azure-native.securityinsights.AutomationRule

Explore with Pulumi AI

Represents an automation rule. API Version: 2019-01-01-preview.

Example Usage

Creates or updates an automation rule.

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
    {
        Actions = new[]
        {
            new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
            {
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfigurationArgs
                {
                    Severity = "High",
                },
                ActionType = "ModifyProperties",
                Order = 1,
            },
            new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs
            {
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfigurationArgs
                {
                    LogicAppResourceId = "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                    TenantId = "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
                },
                ActionType = "RunPlaybook",
                Order = 2,
            },
        },
        AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        DisplayName = "High severity incidents escalation",
        OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
        Order = 1,
        ResourceGroupName = "myRg",
        TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
        {
            Conditions = new[]
            {
                
                {
                    { "conditionProperties", new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionPropertiesArgs
                    {
                        Operator = "Contains",
                        PropertyName = "IncidentRelatedAnalyticRuleIds",
                        PropertyValues = new[]
                        {
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                        },
                    } },
                    { "conditionType", "Property" },
                },
            },
            IsEnabled = true,
            TriggersOn = "Incidents",
            TriggersWhen = "Created",
        },
        WorkspaceName = "myWorkspace",
    });

});
package main

import (
	securityinsights "github.com/pulumi/pulumi-azure-native/sdk/go/azure/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
			Actions: pulumi.AnyArray{
				securityinsights.AutomationRuleModifyPropertiesAction{
					ActionConfiguration: securityinsights.AutomationRuleModifyPropertiesActionActionConfiguration{
						Severity: "High",
					},
					ActionType: "ModifyProperties",
					Order:      1,
				},
				securityinsights.AutomationRuleRunPlaybookAction{
					ActionConfiguration: securityinsights.AutomationRuleRunPlaybookActionActionConfiguration{
						LogicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
						TenantId:           "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
					},
					ActionType: "RunPlaybook",
					Order:      2,
				},
			},
			AutomationRuleId:                    pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			DisplayName:                         pulumi.String("High severity incidents escalation"),
			OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
			Order:                               pulumi.Int(1),
			ResourceGroupName:                   pulumi.String("myRg"),
			TriggeringLogic: securityinsights.AutomationRuleTriggeringLogicResponse{
				Conditions: []securityinsights.AutomationRulePropertyValuesConditionArgs{
					{
						ConditionProperties: {
							Operator:     pulumi.String("Contains"),
							PropertyName: pulumi.String("IncidentRelatedAnalyticRuleIds"),
							PropertyValues: pulumi.StringArray{
								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"),
							},
						},
						ConditionType: pulumi.String("Property"),
					},
				},
				IsEnabled:    pulumi.Bool(true),
				TriggersOn:   pulumi.String("Incidents"),
				TriggersWhen: pulumi.String("Created"),
			},
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()        
            .actions(            
                Map.ofEntries(
                    Map.entry("actionConfiguration", Map.of("severity", "High")),
                    Map.entry("actionType", "ModifyProperties"),
                    Map.entry("order", 1)
                ),
                Map.ofEntries(
                    Map.entry("actionConfiguration", Map.ofEntries(
                        Map.entry("logicAppResourceId", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
                        Map.entry("tenantId", "ee48efaf-50c6-411b-9345-b2bdc3eb4abc")
                    )),
                    Map.entry("actionType", "RunPlaybook"),
                    Map.entry("order", 2)
                ))
            .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .displayName("High severity incidents escalation")
            .operationalInsightsResourceProvider("Microsoft.OperationalInsights")
            .order(1)
            .resourceGroupName("myRg")
            .triggeringLogic(Map.ofEntries(
                Map.entry("conditions", Map.ofEntries(
                    Map.entry("conditionProperties", Map.ofEntries(
                        Map.entry("operator", "Contains"),
                        Map.entry("propertyName", "IncidentRelatedAnalyticRuleIds"),
                        Map.entry("propertyValues",                         
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")
                    )),
                    Map.entry("conditionType", "Property")
                )),
                Map.entry("isEnabled", true),
                Map.entry("triggersOn", "Incidents"),
                Map.entry("triggersWhen", "Created")
            ))
            .workspaceName("myWorkspace")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
    actions=[
        azure_native.securityinsights.AutomationRuleModifyPropertiesActionArgs(
            action_configuration=azure_native.securityinsights.AutomationRuleModifyPropertiesActionActionConfigurationArgs(
                severity="High",
            ),
            action_type="ModifyProperties",
            order=1,
        ),
        azure_native.securityinsights.AutomationRuleRunPlaybookActionArgs(
            action_configuration=azure_native.securityinsights.AutomationRuleRunPlaybookActionActionConfigurationArgs(
                logic_app_resource_id="/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                tenant_id="ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
            ),
            action_type="RunPlaybook",
            order=2,
        ),
    ],
    automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    display_name="High severity incidents escalation",
    operational_insights_resource_provider="Microsoft.OperationalInsights",
    order=1,
    resource_group_name="myRg",
    triggering_logic=azure_native.securityinsights.AutomationRuleTriggeringLogicResponseArgs(
        conditions=[azure_native.securityinsights.AutomationRulePropertyValuesConditionResponseArgs(
            condition_properties=azure_native.securityinsights.AutomationRulePropertyValuesConditionConditionPropertiesArgs(
                operator="Contains",
                property_name="IncidentRelatedAnalyticRuleIds",
                property_values=[
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                ],
            ),
            condition_type="Property",
        )],
        is_enabled=True,
        triggers_on="Incidents",
        triggers_when="Created",
    ),
    workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
    actions: [
        {
            actionConfiguration: {
                severity: "High",
            },
            actionType: "ModifyProperties",
            order: 1,
        },
        {
            actionConfiguration: {
                logicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                tenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
            },
            actionType: "RunPlaybook",
            order: 2,
        },
    ],
    automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    displayName: "High severity incidents escalation",
    operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
    order: 1,
    resourceGroupName: "myRg",
    triggeringLogic: {
        conditions: [{
            conditionProperties: {
                operator: "Contains",
                propertyName: "IncidentRelatedAnalyticRuleIds",
                propertyValues: [
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                ],
            },
            conditionType: "Property",
        }],
        isEnabled: true,
        triggersOn: "Incidents",
        triggersWhen: "Created",
    },
    workspaceName: "myWorkspace",
});
resources:
  automationRule:
    type: azure-native:securityinsights:AutomationRule
    properties:
      actions:
        - actionConfiguration:
            severity: High
          actionType: ModifyProperties
          order: 1
        - actionConfiguration:
            logicAppResourceId: /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook
            tenantId: ee48efaf-50c6-411b-9345-b2bdc3eb4abc
          actionType: RunPlaybook
          order: 2
      automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
      displayName: High severity incidents escalation
      operationalInsightsResourceProvider: Microsoft.OperationalInsights
      order: 1
      resourceGroupName: myRg
      triggeringLogic:
        conditions:
          - conditionProperties:
              operator: Contains
              propertyName: IncidentRelatedAnalyticRuleIds
              propertyValues:
                - /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7
                - /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a
            conditionType: Property
        isEnabled: true
        triggersOn: Incidents
        triggersWhen: Created
      workspaceName: myWorkspace

Create AutomationRule Resource

new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
@overload
def AutomationRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                   automation_rule_id: Optional[str] = None,
                   display_name: Optional[str] = None,
                   operational_insights_resource_provider: Optional[str] = None,
                   order: Optional[int] = None,
                   resource_group_name: Optional[str] = None,
                   triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                   workspace_name: Optional[str] = None)
@overload
def AutomationRule(resource_name: str,
                   args: AutomationRuleArgs,
                   opts: Optional[ResourceOptions] = None)
func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AutomationRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AutomationRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AutomationRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AutomationRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AutomationRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AutomationRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AutomationRule resource accepts the following input properties:

Actions List<Union<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs, Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs>>

The actions to execute when the automation rule is triggered

DisplayName string

The display name of the automation rule

OperationalInsightsResourceProvider string

The namespace of workspaces resource provider- Microsoft.OperationalInsights.

Order int

The order of execution of the automation rule

ResourceGroupName string

The name of the resource group within the user's subscription. The name is case insensitive.

TriggeringLogic Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs

The triggering logic of the automation rule

WorkspaceName string

The name of the workspace.

AutomationRuleId string

Automation rule ID

Actions []interface{}

The actions to execute when the automation rule is triggered

DisplayName string

The display name of the automation rule

OperationalInsightsResourceProvider string

The namespace of workspaces resource provider- Microsoft.OperationalInsights.

Order int

The order of execution of the automation rule

ResourceGroupName string

The name of the resource group within the user's subscription. The name is case insensitive.

TriggeringLogic AutomationRuleTriggeringLogicArgs

The triggering logic of the automation rule

WorkspaceName string

The name of the workspace.

AutomationRuleId string

Automation rule ID

actions List<Either<AutomationRuleModifyPropertiesActionArgs,AutomationRuleRunPlaybookActionArgs>>

The actions to execute when the automation rule is triggered

displayName String

The display name of the automation rule

operationalInsightsResourceProvider String

The namespace of workspaces resource provider- Microsoft.OperationalInsights.

order Integer

The order of execution of the automation rule

resourceGroupName String

The name of the resource group within the user's subscription. The name is case insensitive.

triggeringLogic AutomationRuleTriggeringLogicArgs

The triggering logic of the automation rule

workspaceName String

The name of the workspace.

automationRuleId String

Automation rule ID

actions (AutomationRuleModifyPropertiesActionArgs | AutomationRuleRunPlaybookActionArgs)[]

The actions to execute when the automation rule is triggered

displayName string

The display name of the automation rule

operationalInsightsResourceProvider string

The namespace of workspaces resource provider- Microsoft.OperationalInsights.

order number

The order of execution of the automation rule

resourceGroupName string

The name of the resource group within the user's subscription. The name is case insensitive.

triggeringLogic AutomationRuleTriggeringLogicArgs

The triggering logic of the automation rule

workspaceName string

The name of the workspace.

automationRuleId string

Automation rule ID

actions Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]

The actions to execute when the automation rule is triggered

display_name str

The display name of the automation rule

operational_insights_resource_provider str

The namespace of workspaces resource provider- Microsoft.OperationalInsights.

order int

The order of execution of the automation rule

resource_group_name str

The name of the resource group within the user's subscription. The name is case insensitive.

triggering_logic AutomationRuleTriggeringLogicArgs

The triggering logic of the automation rule

workspace_name str

The name of the workspace.

automation_rule_id str

Automation rule ID

actions List<Property Map | Property Map>

The actions to execute when the automation rule is triggered

displayName String

The display name of the automation rule

operationalInsightsResourceProvider String

The namespace of workspaces resource provider- Microsoft.OperationalInsights.

order Number

The order of execution of the automation rule

resourceGroupName String

The name of the resource group within the user's subscription. The name is case insensitive.

triggeringLogic Property Map

The triggering logic of the automation rule

workspaceName String

The name of the workspace.

automationRuleId String

Automation rule ID

Outputs

All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

CreatedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse

Describes the client that created the automation rule

CreatedTimeUtc string

The time the automation rule was created

Id string

The provider-assigned unique ID for this managed resource.

LastModifiedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse

Describes the client that last updated the automation rule

LastModifiedTimeUtc string

The last time the automation rule was updated

Name string

Azure resource name

Type string

Azure resource type

Etag string

Etag of the azure resource

CreatedBy ClientInfoResponse

Describes the client that created the automation rule

CreatedTimeUtc string

The time the automation rule was created

Id string

The provider-assigned unique ID for this managed resource.

LastModifiedBy ClientInfoResponse

Describes the client that last updated the automation rule

LastModifiedTimeUtc string

The last time the automation rule was updated

Name string

Azure resource name

Type string

Azure resource type

Etag string

Etag of the azure resource

createdBy ClientInfoResponse

Describes the client that created the automation rule

createdTimeUtc String

The time the automation rule was created

id String

The provider-assigned unique ID for this managed resource.

lastModifiedBy ClientInfoResponse

Describes the client that last updated the automation rule

lastModifiedTimeUtc String

The last time the automation rule was updated

name String

Azure resource name

type String

Azure resource type

etag String

Etag of the azure resource

createdBy ClientInfoResponse

Describes the client that created the automation rule

createdTimeUtc string

The time the automation rule was created

id string

The provider-assigned unique ID for this managed resource.

lastModifiedBy ClientInfoResponse

Describes the client that last updated the automation rule

lastModifiedTimeUtc string

The last time the automation rule was updated

name string

Azure resource name

type string

Azure resource type

etag string

Etag of the azure resource

created_by ClientInfoResponse

Describes the client that created the automation rule

created_time_utc str

The time the automation rule was created

id str

The provider-assigned unique ID for this managed resource.

last_modified_by ClientInfoResponse

Describes the client that last updated the automation rule

last_modified_time_utc str

The last time the automation rule was updated

name str

Azure resource name

type str

Azure resource type

etag str

Etag of the azure resource

createdBy Property Map

Describes the client that created the automation rule

createdTimeUtc String

The time the automation rule was created

id String

The provider-assigned unique ID for this managed resource.

lastModifiedBy Property Map

Describes the client that last updated the automation rule

lastModifiedTimeUtc String

The last time the automation rule was updated

name String

Azure resource name

type String

Azure resource type

etag String

Etag of the azure resource

Supporting Types

AutomationRuleModifyPropertiesAction

ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfiguration

The configuration of the modify properties automation rule action

Order int

The order of execution of the automation rule action

ActionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration

The configuration of the modify properties automation rule action

Order int

The order of execution of the automation rule action

actionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration

The configuration of the modify properties automation rule action

order Integer

The order of execution of the automation rule action

actionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration

The configuration of the modify properties automation rule action

order number

The order of execution of the automation rule action

action_configuration AutomationRuleModifyPropertiesActionActionConfiguration

The configuration of the modify properties automation rule action

order int

The order of execution of the automation rule action

actionConfiguration Property Map

The configuration of the modify properties automation rule action

order Number

The order of execution of the automation rule action

AutomationRuleModifyPropertiesActionActionConfiguration

Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification

The reason the incident was closed

ClassificationComment string

Describes the reason the incident was closed

ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason

The classification reason to close the incident with

Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>

List of labels to add to the incident

Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo

Describes a user that the incident is assigned to

Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity

The severity of the incident

Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus

The status of the incident

Classification string | IncidentClassification

The reason the incident was closed

ClassificationComment string

Describes the reason the incident was closed

ClassificationReason string | IncidentClassificationReason

The classification reason to close the incident with

Labels []IncidentLabel

List of labels to add to the incident

Owner IncidentOwnerInfo

Describes a user that the incident is assigned to

Severity string | IncidentSeverity

The severity of the incident

Status string | IncidentStatus

The status of the incident

classification String | IncidentClassification

The reason the incident was closed

classificationComment String

Describes the reason the incident was closed

classificationReason String | IncidentClassificationReason

The classification reason to close the incident with

labels List<IncidentLabel>

List of labels to add to the incident

owner IncidentOwnerInfo

Describes a user that the incident is assigned to

severity String | IncidentSeverity

The severity of the incident

status String | IncidentStatus

The status of the incident

classification string | IncidentClassification

The reason the incident was closed

classificationComment string

Describes the reason the incident was closed

classificationReason string | IncidentClassificationReason

The classification reason to close the incident with

labels IncidentLabel[]

List of labels to add to the incident

owner IncidentOwnerInfo

Describes a user that the incident is assigned to

severity string | IncidentSeverity

The severity of the incident

status string | IncidentStatus

The status of the incident

classification str | IncidentClassification

The reason the incident was closed

classification_comment str

Describes the reason the incident was closed

classification_reason str | IncidentClassificationReason

The classification reason to close the incident with

labels Sequence[IncidentLabel]

List of labels to add to the incident

owner IncidentOwnerInfo

Describes a user that the incident is assigned to

severity str | IncidentSeverity

The severity of the incident

status str | IncidentStatus

The status of the incident

classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive"

The reason the incident was closed

classificationComment String

Describes the reason the incident was closed

classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData"

The classification reason to close the incident with

labels List<Property Map>

List of labels to add to the incident

owner Property Map

Describes a user that the incident is assigned to

severity String | "High" | "Medium" | "Low" | "Informational"

The severity of the incident

status String | "New" | "Active" | "Closed"

The status of the incident

AutomationRuleModifyPropertiesActionResponse

ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionResponseActionConfiguration

The configuration of the modify properties automation rule action

Order int

The order of execution of the automation rule action

ActionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration

The configuration of the modify properties automation rule action

Order int

The order of execution of the automation rule action

actionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration

The configuration of the modify properties automation rule action

order Integer

The order of execution of the automation rule action

actionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration

The configuration of the modify properties automation rule action

order number

The order of execution of the automation rule action

action_configuration AutomationRuleModifyPropertiesActionResponseActionConfiguration

The configuration of the modify properties automation rule action

order int

The order of execution of the automation rule action

actionConfiguration Property Map

The configuration of the modify properties automation rule action

order Number

The order of execution of the automation rule action

AutomationRuleModifyPropertiesActionResponseActionConfiguration

Classification string

The reason the incident was closed

ClassificationComment string

Describes the reason the incident was closed

ClassificationReason string

The classification reason to close the incident with

Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabelResponse>

List of labels to add to the incident

Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoResponse

Describes a user that the incident is assigned to

Severity string

The severity of the incident

Status string

The status of the incident

Classification string

The reason the incident was closed

ClassificationComment string

Describes the reason the incident was closed

ClassificationReason string

The classification reason to close the incident with

Labels []IncidentLabelResponse

List of labels to add to the incident

Owner IncidentOwnerInfoResponse

Describes a user that the incident is assigned to

Severity string

The severity of the incident

Status string

The status of the incident

classification String

The reason the incident was closed

classificationComment String

Describes the reason the incident was closed

classificationReason String

The classification reason to close the incident with

labels List<IncidentLabelResponse>

List of labels to add to the incident

owner IncidentOwnerInfoResponse

Describes a user that the incident is assigned to

severity String

The severity of the incident

status String

The status of the incident

classification string

The reason the incident was closed

classificationComment string

Describes the reason the incident was closed

classificationReason string

The classification reason to close the incident with

labels IncidentLabelResponse[]

List of labels to add to the incident

owner IncidentOwnerInfoResponse

Describes a user that the incident is assigned to

severity string

The severity of the incident

status string

The status of the incident

classification str

The reason the incident was closed

classification_comment str

Describes the reason the incident was closed

classification_reason str

The classification reason to close the incident with

labels Sequence[IncidentLabelResponse]

List of labels to add to the incident

owner IncidentOwnerInfoResponse

Describes a user that the incident is assigned to

severity str

The severity of the incident

status str

The status of the incident

classification String

The reason the incident was closed

classificationComment String

Describes the reason the incident was closed

classificationReason String

The classification reason to close the incident with

labels List<Property Map>

List of labels to add to the incident

owner Property Map

Describes a user that the incident is assigned to

severity String

The severity of the incident

status String

The status of the incident

AutomationRulePropertyConditionSupportedOperator

EqualsValue
Equals

Evaluates if the property equals at least one of the condition values

NotEquals
NotEquals

Evaluates if the property does not equal any of the condition values

Contains
Contains

Evaluates if the property contains at least one of the condition values

NotContains
NotContains

Evaluates if the property does not contain any of the condition values

StartsWith
StartsWith

Evaluates if the property starts with any of the condition values

NotStartsWith
NotStartsWith

Evaluates if the property does not start with any of the condition values

EndsWith
EndsWith

Evaluates if the property ends with any of the condition values

NotEndsWith
NotEndsWith

Evaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedOperatorEquals
Equals

Evaluates if the property equals at least one of the condition values

AutomationRulePropertyConditionSupportedOperatorNotEquals
NotEquals

Evaluates if the property does not equal any of the condition values

AutomationRulePropertyConditionSupportedOperatorContains
Contains

Evaluates if the property contains at least one of the condition values

AutomationRulePropertyConditionSupportedOperatorNotContains
NotContains

Evaluates if the property does not contain any of the condition values

AutomationRulePropertyConditionSupportedOperatorStartsWith
StartsWith

Evaluates if the property starts with any of the condition values

AutomationRulePropertyConditionSupportedOperatorNotStartsWith
NotStartsWith

Evaluates if the property does not start with any of the condition values

AutomationRulePropertyConditionSupportedOperatorEndsWith
EndsWith

Evaluates if the property ends with any of the condition values

AutomationRulePropertyConditionSupportedOperatorNotEndsWith
NotEndsWith

Evaluates if the property does not end with any of the condition values

Equals
Equals

Evaluates if the property equals at least one of the condition values

NotEquals
NotEquals

Evaluates if the property does not equal any of the condition values

Contains
Contains

Evaluates if the property contains at least one of the condition values

NotContains
NotContains

Evaluates if the property does not contain any of the condition values

StartsWith
StartsWith

Evaluates if the property starts with any of the condition values

NotStartsWith
NotStartsWith

Evaluates if the property does not start with any of the condition values

EndsWith
EndsWith

Evaluates if the property ends with any of the condition values

NotEndsWith
NotEndsWith

Evaluates if the property does not end with any of the condition values

Equals
Equals

Evaluates if the property equals at least one of the condition values

NotEquals
NotEquals

Evaluates if the property does not equal any of the condition values

Contains
Contains

Evaluates if the property contains at least one of the condition values

NotContains
NotContains

Evaluates if the property does not contain any of the condition values

StartsWith
StartsWith

Evaluates if the property starts with any of the condition values

NotStartsWith
NotStartsWith

Evaluates if the property does not start with any of the condition values

EndsWith
EndsWith

Evaluates if the property ends with any of the condition values

NotEndsWith
NotEndsWith

Evaluates if the property does not end with any of the condition values

EQUALS
Equals

Evaluates if the property equals at least one of the condition values

NOT_EQUALS
NotEquals

Evaluates if the property does not equal any of the condition values

CONTAINS
Contains

Evaluates if the property contains at least one of the condition values

NOT_CONTAINS
NotContains

Evaluates if the property does not contain any of the condition values

STARTS_WITH
StartsWith

Evaluates if the property starts with any of the condition values

NOT_STARTS_WITH
NotStartsWith

Evaluates if the property does not start with any of the condition values

ENDS_WITH
EndsWith

Evaluates if the property ends with any of the condition values

NOT_ENDS_WITH
NotEndsWith

Evaluates if the property does not end with any of the condition values

"Equals"
Equals

Evaluates if the property equals at least one of the condition values

"NotEquals"
NotEquals

Evaluates if the property does not equal any of the condition values

"Contains"
Contains

Evaluates if the property contains at least one of the condition values

"NotContains"
NotContains

Evaluates if the property does not contain any of the condition values

"StartsWith"
StartsWith

Evaluates if the property starts with any of the condition values

"NotStartsWith"
NotStartsWith

Evaluates if the property does not start with any of the condition values

"EndsWith"
EndsWith

Evaluates if the property ends with any of the condition values

"NotEndsWith"
NotEndsWith

Evaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedProperty

IncidentTitle
IncidentTitle

The title of the incident

IncidentDescription
IncidentDescription

The description of the incident

IncidentSeverity
IncidentSeverity

The severity of the incident

IncidentStatus
IncidentStatus

The status of the incident

IncidentTactics
IncidentTactics

The tactics of the incident

IncidentRelatedAnalyticRuleIds
IncidentRelatedAnalyticRuleIds

The related Analytic rule ids of the incident

IncidentProviderName
IncidentProviderName

The provider name of the incident

AccountAadTenantId
AccountAadTenantId

The account Azure Active Directory tenant id

AccountAadUserId
AccountAadUserId

The account Azure Active Directory user id.

AccountName
AccountName

The account name

AccountNTDomain
AccountNTDomain

The account NetBIOS domain name

AccountPUID
AccountPUID

The account Azure Active Directory Passport User ID

AccountSid
AccountSid

The account security identifier

AccountObjectGuid
AccountObjectGuid

The account unique identifier

AccountUPNSuffix
AccountUPNSuffix

The account user principal name suffix

AzureResourceResourceId
AzureResourceResourceId

The Azure resource id

AzureResourceSubscriptionId
AzureResourceSubscriptionId

The Azure resource subscription id

CloudApplicationAppId
CloudApplicationAppId

The cloud application identifier

CloudApplicationAppName
CloudApplicationAppName

The cloud application name

DNSDomainName
DNSDomainName

The dns record domain name

FileDirectory
FileDirectory

The file directory full path

FileName
FileName

The file name without path

FileHashValue
FileHashValue

The file hash value

HostAzureID
HostAzureID

The host Azure resource id

HostName
HostName

The host name without domain

HostNetBiosName
HostNetBiosName

The host NetBIOS name

HostNTDomain
HostNTDomain

The host NT domain

HostOSVersion
HostOSVersion

The host operating system

IoTDeviceId
IoTDeviceId

The IoT device id

IoTDeviceName
IoTDeviceName

The IoT device name

IoTDeviceType
IoTDeviceType

The IoT device type

IoTDeviceVendor
IoTDeviceVendor

The IoT device vendor

IoTDeviceModel
IoTDeviceModel

The IoT device model

IoTDeviceOperatingSystem
IoTDeviceOperatingSystem

The IoT device operating system

IPAddress
IPAddress

The IP address

MailboxDisplayName
MailboxDisplayName

The mailbox display name

MailboxPrimaryAddress
MailboxPrimaryAddress

The mailbox primary address

MailboxUPN
MailboxUPN

The mailbox user principal name

MailMessageDeliveryAction
MailMessageDeliveryAction

The mail message delivery action

MailMessageDeliveryLocation
MailMessageDeliveryLocation

The mail message delivery location

MailMessageRecipient
MailMessageRecipient

The mail message recipient

MailMessageSenderIP
MailMessageSenderIP

The mail message sender IP address

MailMessageSubject
MailMessageSubject

The mail message subject

MailMessageP1Sender
MailMessageP1Sender

The mail message P1 sender

MailMessageP2Sender
MailMessageP2Sender

The mail message P2 sender

MalwareCategory
MalwareCategory

The malware category

MalwareName
MalwareName

The malware name

ProcessCommandLine
ProcessCommandLine

The process execution command line

ProcessId
ProcessId

The process id

RegistryKey
RegistryKey

The registry key path

RegistryValueData
RegistryValueData

The registry key value in string formatted representation

Url
Url

The url

AutomationRulePropertyConditionSupportedPropertyIncidentTitle
IncidentTitle

The title of the incident

AutomationRulePropertyConditionSupportedPropertyIncidentDescription
IncidentDescription

The description of the incident

AutomationRulePropertyConditionSupportedPropertyIncidentSeverity
IncidentSeverity

The severity of the incident

AutomationRulePropertyConditionSupportedPropertyIncidentStatus
IncidentStatus

The status of the incident

AutomationRulePropertyConditionSupportedPropertyIncidentTactics
IncidentTactics

The tactics of the incident

AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds
IncidentRelatedAnalyticRuleIds

The related Analytic rule ids of the incident

AutomationRulePropertyConditionSupportedPropertyIncidentProviderName
IncidentProviderName

The provider name of the incident

AutomationRulePropertyConditionSupportedPropertyAccountAadTenantId
AccountAadTenantId

The account Azure Active Directory tenant id

AutomationRulePropertyConditionSupportedPropertyAccountAadUserId
AccountAadUserId

The account Azure Active Directory user id.

AutomationRulePropertyConditionSupportedPropertyAccountName
AccountName

The account name

AutomationRulePropertyConditionSupportedPropertyAccountNTDomain
AccountNTDomain

The account NetBIOS domain name

AutomationRulePropertyConditionSupportedPropertyAccountPUID
AccountPUID

The account Azure Active Directory Passport User ID

AutomationRulePropertyConditionSupportedPropertyAccountSid
AccountSid

The account security identifier

AutomationRulePropertyConditionSupportedPropertyAccountObjectGuid
AccountObjectGuid

The account unique identifier

AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix
AccountUPNSuffix

The account user principal name suffix

AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceId
AzureResourceResourceId

The Azure resource id

AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionId
AzureResourceSubscriptionId

The Azure resource subscription id

AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppId
CloudApplicationAppId

The cloud application identifier

AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName
CloudApplicationAppName

The cloud application name

AutomationRulePropertyConditionSupportedPropertyDNSDomainName
DNSDomainName

The dns record domain name

AutomationRulePropertyConditionSupportedPropertyFileDirectory
FileDirectory

The file directory full path

AutomationRulePropertyConditionSupportedPropertyFileName
FileName

The file name without path

AutomationRulePropertyConditionSupportedPropertyFileHashValue
FileHashValue

The file hash value

AutomationRulePropertyConditionSupportedPropertyHostAzureID
HostAzureID

The host Azure resource id

AutomationRulePropertyConditionSupportedPropertyHostName
HostName

The host name without domain

AutomationRulePropertyConditionSupportedPropertyHostNetBiosName
HostNetBiosName

The host NetBIOS name

AutomationRulePropertyConditionSupportedPropertyHostNTDomain
HostNTDomain

The host NT domain

AutomationRulePropertyConditionSupportedPropertyHostOSVersion
HostOSVersion

The host operating system

AutomationRulePropertyConditionSupportedPropertyIoTDeviceId
IoTDeviceId

The IoT device id

AutomationRulePropertyConditionSupportedPropertyIoTDeviceName
IoTDeviceName

The IoT device name

AutomationRulePropertyConditionSupportedPropertyIoTDeviceType
IoTDeviceType

The IoT device type

AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor
IoTDeviceVendor

The IoT device vendor

AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel
IoTDeviceModel

The IoT device model

AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem
IoTDeviceOperatingSystem

The IoT device operating system

AutomationRulePropertyConditionSupportedPropertyIPAddress
IPAddress

The IP address

AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName
MailboxDisplayName

The mailbox display name

AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress
MailboxPrimaryAddress

The mailbox primary address

AutomationRulePropertyConditionSupportedPropertyMailboxUPN
MailboxUPN

The mailbox user principal name

AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction
MailMessageDeliveryAction

The mail message delivery action

AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation
MailMessageDeliveryLocation

The mail message delivery location

AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient
MailMessageRecipient

The mail message recipient

AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP
MailMessageSenderIP

The mail message sender IP address

AutomationRulePropertyConditionSupportedPropertyMailMessageSubject
MailMessageSubject

The mail message subject

AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender
MailMessageP1Sender

The mail message P1 sender

AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender
MailMessageP2Sender

The mail message P2 sender

AutomationRulePropertyConditionSupportedPropertyMalwareCategory
MalwareCategory

The malware category

AutomationRulePropertyConditionSupportedPropertyMalwareName
MalwareName

The malware name

AutomationRulePropertyConditionSupportedPropertyProcessCommandLine
ProcessCommandLine

The process execution command line

AutomationRulePropertyConditionSupportedPropertyProcessId
ProcessId

The process id

AutomationRulePropertyConditionSupportedPropertyRegistryKey
RegistryKey

The registry key path

AutomationRulePropertyConditionSupportedPropertyRegistryValueData
RegistryValueData

The registry key value in string formatted representation

AutomationRulePropertyConditionSupportedPropertyUrl
Url

The url

IncidentTitle
IncidentTitle

The title of the incident

IncidentDescription
IncidentDescription

The description of the incident

IncidentSeverity
IncidentSeverity

The severity of the incident

IncidentStatus
IncidentStatus

The status of the incident

IncidentTactics
IncidentTactics

The tactics of the incident

IncidentRelatedAnalyticRuleIds
IncidentRelatedAnalyticRuleIds

The related Analytic rule ids of the incident

IncidentProviderName
IncidentProviderName

The provider name of the incident

AccountAadTenantId
AccountAadTenantId

The account Azure Active Directory tenant id

AccountAadUserId
AccountAadUserId

The account Azure Active Directory user id.

AccountName
AccountName

The account name

AccountNTDomain
AccountNTDomain

The account NetBIOS domain name

AccountPUID
AccountPUID

The account Azure Active Directory Passport User ID

AccountSid
AccountSid

The account security identifier

AccountObjectGuid
AccountObjectGuid

The account unique identifier

AccountUPNSuffix
AccountUPNSuffix

The account user principal name suffix

AzureResourceResourceId
AzureResourceResourceId

The Azure resource id

AzureResourceSubscriptionId
AzureResourceSubscriptionId

The Azure resource subscription id

CloudApplicationAppId
CloudApplicationAppId

The cloud application identifier

CloudApplicationAppName
CloudApplicationAppName

The cloud application name

DNSDomainName
DNSDomainName

The dns record domain name

FileDirectory
FileDirectory

The file directory full path

FileName
FileName

The file name without path

FileHashValue
FileHashValue

The file hash value

HostAzureID
HostAzureID

The host Azure resource id

HostName
HostName

The host name without domain

HostNetBiosName
HostNetBiosName

The host NetBIOS name

HostNTDomain
HostNTDomain

The host NT domain

HostOSVersion
HostOSVersion

The host operating system

IoTDeviceId
IoTDeviceId

The IoT device id

IoTDeviceName
IoTDeviceName

The IoT device name

IoTDeviceType
IoTDeviceType

The IoT device type

IoTDeviceVendor
IoTDeviceVendor

The IoT device vendor

IoTDeviceModel
IoTDeviceModel

The IoT device model

IoTDeviceOperatingSystem
IoTDeviceOperatingSystem

The IoT device operating system

IPAddress
IPAddress

The IP address

MailboxDisplayName
MailboxDisplayName

The mailbox display name

MailboxPrimaryAddress
MailboxPrimaryAddress

The mailbox primary address

MailboxUPN
MailboxUPN

The mailbox user principal name

MailMessageDeliveryAction
MailMessageDeliveryAction

The mail message delivery action

MailMessageDeliveryLocation
MailMessageDeliveryLocation

The mail message delivery location

MailMessageRecipient
MailMessageRecipient

The mail message recipient

MailMessageSenderIP
MailMessageSenderIP

The mail message sender IP address

MailMessageSubject
MailMessageSubject

The mail message subject

MailMessageP1Sender
MailMessageP1Sender

The mail message P1 sender

MailMessageP2Sender
MailMessageP2Sender

The mail message P2 sender

MalwareCategory
MalwareCategory

The malware category

MalwareName
MalwareName

The malware name

ProcessCommandLine
ProcessCommandLine

The process execution command line

ProcessId
ProcessId

The process id

RegistryKey
RegistryKey

The registry key path

RegistryValueData
RegistryValueData

The registry key value in string formatted representation

Url
Url

The url

IncidentTitle
IncidentTitle

The title of the incident

IncidentDescription
IncidentDescription

The description of the incident

IncidentSeverity
IncidentSeverity

The severity of the incident

IncidentStatus
IncidentStatus

The status of the incident

IncidentTactics
IncidentTactics

The tactics of the incident

IncidentRelatedAnalyticRuleIds
IncidentRelatedAnalyticRuleIds

The related Analytic rule ids of the incident

IncidentProviderName
IncidentProviderName

The provider name of the incident

AccountAadTenantId
AccountAadTenantId

The account Azure Active Directory tenant id

AccountAadUserId
AccountAadUserId

The account Azure Active Directory user id.

AccountName
AccountName

The account name

AccountNTDomain
AccountNTDomain

The account NetBIOS domain name

AccountPUID
AccountPUID

The account Azure Active Directory Passport User ID

AccountSid
AccountSid

The account security identifier

AccountObjectGuid
AccountObjectGuid

The account unique identifier

AccountUPNSuffix
AccountUPNSuffix

The account user principal name suffix

AzureResourceResourceId
AzureResourceResourceId

The Azure resource id

AzureResourceSubscriptionId
AzureResourceSubscriptionId

The Azure resource subscription id

CloudApplicationAppId
CloudApplicationAppId

The cloud application identifier

CloudApplicationAppName
CloudApplicationAppName

The cloud application name

DNSDomainName
DNSDomainName

The dns record domain name

FileDirectory
FileDirectory

The file directory full path

FileName
FileName

The file name without path

FileHashValue
FileHashValue

The file hash value

HostAzureID
HostAzureID

The host Azure resource id

HostName
HostName

The host name without domain

HostNetBiosName
HostNetBiosName

The host NetBIOS name

HostNTDomain
HostNTDomain

The host NT domain

HostOSVersion
HostOSVersion

The host operating system

IoTDeviceId
IoTDeviceId

The IoT device id

IoTDeviceName
IoTDeviceName

The IoT device name

IoTDeviceType
IoTDeviceType

The IoT device type

IoTDeviceVendor
IoTDeviceVendor

The IoT device vendor

IoTDeviceModel
IoTDeviceModel

The IoT device model

IoTDeviceOperatingSystem
IoTDeviceOperatingSystem

The IoT device operating system

IPAddress
IPAddress

The IP address

MailboxDisplayName
MailboxDisplayName

The mailbox display name

MailboxPrimaryAddress
MailboxPrimaryAddress

The mailbox primary address

MailboxUPN
MailboxUPN

The mailbox user principal name

MailMessageDeliveryAction
MailMessageDeliveryAction

The mail message delivery action

MailMessageDeliveryLocation
MailMessageDeliveryLocation

The mail message delivery location

MailMessageRecipient
MailMessageRecipient

The mail message recipient

MailMessageSenderIP
MailMessageSenderIP

The mail message sender IP address

MailMessageSubject
MailMessageSubject

The mail message subject

MailMessageP1Sender
MailMessageP1Sender

The mail message P1 sender

MailMessageP2Sender
MailMessageP2Sender

The mail message P2 sender

MalwareCategory
MalwareCategory

The malware category

MalwareName
MalwareName

The malware name

ProcessCommandLine
ProcessCommandLine

The process execution command line

ProcessId
ProcessId

The process id

RegistryKey
RegistryKey

The registry key path

RegistryValueData
RegistryValueData

The registry key value in string formatted representation

Url
Url

The url

INCIDENT_TITLE
IncidentTitle

The title of the incident

INCIDENT_DESCRIPTION
IncidentDescription

The description of the incident

INCIDENT_SEVERITY
IncidentSeverity

The severity of the incident

INCIDENT_STATUS
IncidentStatus

The status of the incident

INCIDENT_TACTICS
IncidentTactics

The tactics of the incident

INCIDENT_RELATED_ANALYTIC_RULE_IDS
IncidentRelatedAnalyticRuleIds

The related Analytic rule ids of the incident

INCIDENT_PROVIDER_NAME
IncidentProviderName

The provider name of the incident

ACCOUNT_AAD_TENANT_ID
AccountAadTenantId

The account Azure Active Directory tenant id

ACCOUNT_AAD_USER_ID
AccountAadUserId

The account Azure Active Directory user id.

ACCOUNT_NAME
AccountName

The account name

ACCOUNT_NT_DOMAIN
AccountNTDomain

The account NetBIOS domain name

ACCOUNT_PUID
AccountPUID

The account Azure Active Directory Passport User ID

ACCOUNT_SID
AccountSid

The account security identifier

ACCOUNT_OBJECT_GUID
AccountObjectGuid

The account unique identifier

ACCOUNT_UPN_SUFFIX
AccountUPNSuffix

The account user principal name suffix

AZURE_RESOURCE_RESOURCE_ID
AzureResourceResourceId

The Azure resource id

AZURE_RESOURCE_SUBSCRIPTION_ID
AzureResourceSubscriptionId

The Azure resource subscription id

CLOUD_APPLICATION_APP_ID
CloudApplicationAppId

The cloud application identifier

CLOUD_APPLICATION_APP_NAME
CloudApplicationAppName

The cloud application name

DNS_DOMAIN_NAME
DNSDomainName

The dns record domain name

FILE_DIRECTORY
FileDirectory

The file directory full path

FILE_NAME
FileName

The file name without path

FILE_HASH_VALUE
FileHashValue

The file hash value

HOST_AZURE_ID
HostAzureID

The host Azure resource id

HOST_NAME
HostName

The host name without domain

HOST_NET_BIOS_NAME
HostNetBiosName

The host NetBIOS name

HOST_NT_DOMAIN
HostNTDomain

The host NT domain

HOST_OS_VERSION
HostOSVersion

The host operating system

IO_T_DEVICE_ID
IoTDeviceId

The IoT device id

IO_T_DEVICE_NAME
IoTDeviceName

The IoT device name

IO_T_DEVICE_TYPE
IoTDeviceType

The IoT device type

IO_T_DEVICE_VENDOR
IoTDeviceVendor

The IoT device vendor

IO_T_DEVICE_MODEL
IoTDeviceModel

The IoT device model

IO_T_DEVICE_OPERATING_SYSTEM
IoTDeviceOperatingSystem

The IoT device operating system

IP_ADDRESS
IPAddress

The IP address

MAILBOX_DISPLAY_NAME
MailboxDisplayName

The mailbox display name

MAILBOX_PRIMARY_ADDRESS
MailboxPrimaryAddress

The mailbox primary address

MAILBOX_UPN
MailboxUPN

The mailbox user principal name

MAIL_MESSAGE_DELIVERY_ACTION
MailMessageDeliveryAction

The mail message delivery action

MAIL_MESSAGE_DELIVERY_LOCATION
MailMessageDeliveryLocation

The mail message delivery location

MAIL_MESSAGE_RECIPIENT
MailMessageRecipient

The mail message recipient

MAIL_MESSAGE_SENDER_IP
MailMessageSenderIP

The mail message sender IP address

MAIL_MESSAGE_SUBJECT
MailMessageSubject

The mail message subject

MAIL_MESSAGE_P1_SENDER
MailMessageP1Sender

The mail message P1 sender

MAIL_MESSAGE_P2_SENDER
MailMessageP2Sender

The mail message P2 sender

MALWARE_CATEGORY
MalwareCategory

The malware category

MALWARE_NAME
MalwareName

The malware name

PROCESS_COMMAND_LINE
ProcessCommandLine

The process execution command line

PROCESS_ID
ProcessId

The process id

REGISTRY_KEY
RegistryKey

The registry key path

REGISTRY_VALUE_DATA
RegistryValueData

The registry key value in string formatted representation

URL
Url

The url

"IncidentTitle"
IncidentTitle

The title of the incident

"IncidentDescription"
IncidentDescription

The description of the incident

"IncidentSeverity"
IncidentSeverity

The severity of the incident

"IncidentStatus"
IncidentStatus

The status of the incident

"IncidentTactics"
IncidentTactics

The tactics of the incident

"IncidentRelatedAnalyticRuleIds"
IncidentRelatedAnalyticRuleIds

The related Analytic rule ids of the incident

"IncidentProviderName"
IncidentProviderName

The provider name of the incident

"AccountAadTenantId"
AccountAadTenantId

The account Azure Active Directory tenant id

"AccountAadUserId"
AccountAadUserId

The account Azure Active Directory user id.

"AccountName"
AccountName

The account name

"AccountNTDomain"
AccountNTDomain

The account NetBIOS domain name

"AccountPUID"
AccountPUID

The account Azure Active Directory Passport User ID

"AccountSid"
AccountSid

The account security identifier

"AccountObjectGuid"
AccountObjectGuid

The account unique identifier

"AccountUPNSuffix"
AccountUPNSuffix

The account user principal name suffix

"AzureResourceResourceId"
AzureResourceResourceId

The Azure resource id

"AzureResourceSubscriptionId"
AzureResourceSubscriptionId

The Azure resource subscription id

"CloudApplicationAppId"
CloudApplicationAppId

The cloud application identifier

"CloudApplicationAppName"
CloudApplicationAppName

The cloud application name

"DNSDomainName"
DNSDomainName

The dns record domain name

"FileDirectory"
FileDirectory

The file directory full path

"FileName"
FileName

The file name without path

"FileHashValue"
FileHashValue

The file hash value

"HostAzureID"
HostAzureID

The host Azure resource id

"HostName"
HostName

The host name without domain

"HostNetBiosName"
HostNetBiosName

The host NetBIOS name

"HostNTDomain"
HostNTDomain

The host NT domain

"HostOSVersion"
HostOSVersion

The host operating system

"IoTDeviceId"
IoTDeviceId

The IoT device id

"IoTDeviceName"
IoTDeviceName

The IoT device name

"IoTDeviceType"
IoTDeviceType

The IoT device type

"IoTDeviceVendor"
IoTDeviceVendor

The IoT device vendor

"IoTDeviceModel"
IoTDeviceModel

The IoT device model

"IoTDeviceOperatingSystem"
IoTDeviceOperatingSystem

The IoT device operating system

"IPAddress"
IPAddress

The IP address

"MailboxDisplayName"
MailboxDisplayName

The mailbox display name

"MailboxPrimaryAddress"
MailboxPrimaryAddress

The mailbox primary address

"MailboxUPN"
MailboxUPN

The mailbox user principal name

"MailMessageDeliveryAction"
MailMessageDeliveryAction

The mail message delivery action

"MailMessageDeliveryLocation"
MailMessageDeliveryLocation

The mail message delivery location

"MailMessageRecipient"
MailMessageRecipient

The mail message recipient

"MailMessageSenderIP"
MailMessageSenderIP

The mail message sender IP address

"MailMessageSubject"
MailMessageSubject

The mail message subject

"MailMessageP1Sender"
MailMessageP1Sender

The mail message P1 sender

"MailMessageP2Sender"
MailMessageP2Sender

The mail message P2 sender

"MalwareCategory"
MalwareCategory

The malware category

"MalwareName"
MalwareName

The malware name

"ProcessCommandLine"
ProcessCommandLine

The process execution command line

"ProcessId"
ProcessId

The process id

"RegistryKey"
RegistryKey

The registry key path

"RegistryValueData"
RegistryValueData

The registry key value in string formatted representation

"Url"
Url

The url

AutomationRulePropertyValuesCondition

ConditionProperties AutomationRulePropertyValuesConditionConditionProperties

The configuration of the automation rule condition

conditionProperties AutomationRulePropertyValuesConditionConditionProperties

The configuration of the automation rule condition

conditionProperties AutomationRulePropertyValuesConditionConditionProperties

The configuration of the automation rule condition

condition_properties AutomationRulePropertyValuesConditionConditionProperties

The configuration of the automation rule condition

conditionProperties Property Map

The configuration of the automation rule condition

AutomationRulePropertyValuesConditionConditionProperties

Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator

The operator to use for evaluation the condition

PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedProperty

The property to evaluate

PropertyValues List<string>

The values to use for evaluating the condition

Operator string | AutomationRulePropertyConditionSupportedOperator

The operator to use for evaluation the condition

PropertyName string | AutomationRulePropertyConditionSupportedProperty

The property to evaluate

PropertyValues []string

The values to use for evaluating the condition

operator String | AutomationRulePropertyConditionSupportedOperator

The operator to use for evaluation the condition

propertyName String | AutomationRulePropertyConditionSupportedProperty

The property to evaluate

propertyValues List<String>

The values to use for evaluating the condition

operator string | AutomationRulePropertyConditionSupportedOperator

The operator to use for evaluation the condition

propertyName string | AutomationRulePropertyConditionSupportedProperty

The property to evaluate

propertyValues string[]

The values to use for evaluating the condition

operator str | AutomationRulePropertyConditionSupportedOperator

The operator to use for evaluation the condition

property_name str | AutomationRulePropertyConditionSupportedProperty

The property to evaluate

property_values Sequence[str]

The values to use for evaluating the condition

operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"

The operator to use for evaluation the condition

propertyName String | "IncidentTitle" | "IncidentDescription" | "IncidentSeverity" | "IncidentStatus" | "IncidentTactics" | "IncidentRelatedAnalyticRuleIds" | "IncidentProviderName" | "AccountAadTenantId" | "AccountAadUserId" | "AccountName" | "AccountNTDomain" | "AccountPUID" | "AccountSid" | "AccountObjectGuid" | "AccountUPNSuffix" | "AzureResourceResourceId" | "AzureResourceSubscriptionId" | "CloudApplicationAppId" | "CloudApplicationAppName" | "DNSDomainName" | "FileDirectory" | "FileName" | "FileHashValue" | "HostAzureID" | "HostName" | "HostNetBiosName" | "HostNTDomain" | "HostOSVersion" | "IoTDeviceId" | "IoTDeviceName" | "IoTDeviceType" | "IoTDeviceVendor" | "IoTDeviceModel" | "IoTDeviceOperatingSystem" | "IPAddress" | "MailboxDisplayName" | "MailboxPrimaryAddress" | "MailboxUPN" | "MailMessageDeliveryAction" | "MailMessageDeliveryLocation" | "MailMessageRecipient" | "MailMessageSenderIP" | "MailMessageSubject" | "MailMessageP1Sender" | "MailMessageP2Sender" | "MalwareCategory" | "MalwareName" | "ProcessCommandLine" | "ProcessId" | "RegistryKey" | "RegistryValueData" | "Url"

The property to evaluate

propertyValues List<String>

The values to use for evaluating the condition

AutomationRulePropertyValuesConditionResponse

conditionProperties Property Map

The configuration of the automation rule condition

AutomationRulePropertyValuesConditionResponseConditionProperties

Operator string

The operator to use for evaluation the condition

PropertyName string

The property to evaluate

PropertyValues List<string>

The values to use for evaluating the condition

Operator string

The operator to use for evaluation the condition

PropertyName string

The property to evaluate

PropertyValues []string

The values to use for evaluating the condition

operator String

The operator to use for evaluation the condition

propertyName String

The property to evaluate

propertyValues List<String>

The values to use for evaluating the condition

operator string

The operator to use for evaluation the condition

propertyName string

The property to evaluate

propertyValues string[]

The values to use for evaluating the condition

operator str

The operator to use for evaluation the condition

property_name str

The property to evaluate

property_values Sequence[str]

The values to use for evaluating the condition

operator String

The operator to use for evaluation the condition

propertyName String

The property to evaluate

propertyValues List<String>

The values to use for evaluating the condition

AutomationRuleRunPlaybookAction

ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfiguration

The configuration of the run playbook automation rule action

Order int

The order of execution of the automation rule action

ActionConfiguration AutomationRuleRunPlaybookActionActionConfiguration

The configuration of the run playbook automation rule action

Order int

The order of execution of the automation rule action

actionConfiguration AutomationRuleRunPlaybookActionActionConfiguration

The configuration of the run playbook automation rule action

order Integer

The order of execution of the automation rule action

actionConfiguration AutomationRuleRunPlaybookActionActionConfiguration

The configuration of the run playbook automation rule action

order number

The order of execution of the automation rule action

action_configuration AutomationRuleRunPlaybookActionActionConfiguration

The configuration of the run playbook automation rule action

order int

The order of execution of the automation rule action

actionConfiguration Property Map

The configuration of the run playbook automation rule action

order Number

The order of execution of the automation rule action

AutomationRuleRunPlaybookActionActionConfiguration

LogicAppResourceId string

The resource id of the playbook resource

TenantId string

The tenant id of the playbook resource

LogicAppResourceId string

The resource id of the playbook resource

TenantId string

The tenant id of the playbook resource

logicAppResourceId String

The resource id of the playbook resource

tenantId String

The tenant id of the playbook resource

logicAppResourceId string

The resource id of the playbook resource

tenantId string

The tenant id of the playbook resource

logic_app_resource_id str

The resource id of the playbook resource

tenant_id str

The tenant id of the playbook resource

logicAppResourceId String

The resource id of the playbook resource

tenantId String

The tenant id of the playbook resource

AutomationRuleRunPlaybookActionResponse

ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionResponseActionConfiguration

The configuration of the run playbook automation rule action

Order int

The order of execution of the automation rule action

ActionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration

The configuration of the run playbook automation rule action

Order int

The order of execution of the automation rule action

actionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration

The configuration of the run playbook automation rule action

order Integer

The order of execution of the automation rule action

actionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration

The configuration of the run playbook automation rule action

order number

The order of execution of the automation rule action

action_configuration AutomationRuleRunPlaybookActionResponseActionConfiguration

The configuration of the run playbook automation rule action

order int

The order of execution of the automation rule action

actionConfiguration Property Map

The configuration of the run playbook automation rule action

order Number

The order of execution of the automation rule action

AutomationRuleRunPlaybookActionResponseActionConfiguration

LogicAppResourceId string

The resource id of the playbook resource

TenantId string

The tenant id of the playbook resource

LogicAppResourceId string

The resource id of the playbook resource

TenantId string

The tenant id of the playbook resource

logicAppResourceId String

The resource id of the playbook resource

tenantId String

The tenant id of the playbook resource

logicAppResourceId string

The resource id of the playbook resource

tenantId string

The tenant id of the playbook resource

logic_app_resource_id str

The resource id of the playbook resource

tenant_id str

The tenant id of the playbook resource

logicAppResourceId String

The resource id of the playbook resource

tenantId String

The tenant id of the playbook resource

AutomationRuleTriggeringLogic

IsEnabled bool

Determines whether the automation rule is enabled or disabled.

TriggersOn string | Pulumi.AzureNative.SecurityInsights.TriggersOn

The type of object the automation rule triggers on

TriggersWhen string | Pulumi.AzureNative.SecurityInsights.TriggersWhen

The type of event the automation rule triggers on

Conditions List<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesCondition>

The conditions to evaluate to determine if the automation rule should be triggered on a given object

ExpirationTimeUtc string

Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool

Determines whether the automation rule is enabled or disabled.

TriggersOn string | TriggersOn

The type of object the automation rule triggers on

TriggersWhen string | TriggersWhen

The type of event the automation rule triggers on

Conditions []AutomationRulePropertyValuesCondition

The conditions to evaluate to determine if the automation rule should be triggered on a given object

ExpirationTimeUtc string

Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean

Determines whether the automation rule is enabled or disabled.

triggersOn String | TriggersOn

The type of object the automation rule triggers on

triggersWhen String | TriggersWhen

The type of event the automation rule triggers on

conditions List<AutomationRulePropertyValuesCondition>

The conditions to evaluate to determine if the automation rule should be triggered on a given object

expirationTimeUtc String

Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean

Determines whether the automation rule is enabled or disabled.

triggersOn string | TriggersOn

The type of object the automation rule triggers on

triggersWhen string | TriggersWhen

The type of event the automation rule triggers on

conditions AutomationRulePropertyValuesCondition[]

The conditions to evaluate to determine if the automation rule should be triggered on a given object

expirationTimeUtc string

Determines when the automation rule should automatically expire and be disabled.

is_enabled bool

Determines whether the automation rule is enabled or disabled.

triggers_on str | TriggersOn

The type of object the automation rule triggers on

triggers_when str | TriggersWhen

The type of event the automation rule triggers on

conditions Sequence[AutomationRulePropertyValuesCondition]

The conditions to evaluate to determine if the automation rule should be triggered on a given object

expiration_time_utc str

Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean

Determines whether the automation rule is enabled or disabled.

triggersOn String | "Incidents"

The type of object the automation rule triggers on

triggersWhen String | "Created"

The type of event the automation rule triggers on

conditions List<Property Map>

The conditions to evaluate to determine if the automation rule should be triggered on a given object

expirationTimeUtc String

Determines when the automation rule should automatically expire and be disabled.

AutomationRuleTriggeringLogicResponse

IsEnabled bool

Determines whether the automation rule is enabled or disabled.

TriggersOn string

The type of object the automation rule triggers on

TriggersWhen string

The type of event the automation rule triggers on

Conditions List<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionResponse>

The conditions to evaluate to determine if the automation rule should be triggered on a given object

ExpirationTimeUtc string

Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool

Determines whether the automation rule is enabled or disabled.

TriggersOn string

The type of object the automation rule triggers on

TriggersWhen string

The type of event the automation rule triggers on

Conditions []AutomationRulePropertyValuesConditionResponse

The conditions to evaluate to determine if the automation rule should be triggered on a given object

ExpirationTimeUtc string

Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean

Determines whether the automation rule is enabled or disabled.

triggersOn String

The type of object the automation rule triggers on

triggersWhen String

The type of event the automation rule triggers on

conditions List<AutomationRulePropertyValuesConditionResponse>

The conditions to evaluate to determine if the automation rule should be triggered on a given object

expirationTimeUtc String

Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean

Determines whether the automation rule is enabled or disabled.

triggersOn string

The type of object the automation rule triggers on

triggersWhen string

The type of event the automation rule triggers on

conditions AutomationRulePropertyValuesConditionResponse[]

The conditions to evaluate to determine if the automation rule should be triggered on a given object

expirationTimeUtc string

Determines when the automation rule should automatically expire and be disabled.

is_enabled bool

Determines whether the automation rule is enabled or disabled.

triggers_on str

The type of object the automation rule triggers on

triggers_when str

The type of event the automation rule triggers on

conditions Sequence[AutomationRulePropertyValuesConditionResponse]

The conditions to evaluate to determine if the automation rule should be triggered on a given object

expiration_time_utc str

Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean

Determines whether the automation rule is enabled or disabled.

triggersOn String

The type of object the automation rule triggers on

triggersWhen String

The type of event the automation rule triggers on

conditions List<Property Map>

The conditions to evaluate to determine if the automation rule should be triggered on a given object

expirationTimeUtc String

Determines when the automation rule should automatically expire and be disabled.

ClientInfoResponse

Email string

The email of the client.

Name string

The name of the client.

ObjectId string

The object id of the client.

UserPrincipalName string

The user principal name of the client.

Email string

The email of the client.

Name string

The name of the client.

ObjectId string

The object id of the client.

UserPrincipalName string

The user principal name of the client.

email String

The email of the client.

name String

The name of the client.

objectId String

The object id of the client.

userPrincipalName String

The user principal name of the client.

email string

The email of the client.

name string

The name of the client.

objectId string

The object id of the client.

userPrincipalName string

The user principal name of the client.

email str

The email of the client.

name str

The name of the client.

object_id str

The object id of the client.

user_principal_name str

The user principal name of the client.

email String

The email of the client.

name String

The name of the client.

objectId String

The object id of the client.

userPrincipalName String

The user principal name of the client.

IncidentClassification

Undetermined
Undetermined

Incident classification was undetermined

TruePositive
TruePositive

Incident was true positive

BenignPositive
BenignPositive

Incident was benign positive

FalsePositive
FalsePositive

Incident was false positive

IncidentClassificationUndetermined
Undetermined

Incident classification was undetermined

IncidentClassificationTruePositive
TruePositive

Incident was true positive

IncidentClassificationBenignPositive
BenignPositive

Incident was benign positive

IncidentClassificationFalsePositive
FalsePositive

Incident was false positive

Undetermined
Undetermined

Incident classification was undetermined

TruePositive
TruePositive

Incident was true positive

BenignPositive
BenignPositive

Incident was benign positive

FalsePositive
FalsePositive

Incident was false positive

Undetermined
Undetermined

Incident classification was undetermined

TruePositive
TruePositive

Incident was true positive

BenignPositive
BenignPositive

Incident was benign positive

FalsePositive
FalsePositive

Incident was false positive

UNDETERMINED
Undetermined

Incident classification was undetermined

TRUE_POSITIVE
TruePositive

Incident was true positive

BENIGN_POSITIVE
BenignPositive

Incident was benign positive

FALSE_POSITIVE
FalsePositive

Incident was false positive

"Undetermined"
Undetermined

Incident classification was undetermined

"TruePositive"
TruePositive

Incident was true positive

"BenignPositive"
BenignPositive

Incident was benign positive

"FalsePositive"
FalsePositive

Incident was false positive

IncidentClassificationReason

SuspiciousActivity
SuspiciousActivity

Classification reason was suspicious activity

SuspiciousButExpected
SuspiciousButExpected

Classification reason was suspicious but expected

IncorrectAlertLogic
IncorrectAlertLogic

Classification reason was incorrect alert logic

InaccurateData
InaccurateData

Classification reason was inaccurate data

IncidentClassificationReasonSuspiciousActivity
SuspiciousActivity

Classification reason was suspicious activity

IncidentClassificationReasonSuspiciousButExpected
SuspiciousButExpected

Classification reason was suspicious but expected

IncidentClassificationReasonIncorrectAlertLogic
IncorrectAlertLogic

Classification reason was incorrect alert logic

IncidentClassificationReasonInaccurateData
InaccurateData

Classification reason was inaccurate data

SuspiciousActivity
SuspiciousActivity

Classification reason was suspicious activity

SuspiciousButExpected
SuspiciousButExpected

Classification reason was suspicious but expected

IncorrectAlertLogic
IncorrectAlertLogic

Classification reason was incorrect alert logic

InaccurateData
InaccurateData

Classification reason was inaccurate data

SuspiciousActivity
SuspiciousActivity

Classification reason was suspicious activity

SuspiciousButExpected
SuspiciousButExpected

Classification reason was suspicious but expected

IncorrectAlertLogic
IncorrectAlertLogic

Classification reason was incorrect alert logic

InaccurateData
InaccurateData

Classification reason was inaccurate data

SUSPICIOUS_ACTIVITY
SuspiciousActivity

Classification reason was suspicious activity

SUSPICIOUS_BUT_EXPECTED
SuspiciousButExpected

Classification reason was suspicious but expected

INCORRECT_ALERT_LOGIC
IncorrectAlertLogic

Classification reason was incorrect alert logic

INACCURATE_DATA
InaccurateData

Classification reason was inaccurate data

"SuspiciousActivity"
SuspiciousActivity

Classification reason was suspicious activity

"SuspiciousButExpected"
SuspiciousButExpected

Classification reason was suspicious but expected

"IncorrectAlertLogic"
IncorrectAlertLogic

Classification reason was incorrect alert logic

"InaccurateData"
InaccurateData

Classification reason was inaccurate data

IncidentLabel

LabelName string

The name of the label

LabelName string

The name of the label

labelName String

The name of the label

labelName string

The name of the label

label_name str

The name of the label

labelName String

The name of the label

IncidentLabelResponse

LabelName string

The name of the label

LabelType string

The type of the label

LabelName string

The name of the label

LabelType string

The type of the label

labelName String

The name of the label

labelType String

The type of the label

labelName string

The name of the label

labelType string

The type of the label

label_name str

The name of the label

label_type str

The type of the label

labelName String

The name of the label

labelType String

The type of the label

IncidentOwnerInfo

AssignedTo string

The name of the user the incident is assigned to.

Email string

The email of the user the incident is assigned to.

ObjectId string

The object id of the user the incident is assigned to.

UserPrincipalName string

The user principal name of the user the incident is assigned to.

AssignedTo string

The name of the user the incident is assigned to.

Email string

The email of the user the incident is assigned to.

ObjectId string

The object id of the user the incident is assigned to.

UserPrincipalName string

The user principal name of the user the incident is assigned to.

assignedTo String

The name of the user the incident is assigned to.

email String

The email of the user the incident is assigned to.

objectId String

The object id of the user the incident is assigned to.

userPrincipalName String

The user principal name of the user the incident is assigned to.

assignedTo string

The name of the user the incident is assigned to.

email string

The email of the user the incident is assigned to.

objectId string

The object id of the user the incident is assigned to.

userPrincipalName string

The user principal name of the user the incident is assigned to.

assigned_to str

The name of the user the incident is assigned to.

email str

The email of the user the incident is assigned to.

object_id str

The object id of the user the incident is assigned to.

user_principal_name str

The user principal name of the user the incident is assigned to.

assignedTo String

The name of the user the incident is assigned to.

email String

The email of the user the incident is assigned to.

objectId String

The object id of the user the incident is assigned to.

userPrincipalName String

The user principal name of the user the incident is assigned to.

IncidentOwnerInfoResponse

AssignedTo string

The name of the user the incident is assigned to.

Email string

The email of the user the incident is assigned to.

ObjectId string

The object id of the user the incident is assigned to.

UserPrincipalName string

The user principal name of the user the incident is assigned to.

AssignedTo string

The name of the user the incident is assigned to.

Email string

The email of the user the incident is assigned to.

ObjectId string

The object id of the user the incident is assigned to.

UserPrincipalName string

The user principal name of the user the incident is assigned to.

assignedTo String

The name of the user the incident is assigned to.

email String

The email of the user the incident is assigned to.

objectId String

The object id of the user the incident is assigned to.

userPrincipalName String

The user principal name of the user the incident is assigned to.

assignedTo string

The name of the user the incident is assigned to.

email string

The email of the user the incident is assigned to.

objectId string

The object id of the user the incident is assigned to.

userPrincipalName string

The user principal name of the user the incident is assigned to.

assigned_to str

The name of the user the incident is assigned to.

email str

The email of the user the incident is assigned to.

object_id str

The object id of the user the incident is assigned to.

user_principal_name str

The user principal name of the user the incident is assigned to.

assignedTo String

The name of the user the incident is assigned to.

email String

The email of the user the incident is assigned to.

objectId String

The object id of the user the incident is assigned to.

userPrincipalName String

The user principal name of the user the incident is assigned to.

IncidentSeverity

High
High

High severity

Medium
Medium

Medium severity

Low
Low

Low severity

Informational
Informational

Informational severity

IncidentSeverityHigh
High

High severity

IncidentSeverityMedium
Medium

Medium severity

IncidentSeverityLow
Low

Low severity

IncidentSeverityInformational
Informational

Informational severity

High
High

High severity

Medium
Medium

Medium severity

Low
Low

Low severity

Informational
Informational

Informational severity

High
High

High severity

Medium
Medium

Medium severity

Low
Low

Low severity

Informational
Informational

Informational severity

HIGH
High

High severity

MEDIUM
Medium

Medium severity

LOW
Low

Low severity

INFORMATIONAL
Informational

Informational severity

"High"
High

High severity

"Medium"
Medium

Medium severity

"Low"
Low

Low severity

"Informational"
Informational

Informational severity

IncidentStatus

New
New

An active incident which isn't being handled currently

Active
Active

An active incident which is being handled

Closed
Closed

A non-active incident

IncidentStatusNew
New

An active incident which isn't being handled currently

IncidentStatusActive
Active

An active incident which is being handled

IncidentStatusClosed
Closed

A non-active incident

New
New

An active incident which isn't being handled currently

Active
Active

An active incident which is being handled

Closed
Closed

A non-active incident

New
New

An active incident which isn't being handled currently

Active
Active

An active incident which is being handled

Closed
Closed

A non-active incident

NEW
New

An active incident which isn't being handled currently

ACTIVE
Active

An active incident which is being handled

CLOSED
Closed

A non-active incident

"New"
New

An active incident which isn't being handled currently

"Active"
Active

An active incident which is being handled

"Closed"
Closed

A non-active incident

TriggersOn

Incidents
Incidents

Trigger on Incidents

TriggersOnIncidents
Incidents

Trigger on Incidents

Incidents
Incidents

Trigger on Incidents

Incidents
Incidents

Trigger on Incidents

INCIDENTS
Incidents

Trigger on Incidents

"Incidents"
Incidents

Trigger on Incidents

TriggersWhen

Created
Created

Trigger on created objects

TriggersWhenCreated
Created

Trigger on created objects

Created
Created

Trigger on created objects

Created
Created

Trigger on created objects

CREATED
Created

Trigger on created objects

"Created"
Created

Trigger on created objects

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5 

Package Details

Repository
Azure Native pulumi/pulumi-azure-native
License
Apache-2.0