_RESOURCE_RESOURCE_ID
    AzureResourceResourceId

    The Azure resource id

    AZURE_RESOURCE_SUBSCRIPTION_ID
    AzureResourceSubscriptionId

    The Azure resource subscription id

    CLOUD_APPLICATION_APP_ID
    CloudApplicationAppId

    The cloud application identifier

    CLOUD_APPLICATION_APP_NAME
    CloudApplicationAppName

    The cloud application name

    DNS_DOMAIN_NAME
    DNSDomainName

    The dns record domain name

    FILE_DIRECTORY
    FileDirectory

    The file directory full path

    FILE_NAME
    FileName

    The file name without path

    FILE_HASH_VALUE
    FileHashValue

    The file hash value

    HOST_AZURE_ID
    HostAzureID

    The host Azure resource id

    HOST_NAME
    HostName

    The host name without domain

    HOST_NET_BIOS_NAME
    HostNetBiosName

    The host NetBIOS name

    HOST_NT_DOMAIN
    HostNTDomain

    The host NT domain

    HOST_OS_VERSION
    HostOSVersion

    The host operating system

    IO_T_DEVICE_ID
    IoTDeviceId

    "The IoT device id

    IO_T_DEVICE_NAME
    IoTDeviceName

    The IoT device name

    IO_T_DEVICE_TYPE
    IoTDeviceType

    The IoT device type

    IO_T_DEVICE_VENDOR
    IoTDeviceVendor

    The IoT device vendor

    IO_T_DEVICE_MODEL
    IoTDeviceModel

    The IoT device model

    IO_T_DEVICE_OPERATING_SYSTEM
    IoTDeviceOperatingSystem

    The IoT device operating system

    IP_ADDRESS
    IPAddress

    The IP address

    MAILBOX_DISPLAY_NAME
    MailboxDisplayName

    The mailbox display name

    MAILBOX_PRIMARY_ADDRESS
    MailboxPrimaryAddress

    The mailbox primary address

    MAILBOX_UPN
    MailboxUPN

    The mailbox user principal name

    MAIL_MESSAGE_DELIVERY_ACTION
    MailMessageDeliveryAction

    The mail message delivery action

    MAIL_MESSAGE_DELIVERY_LOCATION
    MailMessageDeliveryLocation

    The mail message delivery location

    MAIL_MESSAGE_RECIPIENT
    MailMessageRecipient

    The mail message recipient

    MAIL_MESSAGE_SENDER_IP
    MailMessageSenderIP

    The mail message sender IP address

    MAIL_MESSAGE_SUBJECT
    MailMessageSubject

    The mail message subject

    MAIL_MESSAGE_P1_SENDER
    MailMessageP1Sender

    The mail message P1 sender

    MAIL_MESSAGE_P2_SENDER
    MailMessageP2Sender

    The mail message P2 sender

    MALWARE_CATEGORY
    MalwareCategory

    The malware category

    MALWARE_NAME
    MalwareName

    The malware name

    PROCESS_COMMAND_LINE
    ProcessCommandLine

    The process execution command line

    PROCESS_ID
    ProcessId

    The process id

    REGISTRY_KEY
    RegistryKey

    The registry key path

    REGISTRY_VALUE_DATA
    RegistryValueData

    The registry key value in string formatted representation

    URL
    Url

    The url

    "IncidentTitle"
    IncidentTitle

    The title of the incident

    "IncidentDescription"
    IncidentDescription

    The description of the incident

    "IncidentSeverity"
    IncidentSeverity

    The severity of the incident

    "IncidentStatus"
    IncidentStatus

    The status of the incident

    "IncidentRelatedAnalyticRuleIds"
    IncidentRelatedAnalyticRuleIds

    The related Analytic rule ids of the incident

    "IncidentTactics"
    IncidentTactics

    The tactics of the incident

    "IncidentLabel"
    IncidentLabel

    The labels of the incident

    "IncidentProviderName"
    IncidentProviderName

    The provider name of the incident

    "IncidentUpdatedBySource"
    IncidentUpdatedBySource

    The update source of the incident

    "AccountAadTenantId"
    AccountAadTenantId

    The account Azure Active Directory tenant id

    "AccountAadUserId"
    AccountAadUserId

    The account Azure Active Directory user id

    "AccountName"
    AccountName

    The account name

    "AccountNTDomain"
    AccountNTDomain

    The account NetBIOS domain name

    "AccountPUID"
    AccountPUID

    The account Azure Active Directory Passport User ID

    "AccountSid"
    AccountSid

    The account security identifier

    "AccountObjectGuid"
    AccountObjectGuid

    The account unique identifier

    "AccountUPNSuffix"
    AccountUPNSuffix

    The account user principal name suffix

    "AlertProductNames"
    AlertProductNames

    The name of the product of the alert

    "AlertAnalyticRuleIds"
    AlertAnalyticRuleIds

    The analytic rule ids of the alert

    "AzureResourceResourceId"
    AzureResourceResourceId

    The Azure resource id

    "AzureResourceSubscriptionId"
    AzureResourceSubscriptionId

    The Azure resource subscription id

    "CloudApplicationAppId"
    CloudApplicationAppId

    The cloud application identifier

    "CloudApplicationAppName"
    CloudApplicationAppName

    The cloud application name

    "DNSDomainName"
    DNSDomainName

    The dns record domain name

    "FileDirectory"
    FileDirectory

    The file directory full path

    "FileName"
    FileName

    The file name without path

    "FileHashValue"
    FileHashValue

    The file hash value

    "HostAzureID"
    HostAzureID

    The host Azure resource id

    "HostName"
    HostName

    The host name without domain

    "HostNetBiosName"
    HostNetBiosName

    The host NetBIOS name

    "HostNTDomain"
    HostNTDomain

    The host NT domain

    "HostOSVersion"
    HostOSVersion

    The host operating system

    "IoTDeviceId"
    IoTDeviceId

    "The IoT device id

    "IoTDeviceName"
    IoTDeviceName

    The IoT device name

    "IoTDeviceType"
    IoTDeviceType

    The IoT device type

    "IoTDeviceVendor"
    IoTDeviceVendor

    The IoT device vendor

    "IoTDeviceModel"
    IoTDeviceModel

    The IoT device model

    "IoTDeviceOperatingSystem"
    IoTDeviceOperatingSystem

    The IoT device operating system

    "IPAddress"
    IPAddress

    The IP address

    "MailboxDisplayName"
    MailboxDisplayName

    The mailbox display name

    "MailboxPrimaryAddress"
    MailboxPrimaryAddress

    The mailbox primary address

    "MailboxUPN"
    MailboxUPN

    The mailbox user principal name

    "MailMessageDeliveryAction"
    MailMessageDeliveryAction

    The mail message delivery action

    "MailMessageDeliveryLocation"
    MailMessageDeliveryLocation

    The mail message delivery location

    "MailMessageRecipient"
    MailMessageRecipient

    The mail message recipient

    "MailMessageSenderIP"
    MailMessageSenderIP

    The mail message sender IP address

    "MailMessageSubject"
    MailMessageSubject

    The mail message subject

    "MailMessageP1Sender"
    MailMessageP1Sender

    The mail message P1 sender

    "MailMessageP2Sender"
    MailMessageP2Sender

    The mail message P2 sender

    "MalwareCategory"
    MalwareCategory

    The malware category

    "MalwareName"
    MalwareName

    The malware name

    "ProcessCommandLine"
    ProcessCommandLine

    The process execution command line

    "ProcessId"
    ProcessId

    The process id

    "RegistryKey"
    RegistryKey

    The registry key path

    "RegistryValueData"
    RegistryValueData

    The registry key value in string formatted representation

    "Url"
    Url

    The url

    AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs

    AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs

    ChangeType string
    Operator string
    PropertyName string
    PropertyValues List<string>
    ChangeType string
    Operator string
    PropertyName string
    PropertyValues []string
    changeType String
    operator String
    propertyName String
    propertyValues List<String>
    changeType string
    operator string
    propertyName string
    propertyValues string[]
    changeType String
    operator String
    propertyName String
    propertyValues List<String>

    AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

    Operator string | AutomationRulePropertyConditionSupportedOperator
    PropertyName string | AutomationRulePropertyConditionSupportedProperty

    The property to evaluate in an automation rule property condition.

    PropertyValues []string
    operator String | AutomationRulePropertyConditionSupportedOperator
    propertyName String | AutomationRulePropertyConditionSupportedProperty

    The property to evaluate in an automation rule property condition.

    propertyValues List<String>
    operator string | AutomationRulePropertyConditionSupportedOperator
    propertyName string | AutomationRulePropertyConditionSupportedProperty

    The property to evaluate in an automation rule property condition.

    propertyValues string[]
    operator str | AutomationRulePropertyConditionSupportedOperator
    property_name str | AutomationRulePropertyConditionSupportedProperty

    The property to evaluate in an automation rule property condition.

    property_values Sequence[str]
    operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
    propertyName String | "IncidentTitle" | "IncidentDescription" | "IncidentSeverity" | "IncidentStatus" | "IncidentRelatedAnalyticRuleIds" | "IncidentTactics" | "IncidentLabel" | "IncidentProviderName" | "IncidentUpdatedBySource" | "AccountAadTenantId" | "AccountAadUserId" | "AccountName" | "AccountNTDomain" | "AccountPUID" | "AccountSid" | "AccountObjectGuid" | "AccountUPNSuffix" | "AlertProductNames" | "AlertAnalyticRuleIds" | "AzureResourceResourceId" | "AzureResourceSubscriptionId" | "CloudApplicationAppId" | "CloudApplicationAppName" | "DNSDomainName" | "FileDirectory" | "FileName" | "FileHashValue" | "HostAzureID" | "HostName" | "HostNetBiosName" | "HostNTDomain" | "HostOSVersion" | "IoTDeviceId" | "IoTDeviceName" | "IoTDeviceType" | "IoTDeviceVendor" | "IoTDeviceModel" | "IoTDeviceOperatingSystem" | "IPAddress" | "MailboxDisplayName" | "MailboxPrimaryAddress" | "MailboxUPN" | "MailMessageDeliveryAction" | "MailMessageDeliveryLocation" | "MailMessageRecipient" | "MailMessageSenderIP" | "MailMessageSubject" | "MailMessageP1Sender" | "MailMessageP2Sender" | "MalwareCategory" | "MalwareName" | "ProcessCommandLine" | "ProcessId" | "RegistryKey" | "RegistryValueData" | "Url"

    The property to evaluate in an automation rule property condition.

    propertyValues List<String>

    AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

    Operator string
    PropertyName string

    The property to evaluate in an automation rule property condition.

    PropertyValues List<string>
    Operator string
    PropertyName string

    The property to evaluate in an automation rule property condition.

    PropertyValues []string
    operator String
    propertyName String

    The property to evaluate in an automation rule property condition.

    propertyValues List<String>
    operator string
    propertyName string

    The property to evaluate in an automation rule property condition.

    propertyValues string[]
    operator str
    property_name str

    The property to evaluate in an automation rule property condition.

    property_values Sequence[str]
    operator String
    propertyName String

    The property to evaluate in an automation rule property condition.

    propertyValues List<String>

    AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

    AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

    AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

    IsEnabled bool

    Determines whether the automation rule is enabled or disabled.

    TriggersOn string | Pulumi.AzureNative.SecurityInsights.TriggersOn
    TriggersWhen string | Pulumi.AzureNative.SecurityInsights.TriggersWhen
    Conditions List<object>

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    ExpirationTimeUtc string

    Determines when the automation rule should automatically expire and be disabled.

    IsEnabled bool

    Determines whether the automation rule is enabled or disabled.

    TriggersOn string | TriggersOn
    TriggersWhen string | TriggersWhen
    Conditions []interface{}

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    ExpirationTimeUtc string

    Determines when the automation rule should automatically expire and be disabled.

    isEnabled Boolean

    Determines whether the automation rule is enabled or disabled.

    triggersOn String | TriggersOn
    triggersWhen String | TriggersWhen
    conditions List<Object>

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    expirationTimeUtc String

    Determines when the automation rule should automatically expire and be disabled.

    isEnabled boolean

    Determines whether the automation rule is enabled or disabled.

    triggersOn string | TriggersOn
    triggersWhen string | TriggersWhen
    conditions (PropertyArrayChangedConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties)[]

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    expirationTimeUtc string

    Determines when the automation rule should automatically expire and be disabled.

    is_enabled bool

    Determines whether the automation rule is enabled or disabled.

    triggers_on str | TriggersOn
    triggers_when str | TriggersWhen
    conditions Sequence[Union[PropertyArrayChangedConditionProperties, PropertyChangedConditionProperties, PropertyConditionProperties]]

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    expiration_time_utc str

    Determines when the automation rule should automatically expire and be disabled.

    isEnabled Boolean

    Determines whether the automation rule is enabled or disabled.

    triggersOn String | "Incidents" | "Alerts"
    triggersWhen String | "Created" | "Updated"
    conditions List<Property Map | Property Map | Property Map>

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    expirationTimeUtc String

    Determines when the automation rule should automatically expire and be disabled.

    AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

    IsEnabled bool

    Determines whether the automation rule is enabled or disabled.

    TriggersOn string
    TriggersWhen string
    Conditions List<object>

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    ExpirationTimeUtc string

    Determines when the automation rule should automatically expire and be disabled.

    IsEnabled bool

    Determines whether the automation rule is enabled or disabled.

    TriggersOn string
    TriggersWhen string
    Conditions []interface{}

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    ExpirationTimeUtc string

    Determines when the automation rule should automatically expire and be disabled.

    isEnabled Boolean

    Determines whether the automation rule is enabled or disabled.

    triggersOn String
    triggersWhen String
    conditions List<Object>

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    expirationTimeUtc String

    Determines when the automation rule should automatically expire and be disabled.

    isEnabled boolean

    Determines whether the automation rule is enabled or disabled.

    triggersOn string
    triggersWhen string
    conditions (PropertyArrayChangedConditionPropertiesResponse | PropertyChangedConditionPropertiesResponse | PropertyConditionPropertiesResponse)[]

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    expirationTimeUtc string

    Determines when the automation rule should automatically expire and be disabled.

    is_enabled bool

    Determines whether the automation rule is enabled or disabled.

    triggers_on str
    triggers_when str
    conditions Sequence[Union[PropertyArrayChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponse, PropertyConditionPropertiesResponse]]

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    expiration_time_utc str

    Determines when the automation rule should automatically expire and be disabled.

    isEnabled Boolean

    Determines whether the automation rule is enabled or disabled.

    triggersOn String
    triggersWhen String
    conditions List<Property Map | Property Map | Property Map>

    The conditions to evaluate to determine if the automation rule should be triggered on a given object.

    expirationTimeUtc String

    Determines when the automation rule should automatically expire and be disabled.

    ClientInfoResponse, ClientInfoResponseArgs

    Email string

    The email of the client.

    Name string

    The name of the client.

    ObjectId string

    The object id of the client.

    UserPrincipalName string

    The user principal name of the client.

    Email string

    The email of the client.

    Name string

    The name of the client.

    ObjectId string

    The object id of the client.

    UserPrincipalName string

    The user principal name of the client.

    email String

    The email of the client.

    name String

    The name of the client.

    objectId String

    The object id of the client.

    userPrincipalName String

    The user principal name of the client.

    email string

    The email of the client.

    name string

    The name of the client.

    objectId string

    The object id of the client.

    userPrincipalName string

    The user principal name of the client.

    email str

    The email of the client.

    name str

    The name of the client.

    object_id str

    The object id of the client.

    user_principal_name str

    The user principal name of the client.

    email String

    The email of the client.

    name String

    The name of the client.

    objectId String

    The object id of the client.

    userPrincipalName String

    The user principal name of the client.

    IncidentClassification, IncidentClassificationArgs

    Undetermined
    Undetermined

    Incident classification was undetermined

    TruePositive
    TruePositive

    Incident was true positive

    BenignPositive
    BenignPositive

    Incident was benign positive

    FalsePositive
    FalsePositive

    Incident was false positive

    IncidentClassificationUndetermined
    Undetermined

    Incident classification was undetermined

    IncidentClassificationTruePositive
    TruePositive

    Incident was true positive

    IncidentClassificationBenignPositive
    BenignPositive

    Incident was benign positive

    IncidentClassificationFalsePositive
    FalsePositive

    Incident was false positive

    Undetermined
    Undetermined

    Incident classification was undetermined

    TruePositive
    TruePositive

    Incident was true positive

    BenignPositive
    BenignPositive

    Incident was benign positive

    FalsePositive
    FalsePositive

    Incident was false positive

    Undetermined
    Undetermined

    Incident classification was undetermined

    TruePositive
    TruePositive

    Incident was true positive

    BenignPositive
    BenignPositive

    Incident was benign positive

    FalsePositive
    FalsePositive

    Incident was false positive

    UNDETERMINED
    Undetermined

    Incident classification was undetermined

    TRUE_POSITIVE
    TruePositive

    Incident was true positive

    BENIGN_POSITIVE
    BenignPositive

    Incident was benign positive

    FALSE_POSITIVE
    FalsePositive

    Incident was false positive

    "Undetermined"
    Undetermined

    Incident classification was undetermined

    "TruePositive"
    TruePositive

    Incident was true positive

    "BenignPositive"
    BenignPositive

    Incident was benign positive

    "FalsePositive"
    FalsePositive

    Incident was false positive

    IncidentClassificationReason, IncidentClassificationReasonArgs

    SuspiciousActivity
    SuspiciousActivity

    Classification reason was suspicious activity

    SuspiciousButExpected
    SuspiciousButExpected

    Classification reason was suspicious but expected

    IncorrectAlertLogic
    IncorrectAlertLogic

    Classification reason was incorrect alert logic

    InaccurateData
    InaccurateData

    Classification reason was inaccurate data

    IncidentClassificationReasonSuspiciousActivity
    SuspiciousActivity

    Classification reason was suspicious activity

    IncidentClassificationReasonSuspiciousButExpected
    SuspiciousButExpected

    Classification reason was suspicious but expected

    IncidentClassificationReasonIncorrectAlertLogic
    IncorrectAlertLogic

    Classification reason was incorrect alert logic

    IncidentClassificationReasonInaccurateData
    InaccurateData

    Classification reason was inaccurate data

    SuspiciousActivity
    SuspiciousActivity

    Classification reason was suspicious activity

    SuspiciousButExpected
    SuspiciousButExpected

    Classification reason was suspicious but expected

    IncorrectAlertLogic
    IncorrectAlertLogic

    Classification reason was incorrect alert logic

    InaccurateData
    InaccurateData

    Classification reason was inaccurate data

    SuspiciousActivity
    SuspiciousActivity

    Classification reason was suspicious activity

    SuspiciousButExpected
    SuspiciousButExpected

    Classification reason was suspicious but expected

    IncorrectAlertLogic
    IncorrectAlertLogic

    Classification reason was incorrect alert logic

    InaccurateData
    InaccurateData

    Classification reason was inaccurate data

    SUSPICIOUS_ACTIVITY
    SuspiciousActivity

    Classification reason was suspicious activity

    SUSPICIOUS_BUT_EXPECTED
    SuspiciousButExpected

    Classification reason was suspicious but expected

    INCORRECT_ALERT_LOGIC
    IncorrectAlertLogic

    Classification reason was incorrect alert logic

    INACCURATE_DATA
    InaccurateData

    Classification reason was inaccurate data

    "SuspiciousActivity"
    SuspiciousActivity

    Classification reason was suspicious activity

    "SuspiciousButExpected"
    SuspiciousButExpected

    Classification reason was suspicious but expected

    "IncorrectAlertLogic"
    IncorrectAlertLogic

    Classification reason was incorrect alert logic

    "InaccurateData"
    InaccurateData

    Classification reason was inaccurate data

    IncidentLabel, IncidentLabelArgs

    LabelName string

    The name of the label

    LabelName string

    The name of the label

    labelName String

    The name of the label

    labelName string

    The name of the label

    label_name str

    The name of the label

    labelName String

    The name of the label

    IncidentLabelResponse, IncidentLabelResponseArgs

    LabelName string

    The name of the label

    LabelType string

    The type of the label

    LabelName string

    The name of the label

    LabelType string

    The type of the label

    labelName String

    The name of the label

    labelType String

    The type of the label

    labelName string

    The name of the label

    labelType string

    The type of the label

    label_name str

    The name of the label

    label_type str

    The type of the label

    labelName String

    The name of the label

    labelType String

    The type of the label

    IncidentOwnerInfo, IncidentOwnerInfoArgs

    AssignedTo string

    The name of the user the incident is assigned to.

    Email string

    The email of the user the incident is assigned to.

    ObjectId string

    The object id of the user the incident is assigned to.

    OwnerType string | Pulumi.AzureNative.SecurityInsights.OwnerType

    The type of the owner the incident is assigned to.

    UserPrincipalName string

    The user principal name of the user the incident is assigned to.

    AssignedTo string

    The name of the user the incident is assigned to.

    Email string

    The email of the user the incident is assigned to.

    ObjectId string

    The object id of the user the incident is assigned to.

    OwnerType string | OwnerType

    The type of the owner the incident is assigned to.

    UserPrincipalName string

    The user principal name of the user the incident is assigned to.

    assignedTo String

    The name of the user the incident is assigned to.

    email String

    The email of the user the incident is assigned to.

    objectId String

    The object id of the user the incident is assigned to.

    ownerType String | OwnerType

    The type of the owner the incident is assigned to.

    userPrincipalName String

    The user principal name of the user the incident is assigned to.

    assignedTo string

    The name of the user the incident is assigned to.

    email string

    The email of the user the incident is assigned to.

    objectId string

    The object id of the user the incident is assigned to.

    ownerType string | OwnerType

    The type of the owner the incident is assigned to.

    userPrincipalName string

    The user principal name of the user the incident is assigned to.

    assigned_to str

    The name of the user the incident is assigned to.

    email str

    The email of the user the incident is assigned to.

    object_id str

    The object id of the user the incident is assigned to.

    owner_type str | OwnerType

    The type of the owner the incident is assigned to.

    user_principal_name str

    The user principal name of the user the incident is assigned to.

    assignedTo String

    The name of the user the incident is assigned to.

    email String

    The email of the user the incident is assigned to.

    objectId String

    The object id of the user the incident is assigned to.

    ownerType String | "Unknown" | "User" | "Group"

    The type of the owner the incident is assigned to.

    userPrincipalName String

    The user principal name of the user the incident is assigned to.

    IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

    AssignedTo string

    The name of the user the incident is assigned to.

    Email string

    The email of the user the incident is assigned to.

    ObjectId string

    The object id of the user the incident is assigned to.

    OwnerType string

    The type of the owner the incident is assigned to.

    UserPrincipalName string

    The user principal name of the user the incident is assigned to.

    AssignedTo string

    The name of the user the incident is assigned to.

    Email string

    The email of the user the incident is assigned to.

    ObjectId string

    The object id of the user the incident is assigned to.

    OwnerType string

    The type of the owner the incident is assigned to.

    UserPrincipalName string

    The user principal name of the user the incident is assigned to.

    assignedTo String

    The name of the user the incident is assigned to.

    email String

    The email of the user the incident is assigned to.

    objectId String

    The object id of the user the incident is assigned to.

    ownerType String

    The type of the owner the incident is assigned to.

    userPrincipalName String

    The user principal name of the user the incident is assigned to.

    assignedTo string

    The name of the user the incident is assigned to.

    email string

    The email of the user the incident is assigned to.

    objectId string

    The object id of the user the incident is assigned to.

    ownerType string

    The type of the owner the incident is assigned to.

    userPrincipalName string

    The user principal name of the user the incident is assigned to.

    assigned_to str

    The name of the user the incident is assigned to.

    email str

    The email of the user the incident is assigned to.

    object_id str

    The object id of the user the incident is assigned to.

    owner_type str

    The type of the owner the incident is assigned to.

    user_principal_name str

    The user principal name of the user the incident is assigned to.

    assignedTo String

    The name of the user the incident is assigned to.

    email String

    The email of the user the incident is assigned to.

    objectId String

    The object id of the user the incident is assigned to.

    ownerType String

    The type of the owner the incident is assigned to.

    userPrincipalName String

    The user principal name of the user the incident is assigned to.

    IncidentPropertiesAction, IncidentPropertiesActionArgs

    Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification

    The reason the incident was closed

    ClassificationComment string

    Describes the reason the incident was closed.

    ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason

    The classification reason the incident was closed with

    Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>

    List of labels to add to the incident.

    Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo

    Information on the user an incident is assigned to

    Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity

    The severity of the incident

    Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus

    The status of the incident

    Classification string | IncidentClassification

    The reason the incident was closed

    ClassificationComment string

    Describes the reason the incident was closed.

    ClassificationReason string | IncidentClassificationReason

    The classification reason the incident was closed with

    Labels []IncidentLabel

    List of labels to add to the incident.

    Owner IncidentOwnerInfo

    Information on the user an incident is assigned to

    Severity string | IncidentSeverity

    The severity of the incident

    Status string | IncidentStatus

    The status of the incident

    classification String | IncidentClassification

    The reason the incident was closed

    classificationComment String

    Describes the reason the incident was closed.

    classificationReason String | IncidentClassificationReason

    The classification reason the incident was closed with

    labels List<IncidentLabel>

    List of labels to add to the incident.

    owner IncidentOwnerInfo

    Information on the user an incident is assigned to

    severity String | IncidentSeverity

    The severity of the incident

    status String | IncidentStatus

    The status of the incident

    classification string | IncidentClassification

    The reason the incident was closed

    classificationComment string

    Describes the reason the incident was closed.

    classificationReason string | IncidentClassificationReason

    The classification reason the incident was closed with

    labels IncidentLabel[]

    List of labels to add to the incident.

    owner IncidentOwnerInfo

    Information on the user an incident is assigned to

    severity string | IncidentSeverity

    The severity of the incident

    status string | IncidentStatus

    The status of the incident

    classification str | IncidentClassification

    The reason the incident was closed

    classification_comment str

    Describes the reason the incident was closed.

    classification_reason str | IncidentClassificationReason

    The classification reason the incident was closed with

    labels Sequence[IncidentLabel]

    List of labels to add to the incident.

    owner IncidentOwnerInfo

    Information on the user an incident is assigned to

    severity str | IncidentSeverity

    The severity of the incident

    status str | IncidentStatus

    The status of the incident

    classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive"

    The reason the incident was closed

    classificationComment String

    Describes the reason the incident was closed.

    classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData"

    The classification reason the incident was closed with

    labels List<Property Map>

    List of labels to add to the incident.

    owner Property Map

    Information on the user an incident is assigned to

    severity String | "High" | "Medium" | "Low" | "Informational"

    The severity of the incident

    status String | "New" | "Active" | "Closed"

    The status of the incident

    IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs

    Classification string

    The reason the incident was closed

    ClassificationComment string

    Describes the reason the incident was closed.

    ClassificationReason string

    The classification reason the incident was closed with

    Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabelResponse>

    List of labels to add to the incident.

    Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoResponse

    Information on the user an incident is assigned to

    Severity string

    The severity of the incident

    Status string

    The status of the incident

    Classification string

    The reason the incident was closed

    ClassificationComment string

    Describes the reason the incident was closed.

    ClassificationReason string

    The classification reason the incident was closed with

    Labels []IncidentLabelResponse

    List of labels to add to the incident.

    Owner IncidentOwnerInfoResponse

    Information on the user an incident is assigned to

    Severity string

    The severity of the incident

    Status string

    The status of the incident

    classification String

    The reason the incident was closed

    classificationComment String

    Describes the reason the incident was closed.

    classificationReason String

    The classification reason the incident was closed with

    labels List<IncidentLabelResponse>

    List of labels to add to the incident.

    owner IncidentOwnerInfoResponse

    Information on the user an incident is assigned to

    severity String

    The severity of the incident

    status String

    The status of the incident

    classification string

    The reason the incident was closed

    classificationComment string

    Describes the reason the incident was closed.

    classificationReason string

    The classification reason the incident was closed with

    labels IncidentLabelResponse[]

    List of labels to add to the incident.

    owner IncidentOwnerInfoResponse

    Information on the user an incident is assigned to

    severity string

    The severity of the incident

    status string

    The status of the incident

    classification str

    The reason the incident was closed

    classification_comment str

    Describes the reason the incident was closed.

    classification_reason str

    The classification reason the incident was closed with

    labels Sequence[IncidentLabelResponse]

    List of labels to add to the incident.

    owner IncidentOwnerInfoResponse

    Information on the user an incident is assigned to

    severity str

    The severity of the incident

    status str

    The status of the incident

    classification String

    The reason the incident was closed

    classificationComment String

    Describes the reason the incident was closed.

    classificationReason String

    The classification reason the incident was closed with

    labels List<Property Map>

    List of labels to add to the incident.

    owner Property Map

    Information on the user an incident is assigned to

    severity String

    The severity of the incident

    status String

    The status of the incident

    IncidentSeverity, IncidentSeverityArgs

    High
    High

    High severity

    Medium
    Medium

    Medium severity

    Low
    Low

    Low severity

    Informational
    Informational

    Informational severity

    IncidentSeverityHigh
    High

    High severity

    IncidentSeverityMedium
    Medium

    Medium severity

    IncidentSeverityLow
    Low

    Low severity

    IncidentSeverityInformational
    Informational

    Informational severity

    High
    High

    High severity

    Medium
    Medium

    Medium severity

    Low
    Low

    Low severity

    Informational
    Informational

    Informational severity

    High
    High

    High severity

    Medium
    Medium

    Medium severity

    Low
    Low

    Low severity

    Informational
    Informational

    Informational severity

    HIGH
    High

    High severity

    MEDIUM
    Medium

    Medium severity

    LOW
    Low

    Low severity

    INFORMATIONAL
    Informational

    Informational severity

    "High"
    High

    High severity

    "Medium"
    Medium

    Medium severity

    "Low"
    Low

    Low severity

    "Informational"
    Informational

    Informational severity

    IncidentStatus, IncidentStatusArgs

    New
    New

    An active incident which isn't being handled currently

    Active
    Active

    An active incident which is being handled

    Closed
    Closed

    A non-active incident

    IncidentStatusNew
    New

    An active incident which isn't being handled currently

    IncidentStatusActive
    Active

    An active incident which is being handled

    IncidentStatusClosed
    Closed

    A non-active incident

    New
    New

    An active incident which isn't being handled currently

    Active
    Active

    An active incident which is being handled

    Closed
    Closed

    A non-active incident

    New
    New

    An active incident which isn't being handled currently

    Active
    Active

    An active incident which is being handled

    Closed
    Closed

    A non-active incident

    NEW
    New

    An active incident which isn't being handled currently

    ACTIVE
    Active

    An active incident which is being handled

    CLOSED
    Closed

    A non-active incident

    "New"
    New

    An active incident which isn't being handled currently

    "Active"
    Active

    An active incident which is being handled

    "Closed"
    Closed

    A non-active incident

    OwnerType, OwnerTypeArgs

    Unknown
    Unknown

    The incident owner type is unknown

    User
    User

    The incident owner type is an AAD user

    Group
    Group

    The incident owner type is an AAD group

    OwnerTypeUnknown
    Unknown

    The incident owner type is unknown

    OwnerTypeUser
    User

    The incident owner type is an AAD user

    OwnerTypeGroup
    Group

    The incident owner type is an AAD group

    Unknown
    Unknown

    The incident owner type is unknown

    User
    User

    The incident owner type is an AAD user

    Group
    Group

    The incident owner type is an AAD group

    Unknown
    Unknown

    The incident owner type is unknown

    User
    User

    The incident owner type is an AAD user

    Group
    Group

    The incident owner type is an AAD group

    UNKNOWN
    Unknown

    The incident owner type is unknown

    USER
    User

    The incident owner type is an AAD user

    GROUP
    Group

    The incident owner type is an AAD group

    "Unknown"
    Unknown

    The incident owner type is unknown

    "User"
    User

    The incident owner type is an AAD user

    "Group"
    Group

    The incident owner type is an AAD group

    PlaybookActionProperties, PlaybookActionPropertiesArgs

    LogicAppResourceId string

    The resource id of the playbook resource.

    TenantId string

    The tenant id of the playbook resource.

    LogicAppResourceId string

    The resource id of the playbook resource.

    TenantId string

    The tenant id of the playbook resource.

    logicAppResourceId String

    The resource id of the playbook resource.

    tenantId String

    The tenant id of the playbook resource.

    logicAppResourceId string

    The resource id of the playbook resource.

    tenantId string

    The tenant id of the playbook resource.

    logic_app_resource_id str

    The resource id of the playbook resource.

    tenant_id str

    The tenant id of the playbook resource.

    logicAppResourceId String

    The resource id of the playbook resource.

    tenantId String

    The tenant id of the playbook resource.

    PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs

    LogicAppResourceId string

    The resource id of the playbook resource.

    TenantId string

    The tenant id of the playbook resource.

    LogicAppResourceId string

    The resource id of the playbook resource.

    TenantId string

    The tenant id of the playbook resource.

    logicAppResourceId String

    The resource id of the playbook resource.

    tenantId String

    The tenant id of the playbook resource.

    logicAppResourceId string

    The resource id of the playbook resource.

    tenantId string

    The tenant id of the playbook resource.

    logic_app_resource_id str

    The resource id of the playbook resource.

    tenant_id str

    The tenant id of the playbook resource.

    logicAppResourceId String

    The resource id of the playbook resource.

    tenantId String

    The tenant id of the playbook resource.

    PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs

    PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs

    PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs

    PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs

    PropertyConditionProperties, PropertyConditionPropertiesArgs

    PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string

    The timestamp of resource creation (UTC).

    CreatedBy string

    The identity that created the resource.

    CreatedByType string

    The type of identity that created the resource.

    LastModifiedAt string

    The timestamp of resource last modification (UTC)

    LastModifiedBy string

    The identity that last modified the resource.

    LastModifiedByType string

    The type of identity that last modified the resource.

    CreatedAt string

    The timestamp of resource creation (UTC).

    CreatedBy string

    The identity that created the resource.

    CreatedByType string

    The type of identity that created the resource.

    LastModifiedAt string

    The timestamp of resource last modification (UTC)

    LastModifiedBy string

    The identity that last modified the resource.

    LastModifiedByType string

    The type of identity that last modified the resource.

    createdAt String

    The timestamp of resource creation (UTC).

    createdBy String

    The identity that created the resource.

    createdByType String

    The type of identity that created the resource.

    lastModifiedAt String

    The timestamp of resource last modification (UTC)

    lastModifiedBy String

    The identity that last modified the resource.

    lastModifiedByType String

    The type of identity that last modified the resource.

    createdAt string

    The timestamp of resource creation (UTC).

    createdBy string

    The identity that created the resource.

    createdByType string

    The type of identity that created the resource.

    lastModifiedAt string

    The timestamp of resource last modification (UTC)

    lastModifiedBy string

    The identity that last modified the resource.

    lastModifiedByType string

    The type of identity that last modified the resource.

    created_at str

    The timestamp of resource creation (UTC).

    created_by str

    The identity that created the resource.

    created_by_type str

    The type of identity that created the resource.

    last_modified_at str

    The timestamp of resource last modification (UTC)

    last_modified_by str

    The identity that last modified the resource.

    last_modified_by_type str

    The type of identity that last modified the resource.

    createdAt String

    The timestamp of resource creation (UTC).

    createdBy String

    The identity that created the resource.

    createdByType String

    The type of identity that created the resource.

    lastModifiedAt String

    The timestamp of resource last modification (UTC)

    lastModifiedBy String

    The identity that last modified the resource.

    lastModifiedByType String

    The type of identity that last modified the resource.

    TriggersOn, TriggersOnArgs

    Incidents
    Incidents

    Trigger on Incidents

    Alerts
    Alerts

    Trigger on Alerts

    TriggersOnIncidents
    Incidents

    Trigger on Incidents

    TriggersOnAlerts
    Alerts

    Trigger on Alerts

    Incidents
    Incidents

    Trigger on Incidents

    Alerts
    Alerts

    Trigger on Alerts

    Incidents
    Incidents

    Trigger on Incidents

    Alerts
    Alerts

    Trigger on Alerts

    INCIDENTS
    Incidents

    Trigger on Incidents

    ALERTS
    Alerts

    Trigger on Alerts

    "Incidents"
    Incidents

    Trigger on Incidents

    "Alerts"
    Alerts

    Trigger on Alerts

    TriggersWhen, TriggersWhenArgs

    Created
    Created

    Trigger on created objects

    Updated
    Updated

    Trigger on updated objects

    TriggersWhenCreated
    Created

    Trigger on created objects

    TriggersWhenUpdated
    Updated

    Trigger on updated objects

    Created
    Created

    Trigger on created objects

    Updated
    Updated

    Trigger on updated objects

    Created
    Created

    Trigger on created objects

    Updated
    Updated

    Trigger on updated objects

    CREATED
    Created

    Trigger on created objects

    UPDATED
    Updated

    Trigger on updated objects

    "Created"
    Created

    Trigger on created objects

    "Updated"
    Updated

    Trigger on updated objects

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.9.0 published on Wednesday, Sep 27, 2023 by Pulumi