azure-native.securityinsights.AutomationRule
Explore with Pulumi AI
Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-01-01-preview
Example Usage
AutomationRules_CreateOrUpdate
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
{
AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
ResourceGroupName = "myRg",
WorkspaceName = "myWorkspace",
});
});
package main
import (
"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
AutomationRuleId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
ResourceGroupName: pulumi.String("myRg"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()
.automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.resourceGroupName("myRg")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
resource_group_name="myRg",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
resourceGroupName: "myRg",
workspaceName: "myWorkspace",
});
resources:
automationRule:
type: azure-native:securityinsights:AutomationRule
properties:
automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
resourceGroupName: myRg
workspaceName: myWorkspace
Create AutomationRule Resource
new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
@overload
def AutomationRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
automation_rule_id: Optional[str] = None,
display_name: Optional[str] = None,
order: Optional[int] = None,
resource_group_name: Optional[str] = None,
triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
workspace_name: Optional[str] = None)
@overload
def AutomationRule(resource_name: str,
args: AutomationRuleArgs,
opts: Optional[ResourceOptions] = None)
func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AutomationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AutomationRule resource accepts the following input properties:
- Actions
List<Union<Pulumi.
Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action, Pulumi. Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Args>> The actions to execute when the automation rule is triggered.
- Display
Name string The display name of the automation rule.
- Order int
The order of execution of the automation rule.
- Resource
Group stringName The name of the resource group. The name is case insensitive.
- Triggering
Logic Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Triggering Logic Describes automation rule triggering logic.
- Workspace
Name string The name of the workspace.
- Automation
Rule stringId Automation rule ID
- Actions []interface{}
The actions to execute when the automation rule is triggered.
- Display
Name string The display name of the automation rule.
- Order int
The order of execution of the automation rule.
- Resource
Group stringName The name of the resource group. The name is case insensitive.
- Triggering
Logic AutomationRule Triggering Logic Args Describes automation rule triggering logic.
- Workspace
Name string The name of the workspace.
- Automation
Rule stringId Automation rule ID
- actions
List<Either<Automation
Rule Modify Properties Action,Automation Rule Run Playbook Action Args>> The actions to execute when the automation rule is triggered.
- display
Name String The display name of the automation rule.
- order Integer
The order of execution of the automation rule.
- resource
Group StringName The name of the resource group. The name is case insensitive.
- triggering
Logic AutomationRule Triggering Logic Describes automation rule triggering logic.
- workspace
Name String The name of the workspace.
- automation
Rule StringId Automation rule ID
- actions
(Automation
Rule Modify Properties Action | Automation Rule Run Playbook Action Args)[] The actions to execute when the automation rule is triggered.
- display
Name string The display name of the automation rule.
- order number
The order of execution of the automation rule.
- resource
Group stringName The name of the resource group. The name is case insensitive.
- triggering
Logic AutomationRule Triggering Logic Describes automation rule triggering logic.
- workspace
Name string The name of the workspace.
- automation
Rule stringId Automation rule ID
- actions
Sequence[Union[Automation
Rule Modify Properties Action Args, Automation Rule Run Playbook Action Args]] The actions to execute when the automation rule is triggered.
- display_
name str The display name of the automation rule.
- order int
The order of execution of the automation rule.
- resource_
group_ strname The name of the resource group. The name is case insensitive.
- triggering_
logic AutomationRule Triggering Logic Args Describes automation rule triggering logic.
- workspace_
name str The name of the workspace.
- automation_
rule_ strid Automation rule ID
- actions List<Property Map | Property Map>
The actions to execute when the automation rule is triggered.
- display
Name String The display name of the automation rule.
- order Number
The order of execution of the automation rule.
- resource
Group StringName The name of the resource group. The name is case insensitive.
- triggering
Logic Property Map Describes automation rule triggering logic.
- workspace
Name String The name of the workspace.
- automation
Rule StringId Automation rule ID
Outputs
All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:
- Created
By Pulumi.Azure Native. Security Insights. Outputs. Client Info Response Information on the client (user or application) that made some action
- Created
Time stringUtc The time the automation rule was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Modified Pulumi.By Azure Native. Security Insights. Outputs. Client Info Response Information on the client (user or application) that made some action
- Last
Modified stringTime Utc The last time the automation rule was updated.
- Name string
The name of the resource
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
Etag of the azure resource
- Created
By ClientInfo Response Information on the client (user or application) that made some action
- Created
Time stringUtc The time the automation rule was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Modified ClientBy Info Response Information on the client (user or application) that made some action
- Last
Modified stringTime Utc The last time the automation rule was updated.
- Name string
The name of the resource
- System
Data SystemData Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
Etag of the azure resource
- created
By ClientInfo Response Information on the client (user or application) that made some action
- created
Time StringUtc The time the automation rule was created.
- id String
The provider-assigned unique ID for this managed resource.
- last
Modified ClientBy Info Response Information on the client (user or application) that made some action
- last
Modified StringTime Utc The last time the automation rule was updated.
- name String
The name of the resource
- system
Data SystemData Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
Etag of the azure resource
- created
By ClientInfo Response Information on the client (user or application) that made some action
- created
Time stringUtc The time the automation rule was created.
- id string
The provider-assigned unique ID for this managed resource.
- last
Modified ClientBy Info Response Information on the client (user or application) that made some action
- last
Modified stringTime Utc The last time the automation rule was updated.
- name string
The name of the resource
- system
Data SystemData Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag string
Etag of the azure resource
- created_
by ClientInfo Response Information on the client (user or application) that made some action
- created_
time_ strutc The time the automation rule was created.
- id str
The provider-assigned unique ID for this managed resource.
- last_
modified_ Clientby Info Response Information on the client (user or application) that made some action
- last_
modified_ strtime_ utc The last time the automation rule was updated.
- name str
The name of the resource
- system_
data SystemData Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag str
Etag of the azure resource
- created
By Property Map Information on the client (user or application) that made some action
- created
Time StringUtc The time the automation rule was created.
- id String
The provider-assigned unique ID for this managed resource.
- last
Modified Property MapBy Information on the client (user or application) that made some action
- last
Modified StringTime Utc The last time the automation rule was updated.
- name String
The name of the resource
- system
Data Property Map Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
Etag of the azure resource
Supporting Types
AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs
AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs
AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs
- Alerts
- Alerts
Evaluate the condition on the alerts
- Labels
- Labels
Evaluate the condition on the labels
- Tactics
- Tactics
Evaluate the condition on the tactics
- Comments
- Comments
Evaluate the condition on the comments
- Automation
Rule Property Array Changed Condition Supported Array Type Alerts - Alerts
Evaluate the condition on the alerts
- Automation
Rule Property Array Changed Condition Supported Array Type Labels - Labels
Evaluate the condition on the labels
- Automation
Rule Property Array Changed Condition Supported Array Type Tactics - Tactics
Evaluate the condition on the tactics
- Automation
Rule Property Array Changed Condition Supported Array Type Comments - Comments
Evaluate the condition on the comments
- Alerts
- Alerts
Evaluate the condition on the alerts
- Labels
- Labels
Evaluate the condition on the labels
- Tactics
- Tactics
Evaluate the condition on the tactics
- Comments
- Comments
Evaluate the condition on the comments
- Alerts
- Alerts
Evaluate the condition on the alerts
- Labels
- Labels
Evaluate the condition on the labels
- Tactics
- Tactics
Evaluate the condition on the tactics
- Comments
- Comments
Evaluate the condition on the comments
- ALERTS
- Alerts
Evaluate the condition on the alerts
- LABELS
- Labels
Evaluate the condition on the labels
- TACTICS
- Tactics
Evaluate the condition on the tactics
- COMMENTS
- Comments
Evaluate the condition on the comments
- "Alerts"
- Alerts
Evaluate the condition on the alerts
- "Labels"
- Labels
Evaluate the condition on the labels
- "Tactics"
- Tactics
Evaluate the condition on the tactics
- "Comments"
- Comments
Evaluate the condition on the comments
AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs
- Added
- Added
Evaluate the condition on items added to the array
- Automation
Rule Property Array Changed Condition Supported Change Type Added - Added
Evaluate the condition on items added to the array
- Added
- Added
Evaluate the condition on items added to the array
- Added
- Added
Evaluate the condition on items added to the array
- ADDED
- Added
Evaluate the condition on items added to the array
- "Added"
- Added
Evaluate the condition on items added to the array
AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs
- array
Type String | "Alerts" | "Labels" | "Tactics" | "Comments" - change
Type String | "Added"
AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs
- Array
Type string - Change
Type string
- Array
Type string - Change
Type string
- array
Type String - change
Type String
- array
Type string - change
Type string
- array_
type str - change_
type str
- array
Type String - change
Type String
AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs
- Changed
From - ChangedFrom
Evaluate the condition on the previous value of the property
- Changed
To - ChangedTo
Evaluate the condition on the updated value of the property
- Automation
Rule Property Changed Condition Supported Changed Type Changed From - ChangedFrom
Evaluate the condition on the previous value of the property
- Automation
Rule Property Changed Condition Supported Changed Type Changed To - ChangedTo
Evaluate the condition on the updated value of the property
- Changed
From - ChangedFrom
Evaluate the condition on the previous value of the property
- Changed
To - ChangedTo
Evaluate the condition on the updated value of the property
- Changed
From - ChangedFrom
Evaluate the condition on the previous value of the property
- Changed
To - ChangedTo
Evaluate the condition on the updated value of the property
- CHANGED_FROM
- ChangedFrom
Evaluate the condition on the previous value of the property
- CHANGED_TO
- ChangedTo
Evaluate the condition on the updated value of the property
- "Changed
From" - ChangedFrom
Evaluate the condition on the previous value of the property
- "Changed
To" - ChangedTo
Evaluate the condition on the updated value of the property
AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs
- Incident
Severity - IncidentSeverity
Evaluate the condition on the incident severity
- Incident
Status - IncidentStatus
Evaluate the condition on the incident status
- Incident
Owner - IncidentOwner
Evaluate the condition on the incident owner
- Automation
Rule Property Changed Condition Supported Property Type Incident Severity - IncidentSeverity
Evaluate the condition on the incident severity
- Automation
Rule Property Changed Condition Supported Property Type Incident Status - IncidentStatus
Evaluate the condition on the incident status
- Automation
Rule Property Changed Condition Supported Property Type Incident Owner - IncidentOwner
Evaluate the condition on the incident owner
- Incident
Severity - IncidentSeverity
Evaluate the condition on the incident severity
- Incident
Status - IncidentStatus
Evaluate the condition on the incident status
- Incident
Owner - IncidentOwner
Evaluate the condition on the incident owner
- Incident
Severity - IncidentSeverity
Evaluate the condition on the incident severity
- Incident
Status - IncidentStatus
Evaluate the condition on the incident status
- Incident
Owner - IncidentOwner
Evaluate the condition on the incident owner
- INCIDENT_SEVERITY
- IncidentSeverity
Evaluate the condition on the incident severity
- INCIDENT_STATUS
- IncidentStatus
Evaluate the condition on the incident status
- INCIDENT_OWNER
- IncidentOwner
Evaluate the condition on the incident owner
- "Incident
Severity" - IncidentSeverity
Evaluate the condition on the incident severity
- "Incident
Status" - IncidentStatus
Evaluate the condition on the incident status
- "Incident
Owner" - IncidentOwner
Evaluate the condition on the incident owner
AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs
- Equals
Value - Equals
Evaluates if the property equals at least one of the condition values
- Not
Equals - NotEquals
Evaluates if the property does not equal any of the condition values
- Contains
- Contains
Evaluates if the property contains at least one of the condition values
- Not
Contains - NotContains
Evaluates if the property does not contain any of the condition values
- Starts
With - StartsWith
Evaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWith
Evaluates if the property does not start with any of the condition values
- Ends
With - EndsWith
Evaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWith
Evaluates if the property does not end with any of the condition values
- Automation
Rule Property Condition Supported Operator Equals - Equals
Evaluates if the property equals at least one of the condition values
- Automation
Rule Property Condition Supported Operator Not Equals - NotEquals
Evaluates if the property does not equal any of the condition values
- Automation
Rule Property Condition Supported Operator Contains - Contains
Evaluates if the property contains at least one of the condition values
- Automation
Rule Property Condition Supported Operator Not Contains - NotContains
Evaluates if the property does not contain any of the condition values
- Automation
Rule Property Condition Supported Operator Starts With - StartsWith
Evaluates if the property starts with any of the condition values
- Automation
Rule Property Condition Supported Operator Not Starts With - NotStartsWith
Evaluates if the property does not start with any of the condition values
- Automation
Rule Property Condition Supported Operator Ends With - EndsWith
Evaluates if the property ends with any of the condition values
- Automation
Rule Property Condition Supported Operator Not Ends With - NotEndsWith
Evaluates if the property does not end with any of the condition values
- Equals
- Equals
Evaluates if the property equals at least one of the condition values
- Not
Equals - NotEquals
Evaluates if the property does not equal any of the condition values
- Contains
- Contains
Evaluates if the property contains at least one of the condition values
- Not
Contains - NotContains
Evaluates if the property does not contain any of the condition values
- Starts
With - StartsWith
Evaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWith
Evaluates if the property does not start with any of the condition values
- Ends
With - EndsWith
Evaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWith
Evaluates if the property does not end with any of the condition values
- Equals
- Equals
Evaluates if the property equals at least one of the condition values
- Not
Equals - NotEquals
Evaluates if the property does not equal any of the condition values
- Contains
- Contains
Evaluates if the property contains at least one of the condition values
- Not
Contains - NotContains
Evaluates if the property does not contain any of the condition values
- Starts
With - StartsWith
Evaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWith
Evaluates if the property does not start with any of the condition values
- Ends
With - EndsWith
Evaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWith
Evaluates if the property does not end with any of the condition values
- EQUALS
- Equals
Evaluates if the property equals at least one of the condition values
- NOT_EQUALS
- NotEquals
Evaluates if the property does not equal any of the condition values
- CONTAINS
- Contains
Evaluates if the property contains at least one of the condition values
- NOT_CONTAINS
- NotContains
Evaluates if the property does not contain any of the condition values
- STARTS_WITH
- StartsWith
Evaluates if the property starts with any of the condition values
- NOT_STARTS_WITH
- NotStartsWith
Evaluates if the property does not start with any of the condition values
- ENDS_WITH
- EndsWith
Evaluates if the property ends with any of the condition values
- NOT_ENDS_WITH
- NotEndsWith
Evaluates if the property does not end with any of the condition values
- "Equals"
- Equals
Evaluates if the property equals at least one of the condition values
- "Not
Equals" - NotEquals
Evaluates if the property does not equal any of the condition values
- "Contains"
- Contains
Evaluates if the property contains at least one of the condition values
- "Not
Contains" - NotContains
Evaluates if the property does not contain any of the condition values
- "Starts
With" - StartsWith
Evaluates if the property starts with any of the condition values
- "Not
Starts With" - NotStartsWith
Evaluates if the property does not start with any of the condition values
- "Ends
With" - EndsWith
Evaluates if the property ends with any of the condition values
- "Not
Ends With" - NotEndsWith
Evaluates if the property does not end with any of the condition values
AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs
- Incident
Title - IncidentTitle
The title of the incident
- Incident
Description - IncidentDescription
The description of the incident
- Incident
Severity - IncidentSeverity
The severity of the incident
- Incident
Status - IncidentStatus
The status of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- Incident
Tactics - IncidentTactics
The tactics of the incident
- Incident
Label - IncidentLabel
The labels of the incident
- Incident
Provider Name - IncidentProviderName
The provider name of the incident
- Incident
Updated By Source - IncidentUpdatedBySource
The update source of the incident
- Account
Aad Tenant Id - AccountAadTenantId
The account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserId
The account Azure Active Directory user id
- Account
Name - AccountName
The account name
- Account
NTDomain - AccountNTDomain
The account NetBIOS domain name
- Account
PUID - AccountPUID
The account Azure Active Directory Passport User ID
- Account
Sid - AccountSid
The account security identifier
- Account
Object Guid - AccountObjectGuid
The account unique identifier
- Account
UPNSuffix - AccountUPNSuffix
The account user principal name suffix
- Alert
Product Names - AlertProductNames
The name of the product of the alert
- Alert
Analytic Rule Ids - AlertAnalyticRuleIds
The analytic rule ids of the alert
- Azure
Resource Resource Id - AzureResourceResourceId
The Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionId
The Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppId
The cloud application identifier
- Cloud
Application App Name - CloudApplicationAppName
The cloud application name
- DNSDomain
Name - DNSDomainName
The dns record domain name
- File
Directory - FileDirectory
The file directory full path
- File
Name - FileName
The file name without path
- File
Hash Value - FileHashValue
The file hash value
- Host
Azure ID - HostAzureID
The host Azure resource id
- Host
Name - HostName
The host name without domain
- Host
Net Bios Name - HostNetBiosName
The host NetBIOS name
- Host
NTDomain - HostNTDomain
The host NT domain
- Host
OSVersion - HostOSVersion
The host operating system
- Io
TDevice Id - IoTDeviceId
"The IoT device id
- Io
TDevice Name - IoTDeviceName
The IoT device name
- Io
TDevice Type - IoTDeviceType
The IoT device type
- Io
TDevice Vendor - IoTDeviceVendor
The IoT device vendor
- Io
TDevice Model - IoTDeviceModel
The IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystem
The IoT device operating system
- IPAddress
- IPAddress
The IP address
- Mailbox
Display Name - MailboxDisplayName
The mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddress
The mailbox primary address
- Mailbox
UPN - MailboxUPN
The mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryAction
The mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocation
The mail message delivery location
- Mail
Message Recipient - MailMessageRecipient
The mail message recipient
- Mail
Message Sender IP - MailMessageSenderIP
The mail message sender IP address
- Mail
Message Subject - MailMessageSubject
The mail message subject
- Mail
Message P1Sender - MailMessageP1Sender
The mail message P1 sender
- Mail
Message P2Sender - MailMessageP2Sender
The mail message P2 sender
- Malware
Category - MalwareCategory
The malware category
- Malware
Name - MalwareName
The malware name
- Process
Command Line - ProcessCommandLine
The process execution command line
- Process
Id - ProcessId
The process id
- Registry
Key - RegistryKey
The registry key path
- Registry
Value Data - RegistryValueData
The registry key value in string formatted representation
- Url
- Url
The url
- Automation
Rule Property Condition Supported Property Incident Title - IncidentTitle
The title of the incident
- Automation
Rule Property Condition Supported Property Incident Description - IncidentDescription
The description of the incident
- Automation
Rule Property Condition Supported Property Incident Severity - IncidentSeverity
The severity of the incident
- Automation
Rule Property Condition Supported Property Incident Status - IncidentStatus
The status of the incident
- Automation
Rule Property Condition Supported Property Incident Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- Automation
Rule Property Condition Supported Property Incident Tactics - IncidentTactics
The tactics of the incident
- Automation
Rule Property Condition Supported Property Incident Label - IncidentLabel
The labels of the incident
- Automation
Rule Property Condition Supported Property Incident Provider Name - IncidentProviderName
The provider name of the incident
- Automation
Rule Property Condition Supported Property Incident Updated By Source - IncidentUpdatedBySource
The update source of the incident
- Automation
Rule Property Condition Supported Property Account Aad Tenant Id - AccountAadTenantId
The account Azure Active Directory tenant id
- Automation
Rule Property Condition Supported Property Account Aad User Id - AccountAadUserId
The account Azure Active Directory user id
- Automation
Rule Property Condition Supported Property Account Name - AccountName
The account name
- Automation
Rule Property Condition Supported Property Account NTDomain - AccountNTDomain
The account NetBIOS domain name
- Automation
Rule Property Condition Supported Property Account PUID - AccountPUID
The account Azure Active Directory Passport User ID
- Automation
Rule Property Condition Supported Property Account Sid - AccountSid
The account security identifier
- Automation
Rule Property Condition Supported Property Account Object Guid - AccountObjectGuid
The account unique identifier
- Automation
Rule Property Condition Supported Property Account UPNSuffix - AccountUPNSuffix
The account user principal name suffix
- Automation
Rule Property Condition Supported Property Alert Product Names - AlertProductNames
The name of the product of the alert
- Automation
Rule Property Condition Supported Property Alert Analytic Rule Ids - AlertAnalyticRuleIds
The analytic rule ids of the alert
- Automation
Rule Property Condition Supported Property Azure Resource Resource Id - AzureResourceResourceId
The Azure resource id
- Automation
Rule Property Condition Supported Property Azure Resource Subscription Id - AzureResourceSubscriptionId
The Azure resource subscription id
- Automation
Rule Property Condition Supported Property Cloud Application App Id - CloudApplicationAppId
The cloud application identifier
- Automation
Rule Property Condition Supported Property Cloud Application App Name - CloudApplicationAppName
The cloud application name
- Automation
Rule Property Condition Supported Property DNSDomain Name - DNSDomainName
The dns record domain name
- Automation
Rule Property Condition Supported Property File Directory - FileDirectory
The file directory full path
- Automation
Rule Property Condition Supported Property File Name - FileName
The file name without path
- Automation
Rule Property Condition Supported Property File Hash Value - FileHashValue
The file hash value
- Automation
Rule Property Condition Supported Property Host Azure ID - HostAzureID
The host Azure resource id
- Automation
Rule Property Condition Supported Property Host Name - HostName
The host name without domain
- Automation
Rule Property Condition Supported Property Host Net Bios Name - HostNetBiosName
The host NetBIOS name
- Automation
Rule Property Condition Supported Property Host NTDomain - HostNTDomain
The host NT domain
- Automation
Rule Property Condition Supported Property Host OSVersion - HostOSVersion
The host operating system
- Automation
Rule Property Condition Supported Property Io TDevice Id - IoTDeviceId
"The IoT device id
- Automation
Rule Property Condition Supported Property Io TDevice Name - IoTDeviceName
The IoT device name
- Automation
Rule Property Condition Supported Property Io TDevice Type - IoTDeviceType
The IoT device type
- Automation
Rule Property Condition Supported Property Io TDevice Vendor - IoTDeviceVendor
The IoT device vendor
- Automation
Rule Property Condition Supported Property Io TDevice Model - IoTDeviceModel
The IoT device model
- Automation
Rule Property Condition Supported Property Io TDevice Operating System - IoTDeviceOperatingSystem
The IoT device operating system
- Automation
Rule Property Condition Supported Property IPAddress - IPAddress
The IP address
- Automation
Rule Property Condition Supported Property Mailbox Display Name - MailboxDisplayName
The mailbox display name
- Automation
Rule Property Condition Supported Property Mailbox Primary Address - MailboxPrimaryAddress
The mailbox primary address
- Automation
Rule Property Condition Supported Property Mailbox UPN - MailboxUPN
The mailbox user principal name
- Automation
Rule Property Condition Supported Property Mail Message Delivery Action - MailMessageDeliveryAction
The mail message delivery action
- Automation
Rule Property Condition Supported Property Mail Message Delivery Location - MailMessageDeliveryLocation
The mail message delivery location
- Automation
Rule Property Condition Supported Property Mail Message Recipient - MailMessageRecipient
The mail message recipient
- Automation
Rule Property Condition Supported Property Mail Message Sender IP - MailMessageSenderIP
The mail message sender IP address
- Automation
Rule Property Condition Supported Property Mail Message Subject - MailMessageSubject
The mail message subject
- Automation
Rule Property Condition Supported Property Mail Message P1Sender - MailMessageP1Sender
The mail message P1 sender
- Automation
Rule Property Condition Supported Property Mail Message P2Sender - MailMessageP2Sender
The mail message P2 sender
- Automation
Rule Property Condition Supported Property Malware Category - MalwareCategory
The malware category
- Automation
Rule Property Condition Supported Property Malware Name - MalwareName
The malware name
- Automation
Rule Property Condition Supported Property Process Command Line - ProcessCommandLine
The process execution command line
- Automation
Rule Property Condition Supported Property Process Id - ProcessId
The process id
- Automation
Rule Property Condition Supported Property Registry Key - RegistryKey
The registry key path
- Automation
Rule Property Condition Supported Property Registry Value Data - RegistryValueData
The registry key value in string formatted representation
- Automation
Rule Property Condition Supported Property Url - Url
The url
- Incident
Title - IncidentTitle
The title of the incident
- Incident
Description - IncidentDescription
The description of the incident
- Incident
Severity - IncidentSeverity
The severity of the incident
- Incident
Status - IncidentStatus
The status of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- Incident
Tactics - IncidentTactics
The tactics of the incident
- Incident
Label - IncidentLabel
The labels of the incident
- Incident
Provider Name - IncidentProviderName
The provider name of the incident
- Incident
Updated By Source - IncidentUpdatedBySource
The update source of the incident
- Account
Aad Tenant Id - AccountAadTenantId
The account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserId
The account Azure Active Directory user id
- Account
Name - AccountName
The account name
- Account
NTDomain - AccountNTDomain
The account NetBIOS domain name
- Account
PUID - AccountPUID
The account Azure Active Directory Passport User ID
- Account
Sid - AccountSid
The account security identifier
- Account
Object Guid - AccountObjectGuid
The account unique identifier
- Account
UPNSuffix - AccountUPNSuffix
The account user principal name suffix
- Alert
Product Names - AlertProductNames
The name of the product of the alert
- Alert
Analytic Rule Ids - AlertAnalyticRuleIds
The analytic rule ids of the alert
- Azure
Resource Resource Id - AzureResourceResourceId
The Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionId
The Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppId
The cloud application identifier
- Cloud
Application App Name - CloudApplicationAppName
The cloud application name
- DNSDomain
Name - DNSDomainName
The dns record domain name
- File
Directory - FileDirectory
The file directory full path
- File
Name - FileName
The file name without path
- File
Hash Value - FileHashValue
The file hash value
- Host
Azure ID - HostAzureID
The host Azure resource id
- Host
Name - HostName
The host name without domain
- Host
Net Bios Name - HostNetBiosName
The host NetBIOS name
- Host
NTDomain - HostNTDomain
The host NT domain
- Host
OSVersion - HostOSVersion
The host operating system
- Io
TDevice Id - IoTDeviceId
"The IoT device id
- Io
TDevice Name - IoTDeviceName
The IoT device name
- Io
TDevice Type - IoTDeviceType
The IoT device type
- Io
TDevice Vendor - IoTDeviceVendor
The IoT device vendor
- Io
TDevice Model - IoTDeviceModel
The IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystem
The IoT device operating system
- IPAddress
- IPAddress
The IP address
- Mailbox
Display Name - MailboxDisplayName
The mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddress
The mailbox primary address
- Mailbox
UPN - MailboxUPN
The mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryAction
The mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocation
The mail message delivery location
- Mail
Message Recipient - MailMessageRecipient
The mail message recipient
- Mail
Message Sender IP - MailMessageSenderIP
The mail message sender IP address
- Mail
Message Subject - MailMessageSubject
The mail message subject
- Mail
Message P1Sender - MailMessageP1Sender
The mail message P1 sender
- Mail
Message P2Sender - MailMessageP2Sender
The mail message P2 sender
- Malware
Category - MalwareCategory
The malware category
- Malware
Name - MalwareName
The malware name
- Process
Command Line - ProcessCommandLine
The process execution command line
- Process
Id - ProcessId
The process id
- Registry
Key - RegistryKey
The registry key path
- Registry
Value Data - RegistryValueData
The registry key value in string formatted representation
- Url
- Url
The url
- Incident
Title - IncidentTitle
The title of the incident
- Incident
Description - IncidentDescription
The description of the incident
- Incident
Severity - IncidentSeverity
The severity of the incident
- Incident
Status - IncidentStatus
The status of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- Incident
Tactics - IncidentTactics
The tactics of the incident
- Incident
Label - IncidentLabel
The labels of the incident
- Incident
Provider Name - IncidentProviderName
The provider name of the incident
- Incident
Updated By Source - IncidentUpdatedBySource
The update source of the incident
- Account
Aad Tenant Id - AccountAadTenantId
The account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserId
The account Azure Active Directory user id
- Account
Name - AccountName
The account name
- Account
NTDomain - AccountNTDomain
The account NetBIOS domain name
- Account
PUID - AccountPUID
The account Azure Active Directory Passport User ID
- Account
Sid - AccountSid
The account security identifier
- Account
Object Guid - AccountObjectGuid
The account unique identifier
- Account
UPNSuffix - AccountUPNSuffix
The account user principal name suffix
- Alert
Product Names - AlertProductNames
The name of the product of the alert
- Alert
Analytic Rule Ids - AlertAnalyticRuleIds
The analytic rule ids of the alert
- Azure
Resource Resource Id - AzureResourceResourceId
The Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionId
The Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppId
The cloud application identifier
- Cloud
Application App Name - CloudApplicationAppName
The cloud application name
- DNSDomain
Name - DNSDomainName
The dns record domain name
- File
Directory - FileDirectory
The file directory full path
- File
Name - FileName
The file name without path
- File
Hash Value - FileHashValue
The file hash value
- Host
Azure ID - HostAzureID
The host Azure resource id
- Host
Name - HostName
The host name without domain
- Host
Net Bios Name - HostNetBiosName
The host NetBIOS name
- Host
NTDomain - HostNTDomain
The host NT domain
- Host
OSVersion - HostOSVersion
The host operating system
- Io
TDevice Id - IoTDeviceId
"The IoT device id
- Io
TDevice Name - IoTDeviceName
The IoT device name
- Io
TDevice Type - IoTDeviceType
The IoT device type
- Io
TDevice Vendor - IoTDeviceVendor
The IoT device vendor
- Io
TDevice Model - IoTDeviceModel
The IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystem
The IoT device operating system
- IPAddress
- IPAddress
The IP address
- Mailbox
Display Name - MailboxDisplayName
The mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddress
The mailbox primary address
- Mailbox
UPN - MailboxUPN
The mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryAction
The mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocation
The mail message delivery location
- Mail
Message Recipient - MailMessageRecipient
The mail message recipient
- Mail
Message Sender IP - MailMessageSenderIP
The mail message sender IP address
- Mail
Message Subject - MailMessageSubject
The mail message subject
- Mail
Message P1Sender - MailMessageP1Sender
The mail message P1 sender
- Mail
Message P2Sender - MailMessageP2Sender
The mail message P2 sender
- Malware
Category - MalwareCategory
The malware category
- Malware
Name - MalwareName
The malware name
- Process
Command Line - ProcessCommandLine
The process execution command line
- Process
Id - ProcessId
The process id
- Registry
Key - RegistryKey
The registry key path
- Registry
Value Data - RegistryValueData
The registry key value in string formatted representation
- Url
- Url
The url
- INCIDENT_TITLE
- IncidentTitle
The title of the incident
- INCIDENT_DESCRIPTION
- IncidentDescription
The description of the incident
- INCIDENT_SEVERITY
- IncidentSeverity
The severity of the incident
- INCIDENT_STATUS
- IncidentStatus
The status of the incident
- INCIDENT_RELATED_ANALYTIC_RULE_IDS
- IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- INCIDENT_TACTICS
- IncidentTactics
The tactics of the incident
- INCIDENT_LABEL
- IncidentLabel
The labels of the incident
- INCIDENT_PROVIDER_NAME
- IncidentProviderName
The provider name of the incident
- INCIDENT_UPDATED_BY_SOURCE
- IncidentUpdatedBySource
The update source of the incident
- ACCOUNT_AAD_TENANT_ID
- AccountAadTenantId
The account Azure Active Directory tenant id
- ACCOUNT_AAD_USER_ID
- AccountAadUserId
The account Azure Active Directory user id
- ACCOUNT_NAME
- AccountName
The account name
- ACCOUNT_NT_DOMAIN
- AccountNTDomain
The account NetBIOS domain name
- ACCOUNT_PUID
- AccountPUID
The account Azure Active Directory Passport User ID
- ACCOUNT_SID
- AccountSid
The account security identifier
- ACCOUNT_OBJECT_GUID
- AccountObjectGuid
The account unique identifier
- ACCOUNT_UPN_SUFFIX
- AccountUPNSuffix
The account user principal name suffix
- ALERT_PRODUCT_NAMES
- AlertProductNames
The name of the product of the alert
- ALERT_ANALYTIC_RULE_IDS
- AlertAnalyticRuleIds
The analytic rule ids of the alert
- AZURE_RESOURCE_RESOURCE_ID
- AzureResourceResourceId
The Azure resource id
- AZURE_RESOURCE_SUBSCRIPTION_ID
- AzureResourceSubscriptionId
The Azure resource subscription id
- CLOUD_APPLICATION_APP_ID
- CloudApplicationAppId
The cloud application identifier
- CLOUD_APPLICATION_APP_NAME
- CloudApplicationAppName
The cloud application name
- DNS_DOMAIN_NAME
- DNSDomainName
The dns record domain name
- FILE_DIRECTORY
- FileDirectory
The file directory full path
- FILE_NAME
- FileName
The file name without path
- FILE_HASH_VALUE
- FileHashValue
The file hash value
- HOST_AZURE_ID
- HostAzureID
The host Azure resource id
- HOST_NAME
- HostName
The host name without domain
- HOST_NET_BIOS_NAME
- HostNetBiosName
The host NetBIOS name
- HOST_NT_DOMAIN
- HostNTDomain
The host NT domain
- HOST_OS_VERSION
- HostOSVersion
The host operating system
- IO_T_DEVICE_ID
- IoTDeviceId
"The IoT device id
- IO_T_DEVICE_NAME
- IoTDeviceName
The IoT device name
- IO_T_DEVICE_TYPE
- IoTDeviceType
The IoT device type
- IO_T_DEVICE_VENDOR
- IoTDeviceVendor
The IoT device vendor
- IO_T_DEVICE_MODEL
- IoTDeviceModel
The IoT device model
- IO_T_DEVICE_OPERATING_SYSTEM
- IoTDeviceOperatingSystem
The IoT device operating system
- IP_ADDRESS
- IPAddress
The IP address
- MAILBOX_DISPLAY_NAME
- MailboxDisplayName
The mailbox display name
- MAILBOX_PRIMARY_ADDRESS
- MailboxPrimaryAddress
The mailbox primary address
- MAILBOX_UPN
- MailboxUPN
The mailbox user principal name
- MAIL_MESSAGE_DELIVERY_ACTION
- MailMessageDeliveryAction
The mail message delivery action
- MAIL_MESSAGE_DELIVERY_LOCATION
- MailMessageDeliveryLocation
The mail message delivery location
- MAIL_MESSAGE_RECIPIENT
- MailMessageRecipient
The mail message recipient
- MAIL_MESSAGE_SENDER_IP
- MailMessageSenderIP
The mail message sender IP address
- MAIL_MESSAGE_SUBJECT
- MailMessageSubject
The mail message subject
- MAIL_MESSAGE_P1_SENDER
- MailMessageP1Sender
The mail message P1 sender
- MAIL_MESSAGE_P2_SENDER
- MailMessageP2Sender
The mail message P2 sender
- MALWARE_CATEGORY
- MalwareCategory
The malware category
- MALWARE_NAME
- MalwareName
The malware name
- PROCESS_COMMAND_LINE
- ProcessCommandLine
The process execution command line
- PROCESS_ID
- ProcessId
The process id
- REGISTRY_KEY
- RegistryKey
The registry key path
- REGISTRY_VALUE_DATA
- RegistryValueData
The registry key value in string formatted representation
- URL
- Url
The url
- "Incident
Title" - IncidentTitle
The title of the incident
- "Incident
Description" - IncidentDescription
The description of the incident
- "Incident
Severity" - IncidentSeverity
The severity of the incident
- "Incident
Status" - IncidentStatus
The status of the incident
- "Incident
Related Analytic Rule Ids" - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- "Incident
Tactics" - IncidentTactics
The tactics of the incident
- "Incident
Label" - IncidentLabel
The labels of the incident
- "Incident
Provider Name" - IncidentProviderName
The provider name of the incident
- "Incident
Updated By Source" - IncidentUpdatedBySource
The update source of the incident
- "Account
Aad Tenant Id" - AccountAadTenantId
The account Azure Active Directory tenant id
- "Account
Aad User Id" - AccountAadUserId
The account Azure Active Directory user id
- "Account
Name" - AccountName
The account name
- "Account
NTDomain" - AccountNTDomain
The account NetBIOS domain name
- "Account
PUID" - AccountPUID
The account Azure Active Directory Passport User ID
- "Account
Sid" - AccountSid
The account security identifier
- "Account
Object Guid" - AccountObjectGuid
The account unique identifier
- "Account
UPNSuffix" - AccountUPNSuffix
The account user principal name suffix
- "Alert
Product Names" - AlertProductNames
The name of the product of the alert
- "Alert
Analytic Rule Ids" - AlertAnalyticRuleIds
The analytic rule ids of the alert
- "Azure
Resource Resource Id" - AzureResourceResourceId
The Azure resource id
- "Azure
Resource Subscription Id" - AzureResourceSubscriptionId
The Azure resource subscription id
- "Cloud
Application App Id" - CloudApplicationAppId
The cloud application identifier
- "Cloud
Application App Name" - CloudApplicationAppName
The cloud application name
- "DNSDomain
Name" - DNSDomainName
The dns record domain name
- "File
Directory" - FileDirectory
The file directory full path
- "File
Name" - FileName
The file name without path
- "File
Hash Value" - FileHashValue
The file hash value
- "Host
Azure ID" - HostAzureID
The host Azure resource id
- "Host
Name" - HostName
The host name without domain
- "Host
Net Bios Name" - HostNetBiosName
The host NetBIOS name
- "Host
NTDomain" - HostNTDomain
The host NT domain
- "Host
OSVersion" - HostOSVersion
The host operating system
- "Io
TDevice Id" - IoTDeviceId
"The IoT device id
- "Io
TDevice Name" - IoTDeviceName
The IoT device name
- "Io
TDevice Type" - IoTDeviceType
The IoT device type
- "Io
TDevice Vendor" - IoTDeviceVendor
The IoT device vendor
- "Io
TDevice Model" - IoTDeviceModel
The IoT device model
- "Io
TDevice Operating System" - IoTDeviceOperatingSystem
The IoT device operating system
- "IPAddress"
- IPAddress
The IP address
- "Mailbox
Display Name" - MailboxDisplayName
The mailbox display name
- "Mailbox
Primary Address" - MailboxPrimaryAddress
The mailbox primary address
- "Mailbox
UPN" - MailboxUPN
The mailbox user principal name
- "Mail
Message Delivery Action" - MailMessageDeliveryAction
The mail message delivery action
- "Mail
Message Delivery Location" - MailMessageDeliveryLocation
The mail message delivery location
- "Mail
Message Recipient" - MailMessageRecipient
The mail message recipient
- "Mail
Message Sender IP" - MailMessageSenderIP
The mail message sender IP address
- "Mail
Message Subject" - MailMessageSubject
The mail message subject
- "Mail
Message P1Sender" - MailMessageP1Sender
The mail message P1 sender
- "Mail
Message P2Sender" - MailMessageP2Sender
The mail message P2 sender
- "Malware
Category" - MalwareCategory
The malware category
- "Malware
Name" - MalwareName
The malware name
- "Process
Command Line" - ProcessCommandLine
The process execution command line
- "Process
Id" - ProcessId
The process id
- "Registry
Key" - RegistryKey
The registry key path
- "Registry
Value Data" - RegistryValueData
The registry key value in string formatted representation
- "Url"
- Url
The url
AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs
- Change
Type string | Pulumi.Azure Native. Security Insights. Automation Rule Property Changed Condition Supported Changed Type - Operator
string | Pulumi.
Azure Native. Security Insights. Automation Rule Property Condition Supported Operator - Property
Name string | Pulumi.Azure Native. Security Insights. Automation Rule Property Changed Condition Supported Property Type - Property
Values List<string>
AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs
- Change
Type string - Operator string
- Property
Name string - Property
Values List<string>
- Change
Type string - Operator string
- Property
Name string - Property
Values []string
- change
Type String - operator String
- property
Name String - property
Values List<String>
- change
Type string - operator string
- property
Name string - property
Values string[]
- change_
type str - operator str
- property_
name str - property_
values Sequence[str]
- change
Type String - operator String
- property
Name String - property
Values List<String>
AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs
- Operator
string | Pulumi.
Azure Native. Security Insights. Automation Rule Property Condition Supported Operator - Property
Name string | Pulumi.Azure Native. Security Insights. Automation Rule Property Condition Supported Property The property to evaluate in an automation rule property condition.
- Property
Values List<string>
- Operator
string | Automation
Rule Property Condition Supported Operator - Property
Name string | AutomationRule Property Condition Supported Property The property to evaluate in an automation rule property condition.
- Property
Values []string
- operator
String | Automation
Rule Property Condition Supported Operator - property
Name String | AutomationRule Property Condition Supported Property The property to evaluate in an automation rule property condition.
- property
Values List<String>
- operator
string | Automation
Rule Property Condition Supported Operator - property
Name string | AutomationRule Property Condition Supported Property The property to evaluate in an automation rule property condition.
- property
Values string[]
- operator
str | Automation
Rule Property Condition Supported Operator - property_
name str | AutomationRule Property Condition Supported Property The property to evaluate in an automation rule property condition.
- property_
values Sequence[str]
- operator
String | "Equals" | "Not
Equals" | "Contains" | "Not Contains" | "Starts With" | "Not Starts With" | "Ends With" | "Not Ends With" - property
Name String | "IncidentTitle" | "Incident Description" | "Incident Severity" | "Incident Status" | "Incident Related Analytic Rule Ids" | "Incident Tactics" | "Incident Label" | "Incident Provider Name" | "Incident Updated By Source" | "Account Aad Tenant Id" | "Account Aad User Id" | "Account Name" | "Account NTDomain" | "Account PUID" | "Account Sid" | "Account Object Guid" | "Account UPNSuffix" | "Alert Product Names" | "Alert Analytic Rule Ids" | "Azure Resource Resource Id" | "Azure Resource Subscription Id" | "Cloud Application App Id" | "Cloud Application App Name" | "DNSDomain Name" | "File Directory" | "File Name" | "File Hash Value" | "Host Azure ID" | "Host Name" | "Host Net Bios Name" | "Host NTDomain" | "Host OSVersion" | "Io TDevice Id" | "Io TDevice Name" | "Io TDevice Type" | "Io TDevice Vendor" | "Io TDevice Model" | "Io TDevice Operating System" | "IPAddress" | "Mailbox Display Name" | "Mailbox Primary Address" | "Mailbox UPN" | "Mail Message Delivery Action" | "Mail Message Delivery Location" | "Mail Message Recipient" | "Mail Message Sender IP" | "Mail Message Subject" | "Mail Message P1Sender" | "Mail Message P2Sender" | "Malware Category" | "Malware Name" | "Process Command Line" | "Process Id" | "Registry Key" | "Registry Value Data" | "Url" The property to evaluate in an automation rule property condition.
- property
Values List<String>
AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs
- Operator string
- Property
Name string The property to evaluate in an automation rule property condition.
- Property
Values List<string>
- Operator string
- Property
Name string The property to evaluate in an automation rule property condition.
- Property
Values []string
- operator String
- property
Name String The property to evaluate in an automation rule property condition.
- property
Values List<String>
- operator string
- property
Name string The property to evaluate in an automation rule property condition.
- property
Values string[]
- operator str
- property_
name str The property to evaluate in an automation rule property condition.
- property_
values Sequence[str]
- operator String
- property
Name String The property to evaluate in an automation rule property condition.
- property
Values List<String>
AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs
AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs
AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs
- Is
Enabled bool Determines whether the automation rule is enabled or disabled.
- Triggers
On string | Pulumi.Azure Native. Security Insights. Triggers On - Triggers
When string | Pulumi.Azure Native. Security Insights. Triggers When - Conditions List<object>
The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- Expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- Is
Enabled bool Determines whether the automation rule is enabled or disabled.
- Triggers
On string | TriggersOn - Triggers
When string | TriggersWhen - Conditions []interface{}
The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- Expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean Determines whether the automation rule is enabled or disabled.
- triggers
On String | TriggersOn - triggers
When String | TriggersWhen - conditions List<Object>
The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time StringUtc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled boolean Determines whether the automation rule is enabled or disabled.
- triggers
On string | TriggersOn - triggers
When string | TriggersWhen - conditions
(Property
Array Changed Condition Properties | Property Changed Condition Properties | Property Condition Properties)[] The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- is_
enabled bool Determines whether the automation rule is enabled or disabled.
- triggers_
on str | TriggersOn - triggers_
when str | TriggersWhen - conditions
Sequence[Union[Property
Array Changed Condition Properties, Property Changed Condition Properties, Property Condition Properties]] The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration_
time_ strutc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean Determines whether the automation rule is enabled or disabled.
- triggers
On String | "Incidents" | "Alerts" - triggers
When String | "Created" | "Updated" - conditions List<Property Map | Property Map | Property Map>
The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time StringUtc Determines when the automation rule should automatically expire and be disabled.
AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs
- Is
Enabled bool Determines whether the automation rule is enabled or disabled.
- Triggers
On string - Triggers
When string - Conditions List<object>
The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- Expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- Is
Enabled bool Determines whether the automation rule is enabled or disabled.
- Triggers
On string - Triggers
When string - Conditions []interface{}
The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- Expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean Determines whether the automation rule is enabled or disabled.
- triggers
On String - triggers
When String - conditions List<Object>
The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time StringUtc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled boolean Determines whether the automation rule is enabled or disabled.
- triggers
On string - triggers
When string - conditions
(Property
Array Changed Condition Properties Response | Property Changed Condition Properties Response | Property Condition Properties Response)[] The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- is_
enabled bool Determines whether the automation rule is enabled or disabled.
- triggers_
on str - triggers_
when str - conditions
Sequence[Union[Property
Array Changed Condition Properties Response, Property Changed Condition Properties Response, Property Condition Properties Response]] The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration_
time_ strutc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean Determines whether the automation rule is enabled or disabled.
- triggers
On String - triggers
When String - conditions List<Property Map | Property Map | Property Map>
The conditions to evaluate to determine if the automation rule should be triggered on a given object.
- expiration
Time StringUtc Determines when the automation rule should automatically expire and be disabled.
ClientInfoResponse, ClientInfoResponseArgs
- Email string
The email of the client.
- Name string
The name of the client.
- Object
Id string The object id of the client.
- User
Principal stringName The user principal name of the client.
- Email string
The email of the client.
- Name string
The name of the client.
- Object
Id string The object id of the client.
- User
Principal stringName The user principal name of the client.
- email String
The email of the client.
- name String
The name of the client.
- object
Id String The object id of the client.
- user
Principal StringName The user principal name of the client.
- email string
The email of the client.
- name string
The name of the client.
- object
Id string The object id of the client.
- user
Principal stringName The user principal name of the client.
- email str
The email of the client.
- name str
The name of the client.
- object_
id str The object id of the client.
- user_
principal_ strname The user principal name of the client.
- email String
The email of the client.
- name String
The name of the client.
- object
Id String The object id of the client.
- user
Principal StringName The user principal name of the client.
IncidentClassification, IncidentClassificationArgs
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- Incident
Classification Undetermined - Undetermined
Incident classification was undetermined
- Incident
Classification True Positive - TruePositive
Incident was true positive
- Incident
Classification Benign Positive - BenignPositive
Incident was benign positive
- Incident
Classification False Positive - FalsePositive
Incident was false positive
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- UNDETERMINED
- Undetermined
Incident classification was undetermined
- TRUE_POSITIVE
- TruePositive
Incident was true positive
- BENIGN_POSITIVE
- BenignPositive
Incident was benign positive
- FALSE_POSITIVE
- FalsePositive
Incident was false positive
- "Undetermined"
- Undetermined
Incident classification was undetermined
- "True
Positive" - TruePositive
Incident was true positive
- "Benign
Positive" - BenignPositive
Incident was benign positive
- "False
Positive" - FalsePositive
Incident was false positive
IncidentClassificationReason, IncidentClassificationReasonArgs
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- Incident
Classification Reason Suspicious Activity - SuspiciousActivity
Classification reason was suspicious activity
- Incident
Classification Reason Suspicious But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incident
Classification Reason Incorrect Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Incident
Classification Reason Inaccurate Data - InaccurateData
Classification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- SUSPICIOUS_ACTIVITY
- SuspiciousActivity
Classification reason was suspicious activity
- SUSPICIOUS_BUT_EXPECTED
- SuspiciousButExpected
Classification reason was suspicious but expected
- INCORRECT_ALERT_LOGIC
- IncorrectAlertLogic
Classification reason was incorrect alert logic
- INACCURATE_DATA
- InaccurateData
Classification reason was inaccurate data
- "Suspicious
Activity" - SuspiciousActivity
Classification reason was suspicious activity
- "Suspicious
But Expected" - SuspiciousButExpected
Classification reason was suspicious but expected
- "Incorrect
Alert Logic" - IncorrectAlertLogic
Classification reason was incorrect alert logic
- "Inaccurate
Data" - InaccurateData
Classification reason was inaccurate data
IncidentLabel, IncidentLabelArgs
- Label
Name string The name of the label
- Label
Name string The name of the label
- label
Name String The name of the label
- label
Name string The name of the label
- label_
name str The name of the label
- label
Name String The name of the label
IncidentLabelResponse, IncidentLabelResponseArgs
- label_
name str The name of the label
- label_
type str The type of the label
IncidentOwnerInfo, IncidentOwnerInfoArgs
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- Owner
Type string | Pulumi.Azure Native. Security Insights. Owner Type The type of the owner the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- Owner
Type string | OwnerType The type of the owner the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- owner
Type String | OwnerType The type of the owner the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
- assigned
To string The name of the user the incident is assigned to.
- email string
The email of the user the incident is assigned to.
- object
Id string The object id of the user the incident is assigned to.
- owner
Type string | OwnerType The type of the owner the incident is assigned to.
- user
Principal stringName The user principal name of the user the incident is assigned to.
- assigned_
to str The name of the user the incident is assigned to.
- email str
The email of the user the incident is assigned to.
- object_
id str The object id of the user the incident is assigned to.
- owner_
type str | OwnerType The type of the owner the incident is assigned to.
- user_
principal_ strname The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- owner
Type String | "Unknown" | "User" | "Group" The type of the owner the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- Owner
Type string The type of the owner the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- Owner
Type string The type of the owner the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- owner
Type String The type of the owner the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
- assigned
To string The name of the user the incident is assigned to.
- email string
The email of the user the incident is assigned to.
- object
Id string The object id of the user the incident is assigned to.
- owner
Type string The type of the owner the incident is assigned to.
- user
Principal stringName The user principal name of the user the incident is assigned to.
- assigned_
to str The name of the user the incident is assigned to.
- email str
The email of the user the incident is assigned to.
- object_
id str The object id of the user the incident is assigned to.
- owner_
type str The type of the owner the incident is assigned to.
- user_
principal_ strname The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- owner
Type String The type of the owner the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
IncidentPropertiesAction, IncidentPropertiesActionArgs
- Classification
string | Pulumi.
Azure Native. Security Insights. Incident Classification The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed.
- Classification
Reason string | Pulumi.Azure Native. Security Insights. Incident Classification Reason The classification reason the incident was closed with
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label> List of labels to add to the incident.
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info Information on the user an incident is assigned to
- Severity
string | Pulumi.
Azure Native. Security Insights. Incident Severity The severity of the incident
- Status
string | Pulumi.
Azure Native. Security Insights. Incident Status The status of the incident
- Classification
string | Incident
Classification The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed.
- Classification
Reason string | IncidentClassification Reason The classification reason the incident was closed with
- Labels
[]Incident
Label List of labels to add to the incident.
- Owner
Incident
Owner Info Information on the user an incident is assigned to
- Severity
string | Incident
Severity The severity of the incident
- Status
string | Incident
Status The status of the incident
- classification
String | Incident
Classification The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed.
- classification
Reason String | IncidentClassification Reason The classification reason the incident was closed with
- labels
List<Incident
Label> List of labels to add to the incident.
- owner
Incident
Owner Info Information on the user an incident is assigned to
- severity
String | Incident
Severity The severity of the incident
- status
String | Incident
Status The status of the incident
- classification
string | Incident
Classification The reason the incident was closed
- classification
Comment string Describes the reason the incident was closed.
- classification
Reason string | IncidentClassification Reason The classification reason the incident was closed with
- labels
Incident
Label[] List of labels to add to the incident.
- owner
Incident
Owner Info Information on the user an incident is assigned to
- severity
string | Incident
Severity The severity of the incident
- status
string | Incident
Status The status of the incident
- classification
str | Incident
Classification The reason the incident was closed
- classification_
comment str Describes the reason the incident was closed.
- classification_
reason str | IncidentClassification Reason The classification reason the incident was closed with
- labels
Sequence[Incident
Label] List of labels to add to the incident.
- owner
Incident
Owner Info Information on the user an incident is assigned to
- severity
str | Incident
Severity The severity of the incident
- status
str | Incident
Status The status of the incident
- classification
String | "Undetermined" | "True
Positive" | "Benign Positive" | "False Positive" The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed.
- classification
Reason String | "SuspiciousActivity" | "Suspicious But Expected" | "Incorrect Alert Logic" | "Inaccurate Data" The classification reason the incident was closed with
- labels List<Property Map>
List of labels to add to the incident.
- owner Property Map
Information on the user an incident is assigned to
- severity String | "High" | "Medium" | "Low" | "Informational"
The severity of the incident
- status String | "New" | "Active" | "Closed"
The status of the incident
IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs
- Classification string
The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed.
- Classification
Reason string The classification reason the incident was closed with
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label Response> List of labels to add to the incident.
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info Response Information on the user an incident is assigned to
- Severity string
The severity of the incident
- Status string
The status of the incident
- Classification string
The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed.
- Classification
Reason string The classification reason the incident was closed with
- Labels
[]Incident
Label Response List of labels to add to the incident.
- Owner
Incident
Owner Info Response Information on the user an incident is assigned to
- Severity string
The severity of the incident
- Status string
The status of the incident
- classification String
The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed.
- classification
Reason String The classification reason the incident was closed with
- labels
List<Incident
Label Response> List of labels to add to the incident.
- owner
Incident
Owner Info Response Information on the user an incident is assigned to
- severity String
The severity of the incident
- status String
The status of the incident
- classification string
The reason the incident was closed
- classification
Comment string Describes the reason the incident was closed.
- classification
Reason string The classification reason the incident was closed with
- labels
Incident
Label Response[] List of labels to add to the incident.
- owner
Incident
Owner Info Response Information on the user an incident is assigned to
- severity string
The severity of the incident
- status string
The status of the incident
- classification str
The reason the incident was closed
- classification_
comment str Describes the reason the incident was closed.
- classification_
reason str The classification reason the incident was closed with
- labels
Sequence[Incident
Label Response] List of labels to add to the incident.
- owner
Incident
Owner Info Response Information on the user an incident is assigned to
- severity str
The severity of the incident
- status str
The status of the incident
- classification String
The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed.
- classification
Reason String The classification reason the incident was closed with
- labels List<Property Map>
List of labels to add to the incident.
- owner Property Map
Information on the user an incident is assigned to
- severity String
The severity of the incident
- status String
The status of the incident
IncidentSeverity, IncidentSeverityArgs
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- Incident
Severity High - High
High severity
- Incident
Severity Medium - Medium
Medium severity
- Incident
Severity Low - Low
Low severity
- Incident
Severity Informational - Informational
Informational severity
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- HIGH
- High
High severity
- MEDIUM
- Medium
Medium severity
- LOW
- Low
Low severity
- INFORMATIONAL
- Informational
Informational severity
- "High"
- High
High severity
- "Medium"
- Medium
Medium severity
- "Low"
- Low
Low severity
- "Informational"
- Informational
Informational severity
IncidentStatus, IncidentStatusArgs
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- Incident
Status New - New
An active incident which isn't being handled currently
- Incident
Status Active - Active
An active incident which is being handled
- Incident
Status Closed - Closed
A non-active incident
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- NEW
- New
An active incident which isn't being handled currently
- ACTIVE
- Active
An active incident which is being handled
- CLOSED
- Closed
A non-active incident
- "New"
- New
An active incident which isn't being handled currently
- "Active"
- Active
An active incident which is being handled
- "Closed"
- Closed
A non-active incident
OwnerType, OwnerTypeArgs
- Unknown
- Unknown
The incident owner type is unknown
- User
- User
The incident owner type is an AAD user
- Group
- Group
The incident owner type is an AAD group
- Owner
Type Unknown - Unknown
The incident owner type is unknown
- Owner
Type User - User
The incident owner type is an AAD user
- Owner
Type Group - Group
The incident owner type is an AAD group
- Unknown
- Unknown
The incident owner type is unknown
- User
- User
The incident owner type is an AAD user
- Group
- Group
The incident owner type is an AAD group
- Unknown
- Unknown
The incident owner type is unknown
- User
- User
The incident owner type is an AAD user
- Group
- Group
The incident owner type is an AAD group
- UNKNOWN
- Unknown
The incident owner type is unknown
- USER
- User
The incident owner type is an AAD user
- GROUP
- Group
The incident owner type is an AAD group
- "Unknown"
- Unknown
The incident owner type is unknown
- "User"
- User
The incident owner type is an AAD user
- "Group"
- Group
The incident owner type is an AAD group
PlaybookActionProperties, PlaybookActionPropertiesArgs
- Logic
App stringResource Id The resource id of the playbook resource.
- Tenant
Id string The tenant id of the playbook resource.
- Logic
App stringResource Id The resource id of the playbook resource.
- Tenant
Id string The tenant id of the playbook resource.
- logic
App StringResource Id The resource id of the playbook resource.
- tenant
Id String The tenant id of the playbook resource.
- logic
App stringResource Id The resource id of the playbook resource.
- tenant
Id string The tenant id of the playbook resource.
- logic_
app_ strresource_ id The resource id of the playbook resource.
- tenant_
id str The tenant id of the playbook resource.
- logic
App StringResource Id The resource id of the playbook resource.
- tenant
Id String The tenant id of the playbook resource.
PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs
- Logic
App stringResource Id The resource id of the playbook resource.
- Tenant
Id string The tenant id of the playbook resource.
- Logic
App stringResource Id The resource id of the playbook resource.
- Tenant
Id string The tenant id of the playbook resource.
- logic
App StringResource Id The resource id of the playbook resource.
- tenant
Id String The tenant id of the playbook resource.
- logic
App stringResource Id The resource id of the playbook resource.
- tenant
Id string The tenant id of the playbook resource.
- logic_
app_ strresource_ id The resource id of the playbook resource.
- tenant_
id str The tenant id of the playbook resource.
- logic
App StringResource Id The resource id of the playbook resource.
- tenant
Id String The tenant id of the playbook resource.
PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs
PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs
PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs
PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs
PropertyConditionProperties, PropertyConditionPropertiesArgs
PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs
SystemDataResponse, SystemDataResponseArgs
- Created
At string The timestamp of resource creation (UTC).
- Created
By string The identity that created the resource.
- Created
By stringType The type of identity that created the resource.
- Last
Modified stringAt The timestamp of resource last modification (UTC)
- Last
Modified stringBy The identity that last modified the resource.
- Last
Modified stringBy Type The type of identity that last modified the resource.
- Created
At string The timestamp of resource creation (UTC).
- Created
By string The identity that created the resource.
- Created
By stringType The type of identity that created the resource.
- Last
Modified stringAt The timestamp of resource last modification (UTC)
- Last
Modified stringBy The identity that last modified the resource.
- Last
Modified stringBy Type The type of identity that last modified the resource.
- created
At String The timestamp of resource creation (UTC).
- created
By String The identity that created the resource.
- created
By StringType The type of identity that created the resource.
- last
Modified StringAt The timestamp of resource last modification (UTC)
- last
Modified StringBy The identity that last modified the resource.
- last
Modified StringBy Type The type of identity that last modified the resource.
- created
At string The timestamp of resource creation (UTC).
- created
By string The identity that created the resource.
- created
By stringType The type of identity that created the resource.
- last
Modified stringAt The timestamp of resource last modification (UTC)
- last
Modified stringBy The identity that last modified the resource.
- last
Modified stringBy Type The type of identity that last modified the resource.
- created_
at str The timestamp of resource creation (UTC).
- created_
by str The identity that created the resource.
- created_
by_ strtype The type of identity that created the resource.
- last_
modified_ strat The timestamp of resource last modification (UTC)
- last_
modified_ strby The identity that last modified the resource.
- last_
modified_ strby_ type The type of identity that last modified the resource.
- created
At String The timestamp of resource creation (UTC).
- created
By String The identity that created the resource.
- created
By StringType The type of identity that created the resource.
- last
Modified StringAt The timestamp of resource last modification (UTC)
- last
Modified StringBy The identity that last modified the resource.
- last
Modified StringBy Type The type of identity that last modified the resource.
TriggersOn, TriggersOnArgs
- Incidents
- Incidents
Trigger on Incidents
- Alerts
- Alerts
Trigger on Alerts
- Triggers
On Incidents - Incidents
Trigger on Incidents
- Triggers
On Alerts - Alerts
Trigger on Alerts
- Incidents
- Incidents
Trigger on Incidents
- Alerts
- Alerts
Trigger on Alerts
- Incidents
- Incidents
Trigger on Incidents
- Alerts
- Alerts
Trigger on Alerts
- INCIDENTS
- Incidents
Trigger on Incidents
- ALERTS
- Alerts
Trigger on Alerts
- "Incidents"
- Incidents
Trigger on Incidents
- "Alerts"
- Alerts
Trigger on Alerts
TriggersWhen, TriggersWhenArgs
- Created
- Created
Trigger on created objects
- Updated
- Updated
Trigger on updated objects
- Triggers
When Created - Created
Trigger on created objects
- Triggers
When Updated - Updated
Trigger on updated objects
- Created
- Created
Trigger on created objects
- Updated
- Updated
Trigger on updated objects
- Created
- Created
Trigger on created objects
- Updated
- Updated
Trigger on updated objects
- CREATED
- Created
Trigger on created objects
- UPDATED
- Updated
Trigger on updated objects
- "Created"
- Created
Trigger on created objects
- "Updated"
- Updated
Trigger on updated objects
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0