Azure Native v2.9.0, Sep 27 23

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.9.0 published on Wednesday, Sep 27, 2023 by Pulumi

pulumi/pulumi-azure-native

azure-native.securityinsights.AutomationRule

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.9.0 published on Wednesday, Sep 27, 2023 by Pulumi

pulumi/pulumi-azure-native

Example Usage

AutomationRules_CreateOrUpdate

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
    {
        AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        ResourceGroupName = "myRg",
        WorkspaceName = "myWorkspace",
    });

});

package main

import (
	"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
			AutomationRuleId:  pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			ResourceGroupName: pulumi.String("myRg"),
			WorkspaceName:     pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()        
            .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .resourceGroupName("myRg")
            .workspaceName("myWorkspace")
            .build());

    }
}

import pulumi
import pulumi_azure_native as azure_native

automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
    automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    resource_group_name="myRg",
    workspace_name="myWorkspace")

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
    automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    resourceGroupName: "myRg",
    workspaceName: "myWorkspace",
});

resources:
  automationRule:
    type: azure-native:securityinsights:AutomationRule
    properties:
      automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
      resourceGroupName: myRg
      workspaceName: myWorkspace

Create AutomationRule Resource

new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);

@overload
def AutomationRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                   automation_rule_id: Optional[str] = None,
                   display_name: Optional[str] = None,
                   order: Optional[int] = None,
                   resource_group_name: Optional[str] = None,
                   triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                   workspace_name: Optional[str] = None)
@overload
def AutomationRule(resource_name: str,
                   args: AutomationRuleArgs,
                   opts: Optional[ResourceOptions] = None)

func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)

public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)

public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)

type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

AutomationRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AutomationRule resource accepts the following input properties:

Actions List<Union<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesAction, Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs>>: The actions to execute when the automation rule is triggered.
DisplayName string: The display name of the automation rule.
Order int: The order of execution of the automation rule.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
TriggeringLogic Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
WorkspaceName string: The name of the workspace.
AutomationRuleId string: Automation rule ID

Actions []interface{}: The actions to execute when the automation rule is triggered.
DisplayName string: The display name of the automation rule.
Order int: The order of execution of the automation rule.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
TriggeringLogic AutomationRuleTriggeringLogicArgs: Describes automation rule triggering logic.
WorkspaceName string: The name of the workspace.
AutomationRuleId string: Automation rule ID

actions List<Either<AutomationRuleModifyPropertiesAction,AutomationRuleRunPlaybookActionArgs>>: The actions to execute when the automation rule is triggered.
displayName String: The display name of the automation rule.
order Integer: The order of execution of the automation rule.
resourceGroupName String: The name of the resource group. The name is case insensitive.
triggeringLogic AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
workspaceName String: The name of the workspace.
automationRuleId String: Automation rule ID

actions (AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookActionArgs)[]: The actions to execute when the automation rule is triggered.
displayName string: The display name of the automation rule.
order number: The order of execution of the automation rule.
resourceGroupName string: The name of the resource group. The name is case insensitive.
triggeringLogic AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
workspaceName string: The name of the workspace.
automationRuleId string: Automation rule ID

actions Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]: The actions to execute when the automation rule is triggered.
display_name str: The display name of the automation rule.
order int: The order of execution of the automation rule.
resource_group_name str: The name of the resource group. The name is case insensitive.
triggering_logic AutomationRuleTriggeringLogicArgs: Describes automation rule triggering logic.
workspace_name str: The name of the workspace.
automation_rule_id str: Automation rule ID

actions List<Property Map | Property Map>: The actions to execute when the automation rule is triggered.
displayName String: The display name of the automation rule.
order Number: The order of execution of the automation rule.
resourceGroupName String: The name of the resource group. The name is case insensitive.
triggeringLogic Property Map: Describes automation rule triggering logic.
workspaceName String: The name of the workspace.
automationRuleId String: Automation rule ID

Outputs

All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

CreatedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse: Information on the client (user or application) that made some action
CreatedTimeUtc string: The time the automation rule was created.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse: Information on the client (user or application) that made some action
LastModifiedTimeUtc string: The last time the automation rule was updated.
Name string: The name of the resource
SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Etag string: Etag of the azure resource

CreatedBy ClientInfoResponse: Information on the client (user or application) that made some action
CreatedTimeUtc string: The time the automation rule was created.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
LastModifiedTimeUtc string: The last time the automation rule was updated.
Name string: The name of the resource
SystemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Etag string: Etag of the azure resource

createdBy ClientInfoResponse: Information on the client (user or application) that made some action
createdTimeUtc String: The time the automation rule was created.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
lastModifiedTimeUtc String: The last time the automation rule was updated.
name String: The name of the resource
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag String: Etag of the azure resource

createdBy ClientInfoResponse: Information on the client (user or application) that made some action
createdTimeUtc string: The time the automation rule was created.
id string: The provider-assigned unique ID for this managed resource.
lastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
lastModifiedTimeUtc string: The last time the automation rule was updated.
name string: The name of the resource
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag string: Etag of the azure resource

created_by ClientInfoResponse: Information on the client (user or application) that made some action
created_time_utc str: The time the automation rule was created.
id str: The provider-assigned unique ID for this managed resource.
last_modified_by ClientInfoResponse: Information on the client (user or application) that made some action
last_modified_time_utc str: The last time the automation rule was updated.
name str: The name of the resource
system_data SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type str: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag str: Etag of the azure resource

createdBy Property Map: Information on the client (user or application) that made some action
createdTimeUtc String: The time the automation rule was created.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy Property Map: Information on the client (user or application) that made some action
lastModifiedTimeUtc String: The last time the automation rule was updated.
name String: The name of the resource
systemData Property Map: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag String: Etag of the azure resource

Supporting Types

AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.IncidentPropertiesAction

Order int
ActionConfiguration IncidentPropertiesAction

order Integer
actionConfiguration IncidentPropertiesAction

order number
actionConfiguration IncidentPropertiesAction

order int
action_configuration IncidentPropertiesAction

order Number
actionConfiguration Property Map

AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.IncidentPropertiesActionResponse

Order int
ActionConfiguration IncidentPropertiesActionResponse

order Integer
actionConfiguration IncidentPropertiesActionResponse

order number
actionConfiguration IncidentPropertiesActionResponse

order int
action_configuration IncidentPropertiesActionResponse

order Number
actionConfiguration Property Map

AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs

Alerts: Alerts
Evaluate the condition on the alerts
Labels: Labels
Evaluate the condition on the labels
Tactics: Tactics
Evaluate the condition on the tactics
Comments: Comments
Evaluate the condition on the comments

AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts: Alerts
Evaluate the condition on the alerts
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels: Labels
Evaluate the condition on the labels
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics: Tactics
Evaluate the condition on the tactics
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments: Comments
Evaluate the condition on the comments

Alerts: Alerts
Evaluate the condition on the alerts
Labels: Labels
Evaluate the condition on the labels
Tactics: Tactics
Evaluate the condition on the tactics
Comments: Comments
Evaluate the condition on the comments

Alerts: Alerts
Evaluate the condition on the alerts
Labels: Labels
Evaluate the condition on the labels
Tactics: Tactics
Evaluate the condition on the tactics
Comments: Comments
Evaluate the condition on the comments

ALERTS: Alerts
Evaluate the condition on the alerts
LABELS: Labels
Evaluate the condition on the labels
TACTICS: Tactics
Evaluate the condition on the tactics
COMMENTS: Comments
Evaluate the condition on the comments

"Alerts": Alerts
Evaluate the condition on the alerts
"Labels": Labels
Evaluate the condition on the labels
"Tactics": Tactics
Evaluate the condition on the tactics
"Comments": Comments
Evaluate the condition on the comments

AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs

Added: Added
Evaluate the condition on items added to the array

AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded: Added
Evaluate the condition on items added to the array

Added: Added
Evaluate the condition on items added to the array

Added: Added
Evaluate the condition on items added to the array

ADDED: Added
Evaluate the condition on items added to the array

"Added": Added
Evaluate the condition on items added to the array

AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs

ArrayType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyArrayChangedConditionSupportedArrayType
ChangeType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyArrayChangedConditionSupportedChangeType

ArrayType string | AutomationRulePropertyArrayChangedConditionSupportedArrayType
ChangeType string | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType String | AutomationRulePropertyArrayChangedConditionSupportedArrayType
changeType String | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType string | AutomationRulePropertyArrayChangedConditionSupportedArrayType
changeType string | AutomationRulePropertyArrayChangedConditionSupportedChangeType

array_type str | AutomationRulePropertyArrayChangedConditionSupportedArrayType
change_type str | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType String | "Alerts" | "Labels" | "Tactics" | "Comments"
changeType String | "Added"

AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs

ArrayType string
ChangeType string

ArrayType string
ChangeType string

arrayType String
changeType String

arrayType string
changeType string

array_type str
change_type str

arrayType String
changeType String

AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs

ChangedFrom: ChangedFrom
Evaluate the condition on the previous value of the property
ChangedTo: ChangedTo
Evaluate the condition on the updated value of the property

AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom: ChangedFrom
Evaluate the condition on the previous value of the property
AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo: ChangedTo
Evaluate the condition on the updated value of the property

ChangedFrom: ChangedFrom
Evaluate the condition on the previous value of the property
ChangedTo: ChangedTo
Evaluate the condition on the updated value of the property

ChangedFrom: ChangedFrom
Evaluate the condition on the previous value of the property
ChangedTo: ChangedTo
Evaluate the condition on the updated value of the property

CHANGED_FROM: ChangedFrom
Evaluate the condition on the previous value of the property
CHANGED_TO: ChangedTo
Evaluate the condition on the updated value of the property

"ChangedFrom": ChangedFrom
Evaluate the condition on the previous value of the property
"ChangedTo": ChangedTo
Evaluate the condition on the updated value of the property

AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs

IncidentSeverity: IncidentSeverity
Evaluate the condition on the incident severity
IncidentStatus: IncidentStatus
Evaluate the condition on the incident status
IncidentOwner: IncidentOwner
Evaluate the condition on the incident owner

AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity: IncidentSeverity
Evaluate the condition on the incident severity
AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus: IncidentStatus
Evaluate the condition on the incident status
AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner: IncidentOwner
Evaluate the condition on the incident owner

IncidentSeverity: IncidentSeverity
Evaluate the condition on the incident severity
IncidentStatus: IncidentStatus
Evaluate the condition on the incident status
IncidentOwner: IncidentOwner
Evaluate the condition on the incident owner

IncidentSeverity: IncidentSeverity
Evaluate the condition on the incident severity
IncidentStatus: IncidentStatus
Evaluate the condition on the incident status
IncidentOwner: IncidentOwner
Evaluate the condition on the incident owner

INCIDENT_SEVERITY: IncidentSeverity
Evaluate the condition on the incident severity
INCIDENT_STATUS: IncidentStatus
Evaluate the condition on the incident status
INCIDENT_OWNER: IncidentOwner
Evaluate the condition on the incident owner

"IncidentSeverity": IncidentSeverity
Evaluate the condition on the incident severity
"IncidentStatus": IncidentStatus
Evaluate the condition on the incident status
"IncidentOwner": IncidentOwner
Evaluate the condition on the incident owner

AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

EqualsValue: Equals
Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals
Evaluates if the property does not equal any of the condition values
Contains: Contains
Evaluates if the property contains at least one of the condition values
NotContains: NotContains
Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith
Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith
Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith
Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith
Evaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedOperatorEquals: Equals
Evaluates if the property equals at least one of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEquals: NotEquals
Evaluates if the property does not equal any of the condition values
AutomationRulePropertyConditionSupportedOperatorContains: Contains
Evaluates if the property contains at least one of the condition values
AutomationRulePropertyConditionSupportedOperatorNotContains: NotContains
Evaluates if the property does not contain any of the condition values
AutomationRulePropertyConditionSupportedOperatorStartsWith: StartsWith
Evaluates if the property starts with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotStartsWith: NotStartsWith
Evaluates if the property does not start with any of the condition values
AutomationRulePropertyConditionSupportedOperatorEndsWith: EndsWith
Evaluates if the property ends with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEndsWith: NotEndsWith
Evaluates if the property does not end with any of the condition values

Equals: Equals
Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals
Evaluates if the property does not equal any of the condition values
Contains: Contains
Evaluates if the property contains at least one of the condition values
NotContains: NotContains
Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith
Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith
Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith
Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith
Evaluates if the property does not end with any of the condition values

Equals: Equals
Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals
Evaluates if the property does not equal any of the condition values
Contains: Contains
Evaluates if the property contains at least one of the condition values
NotContains: NotContains
Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith
Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith
Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith
Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith
Evaluates if the property does not end with any of the condition values

EQUALS: Equals
Evaluates if the property equals at least one of the condition values
NOT_EQUALS: NotEquals
Evaluates if the property does not equal any of the condition values
CONTAINS: Contains
Evaluates if the property contains at least one of the condition values
NOT_CONTAINS: NotContains
Evaluates if the property does not contain any of the condition values
STARTS_WITH: StartsWith
Evaluates if the property starts with any of the condition values
NOT_STARTS_WITH: NotStartsWith
Evaluates if the property does not start with any of the condition values
ENDS_WITH: EndsWith
Evaluates if the property ends with any of the condition values
NOT_ENDS_WITH: NotEndsWith
Evaluates if the property does not end with any of the condition values

"Equals": Equals
Evaluates if the property equals at least one of the condition values
"NotEquals": NotEquals
Evaluates if the property does not equal any of the condition values
"Contains": Contains
Evaluates if the property contains at least one of the condition values
"NotContains": NotContains
Evaluates if the property does not contain any of the condition values
"StartsWith": StartsWith
Evaluates if the property starts with any of the condition values
"NotStartsWith": NotStartsWith
Evaluates if the property does not start with any of the condition values
"EndsWith": EndsWith
Evaluates if the property ends with any of the condition values
"NotEndsWith": NotEndsWith
Evaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

IncidentTitle: IncidentTitle
The title of the incident
IncidentDescription: IncidentDescription
The description of the incident
IncidentSeverity: IncidentSeverity
The severity of the incident
IncidentStatus: IncidentStatus
The status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
IncidentTactics: IncidentTactics
The tactics of the incident
IncidentLabel: IncidentLabel
The labels of the incident
IncidentProviderName: IncidentProviderName
The provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySource
The update source of the incident
AccountAadTenantId: AccountAadTenantId
The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId
The account Azure Active Directory user id
AccountName: AccountName
The account name
AccountNTDomain: AccountNTDomain
The account NetBIOS domain name
AccountPUID: AccountPUID
The account Azure Active Directory Passport User ID
AccountSid: AccountSid
The account security identifier
AccountObjectGuid: AccountObjectGuid
The account unique identifier
AccountUPNSuffix: AccountUPNSuffix
The account user principal name suffix
AlertProductNames: AlertProductNames
The name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIds
The analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceId
The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId
The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId
The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName
The cloud application name
DNSDomainName: DNSDomainName
The dns record domain name
FileDirectory: FileDirectory
The file directory full path
FileName: FileName
The file name without path
FileHashValue: FileHashValue
The file hash value
HostAzureID: HostAzureID
The host Azure resource id
HostName: HostName
The host name without domain
HostNetBiosName: HostNetBiosName
The host NetBIOS name
HostNTDomain: HostNTDomain
The host NT domain
HostOSVersion: HostOSVersion
The host operating system
IoTDeviceId: IoTDeviceId
"The IoT device id
IoTDeviceName: IoTDeviceName
The IoT device name
IoTDeviceType: IoTDeviceType
The IoT device type
IoTDeviceVendor: IoTDeviceVendor
The IoT device vendor
IoTDeviceModel: IoTDeviceModel
The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem
The IoT device operating system
IPAddress: IPAddress
The IP address
MailboxDisplayName: MailboxDisplayName
The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress
The mailbox primary address
MailboxUPN: MailboxUPN
The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction
The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation
The mail message delivery location
MailMessageRecipient: MailMessageRecipient
The mail message recipient
MailMessageSenderIP: MailMessageSenderIP
The mail message sender IP address
MailMessageSubject: MailMessageSubject
The mail message subject
MailMessageP1Sender: MailMessageP1Sender
The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender
The mail message P2 sender
MalwareCategory: MalwareCategory
The malware category
MalwareName: MalwareName
The malware name
ProcessCommandLine: ProcessCommandLine
The process execution command line
ProcessId: ProcessId
The process id
RegistryKey: RegistryKey
The registry key path
RegistryValueData: RegistryValueData
The registry key value in string formatted representation
Url: Url
The url

AutomationRulePropertyConditionSupportedPropertyIncidentTitle: IncidentTitle
The title of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentDescription: IncidentDescription
The description of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentSeverity: IncidentSeverity
The severity of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentStatus: IncidentStatus
The status of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentTactics: IncidentTactics
The tactics of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentLabel: IncidentLabel
The labels of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentProviderName: IncidentProviderName
The provider name of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource: IncidentUpdatedBySource
The update source of the incident
AutomationRulePropertyConditionSupportedPropertyAccountAadTenantId: AccountAadTenantId
The account Azure Active Directory tenant id
AutomationRulePropertyConditionSupportedPropertyAccountAadUserId: AccountAadUserId
The account Azure Active Directory user id
AutomationRulePropertyConditionSupportedPropertyAccountName: AccountName
The account name
AutomationRulePropertyConditionSupportedPropertyAccountNTDomain: AccountNTDomain
The account NetBIOS domain name
AutomationRulePropertyConditionSupportedPropertyAccountPUID: AccountPUID
The account Azure Active Directory Passport User ID
AutomationRulePropertyConditionSupportedPropertyAccountSid: AccountSid
The account security identifier
AutomationRulePropertyConditionSupportedPropertyAccountObjectGuid: AccountObjectGuid
The account unique identifier
AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix: AccountUPNSuffix
The account user principal name suffix
AutomationRulePropertyConditionSupportedPropertyAlertProductNames: AlertProductNames
The name of the product of the alert
AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIds: AlertAnalyticRuleIds
The analytic rule ids of the alert
AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceId: AzureResourceResourceId
The Azure resource id
AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionId: AzureResourceSubscriptionId
The Azure resource subscription id
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppId: CloudApplicationAppId
The cloud application identifier
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName: CloudApplicationAppName
The cloud application name
AutomationRulePropertyConditionSupportedPropertyDNSDomainName: DNSDomainName
The dns record domain name
AutomationRulePropertyConditionSupportedPropertyFileDirectory: FileDirectory
The file directory full path
AutomationRulePropertyConditionSupportedPropertyFileName: FileName
The file name without path
AutomationRulePropertyConditionSupportedPropertyFileHashValue: FileHashValue
The file hash value
AutomationRulePropertyConditionSupportedPropertyHostAzureID: HostAzureID
The host Azure resource id
AutomationRulePropertyConditionSupportedPropertyHostName: HostName
The host name without domain
AutomationRulePropertyConditionSupportedPropertyHostNetBiosName: HostNetBiosName
The host NetBIOS name
AutomationRulePropertyConditionSupportedPropertyHostNTDomain: HostNTDomain
The host NT domain
AutomationRulePropertyConditionSupportedPropertyHostOSVersion: HostOSVersion
The host operating system
AutomationRulePropertyConditionSupportedPropertyIoTDeviceId: IoTDeviceId
"The IoT device id
AutomationRulePropertyConditionSupportedPropertyIoTDeviceName: IoTDeviceName
The IoT device name
AutomationRulePropertyConditionSupportedPropertyIoTDeviceType: IoTDeviceType
The IoT device type
AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor: IoTDeviceVendor
The IoT device vendor
AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel: IoTDeviceModel
The IoT device model
AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem: IoTDeviceOperatingSystem
The IoT device operating system
AutomationRulePropertyConditionSupportedPropertyIPAddress: IPAddress
The IP address
AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName: MailboxDisplayName
The mailbox display name
AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress: MailboxPrimaryAddress
The mailbox primary address
AutomationRulePropertyConditionSupportedPropertyMailboxUPN: MailboxUPN
The mailbox user principal name
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction: MailMessageDeliveryAction
The mail message delivery action
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation: MailMessageDeliveryLocation
The mail message delivery location
AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient: MailMessageRecipient
The mail message recipient
AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP: MailMessageSenderIP
The mail message sender IP address
AutomationRulePropertyConditionSupportedPropertyMailMessageSubject: MailMessageSubject
The mail message subject
AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender: MailMessageP1Sender
The mail message P1 sender
AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender: MailMessageP2Sender
The mail message P2 sender
AutomationRulePropertyConditionSupportedPropertyMalwareCategory: MalwareCategory
The malware category
AutomationRulePropertyConditionSupportedPropertyMalwareName: MalwareName
The malware name
AutomationRulePropertyConditionSupportedPropertyProcessCommandLine: ProcessCommandLine
The process execution command line
AutomationRulePropertyConditionSupportedPropertyProcessId: ProcessId
The process id
AutomationRulePropertyConditionSupportedPropertyRegistryKey: RegistryKey
The registry key path
AutomationRulePropertyConditionSupportedPropertyRegistryValueData: RegistryValueData
The registry key value in string formatted representation
AutomationRulePropertyConditionSupportedPropertyUrl: Url
The url

IncidentTitle: IncidentTitle
The title of the incident
IncidentDescription: IncidentDescription
The description of the incident
IncidentSeverity: IncidentSeverity
The severity of the incident
IncidentStatus: IncidentStatus
The status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
IncidentTactics: IncidentTactics
The tactics of the incident
IncidentLabel: IncidentLabel
The labels of the incident
IncidentProviderName: IncidentProviderName
The provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySource
The update source of the incident
AccountAadTenantId: AccountAadTenantId
The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId
The account Azure Active Directory user id
AccountName: AccountName
The account name
AccountNTDomain: AccountNTDomain
The account NetBIOS domain name
AccountPUID: AccountPUID
The account Azure Active Directory Passport User ID
AccountSid: AccountSid
The account security identifier
AccountObjectGuid: AccountObjectGuid
The account unique identifier
AccountUPNSuffix: AccountUPNSuffix
The account user principal name suffix
AlertProductNames: AlertProductNames
The name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIds
The analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceId
The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId
The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId
The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName
The cloud application name
DNSDomainName: DNSDomainName
The dns record domain name
FileDirectory: FileDirectory
The file directory full path
FileName: FileName
The file name without path
FileHashValue: FileHashValue
The file hash value
HostAzureID: HostAzureID
The host Azure resource id
HostName: HostName
The host name without domain
HostNetBiosName: HostNetBiosName
The host NetBIOS name
HostNTDomain: HostNTDomain
The host NT domain
HostOSVersion: HostOSVersion
The host operating system
IoTDeviceId: IoTDeviceId
"The IoT device id
IoTDeviceName: IoTDeviceName
The IoT device name
IoTDeviceType: IoTDeviceType
The IoT device type
IoTDeviceVendor: IoTDeviceVendor
The IoT device vendor
IoTDeviceModel: IoTDeviceModel
The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem
The IoT device operating system
IPAddress: IPAddress
The IP address
MailboxDisplayName: MailboxDisplayName
The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress
The mailbox primary address
MailboxUPN: MailboxUPN
The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction
The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation
The mail message delivery location
MailMessageRecipient: MailMessageRecipient
The mail message recipient
MailMessageSenderIP: MailMessageSenderIP
The mail message sender IP address
MailMessageSubject: MailMessageSubject
The mail message subject
MailMessageP1Sender: MailMessageP1Sender
The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender
The mail message P2 sender
MalwareCategory: MalwareCategory
The malware category
MalwareName: MalwareName
The malware name
ProcessCommandLine: ProcessCommandLine
The process execution command line
ProcessId: ProcessId
The process id
RegistryKey: RegistryKey
The registry key path
RegistryValueData: RegistryValueData
The registry key value in string formatted representation
Url: Url
The url

IncidentTitle: IncidentTitle
The title of the incident
IncidentDescription: IncidentDescription
The description of the incident
IncidentSeverity: IncidentSeverity
The severity of the incident
IncidentStatus: IncidentStatus
The status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
IncidentTactics: IncidentTactics
The tactics of the incident
IncidentLabel: IncidentLabel
The labels of the incident
IncidentProviderName: IncidentProviderName
The provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySource
The update source of the incident
AccountAadTenantId: AccountAadTenantId
The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId
The account Azure Active Directory user id
AccountName: AccountName
The account name
AccountNTDomain: AccountNTDomain
The account NetBIOS domain name
AccountPUID: AccountPUID
The account Azure Active Directory Passport User ID
AccountSid: AccountSid
The account security identifier
AccountObjectGuid: AccountObjectGuid
The account unique identifier
AccountUPNSuffix: AccountUPNSuffix
The account user principal name suffix
AlertProductNames: AlertProductNames
The name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIds
The analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceId
The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId
The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId
The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName
The cloud application name
DNSDomainName: DNSDomainName
The dns record domain name
FileDirectory: FileDirectory
The file directory full path
FileName: FileName
The file name without path
FileHashValue: FileHashValue
The file hash value
HostAzureID: HostAzureID
The host Azure resource id
HostName: HostName
The host name without domain
HostNetBiosName: HostNetBiosName
The host NetBIOS name
HostNTDomain: HostNTDomain
The host NT domain
HostOSVersion: HostOSVersion
The host operating system
IoTDeviceId: IoTDeviceId
"The IoT device id
IoTDeviceName: IoTDeviceName
The IoT device name
IoTDeviceType: IoTDeviceType
The IoT device type
IoTDeviceVendor: IoTDeviceVendor
The IoT device vendor
IoTDeviceModel: IoTDeviceModel
The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem
The IoT device operating system
IPAddress: IPAddress
The IP address
MailboxDisplayName: MailboxDisplayName
The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress
The mailbox primary address
MailboxUPN: MailboxUPN
The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction
The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation
The mail message delivery location
MailMessageRecipient: MailMessageRecipient
The mail message recipient
MailMessageSenderIP: MailMessageSenderIP
The mail message sender IP address
MailMessageSubject: MailMessageSubject
The mail message subject
MailMessageP1Sender: MailMessageP1Sender
The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender
The mail message P2 sender
MalwareCategory: MalwareCategory
The malware category
MalwareName: MalwareName
The malware name
ProcessCommandLine: ProcessCommandLine
The process execution command line
ProcessId: ProcessId
The process id
RegistryKey: RegistryKey
The registry key path
RegistryValueData: RegistryValueData
The registry key value in string formatted representation
Url: Url
The url

INCIDENT_TITLE: IncidentTitle
The title of the incident
INCIDENT_DESCRIPTION: IncidentDescription
The description of the incident
INCIDENT_SEVERITY: IncidentSeverity
The severity of the incident
INCIDENT_STATUS: IncidentStatus
The status of the incident
INCIDENT_RELATED_ANALYTIC_RULE_IDS: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
INCIDENT_TACTICS: IncidentTactics
The tactics of the incident
INCIDENT_LABEL: IncidentLabel
The labels of the incident
INCIDENT_PROVIDER_NAME: IncidentProviderName
The provider name of the incident
INCIDENT_UPDATED_BY_SOURCE: IncidentUpdatedBySource
The update source of the incident
ACCOUNT_AAD_TENANT_ID: AccountAadTenantId
The account Azure Active Directory tenant id
ACCOUNT_AAD_USER_ID: AccountAadUserId
The account Azure Active Directory user id
ACCOUNT_NAME: AccountName
The account name
ACCOUNT_NT_DOMAIN: AccountNTDomain
The account NetBIOS domain name
ACCOUNT_PUID: AccountPUID
The account Azure Active Directory Passport User ID
ACCOUNT_SID: AccountSid
The account security identifier
ACCOUNT_OBJECT_GUID: AccountObjectGuid
The account unique identifier
ACCOUNT_UPN_SUFFIX: AccountUPNSuffix
The account user principal name suffix
ALERT_PRODUCT_NAMES: AlertProductNames
The name of the product of the alert
ALERT_ANALYTIC_RULE_IDS: AlertAnalyticRuleIds
The analytic rule ids of the alert
AZURE_RESOURCE_RESOURCE_ID: AzureResourceResourceId
The Azure resource id
AZURE_RESOURCE_SUBSCRIPTION_ID: AzureResourceSubscriptionId
The Azure resource subscription id
CLOUD_APPLICATION_APP_ID: CloudApplicationAppId
The cloud application identifier
CLOUD_APPLICATION_APP_NAME: CloudApplicationAppName
The cloud application name
DNS_DOMAIN_NAME: DNSDomainName
The dns record domain name
FILE_DIRECTORY: FileDirectory
The file directory full path
FILE_NAME: FileName
The file name without path
FILE_HASH_VALUE: FileHashValue
The file hash value
HOST_AZURE_ID: HostAzureID
The host Azure resource id
HOST_NAME: HostName
The host name without domain
HOST_NET_BIOS_NAME: HostNetBiosName
The host NetBIOS name
HOST_NT_DOMAIN: HostNTDomain
The host NT domain
HOST_OS_VERSION: HostOSVersion
The host operating system
IO_T_DEVICE_ID: IoTDeviceId
"The IoT device id
IO_T_DEVICE_NAME: IoTDeviceName
The IoT device name
IO_T_DEVICE_TYPE: IoTDeviceType
The IoT device type
IO_T_DEVICE_VENDOR: IoTDeviceVendor
The IoT device vendor
IO_T_DEVICE_MODEL: IoTDeviceModel
The IoT device model
IO_T_DEVICE_OPERATING_SYSTEM: IoTDeviceOperatingSystem
The IoT device operating system
IP_ADDRESS: IPAddress
The IP address
MAILBOX_DISPLAY_NAME: MailboxDisplayName
The mailbox display name
MAILBOX_PRIMARY_ADDRESS: MailboxPrimaryAddress
The mailbox primary address
MAILBOX_UPN: MailboxUPN
The mailbox user principal name
MAIL_MESSAGE_DELIVERY_ACTION: MailMessageDeliveryAction
The mail message delivery action
MAIL_MESSAGE_DELIVERY_LOCATION: MailMessageDeliveryLocation
The mail message delivery location
MAIL_MESSAGE_RECIPIENT: MailMessageRecipient
The mail message recipient
MAIL_MESSAGE_SENDER_IP: MailMessageSenderIP
The mail message sender IP address
MAIL_MESSAGE_SUBJECT: MailMessageSubject
The mail message subject
MAIL_MESSAGE_P1_SENDER: MailMessageP1Sender
The mail message P1 sender
MAIL_MESSAGE_P2_SENDER: MailMessageP2Sender
The mail message P2 sender
MALWARE_CATEGORY: MalwareCategory
The malware category
MALWARE_NAME: MalwareName
The malware name
PROCESS_COMMAND_LINE: ProcessCommandLine
The process execution command line
PROCESS_ID: ProcessId
The process id
REGISTRY_KEY: RegistryKey
The registry key path
REGISTRY_VALUE_DATA: RegistryValueData
The registry key value in string formatted representation
URL: Url
The url

"IncidentTitle": IncidentTitle
The title of the incident
"IncidentDescription": IncidentDescription
The description of the incident
"IncidentSeverity": IncidentSeverity
The severity of the incident
"IncidentStatus": IncidentStatus
The status of the incident
"IncidentRelatedAnalyticRuleIds": IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
"IncidentTactics": IncidentTactics
The tactics of the incident
"IncidentLabel": IncidentLabel
The labels of the incident
"IncidentProviderName": IncidentProviderName
The provider name of the incident
"IncidentUpdatedBySource": IncidentUpdatedBySource
The update source of the incident
"AccountAadTenantId": AccountAadTenantId
The account Azure Active Directory tenant id
"AccountAadUserId": AccountAadUserId
The account Azure Active Directory user id
"AccountName": AccountName
The account name
"AccountNTDomain": AccountNTDomain
The account NetBIOS domain name
"AccountPUID": AccountPUID
The account Azure Active Directory Passport User ID
"AccountSid": AccountSid
The account security identifier
"AccountObjectGuid": AccountObjectGuid
The account unique identifier
"AccountUPNSuffix": AccountUPNSuffix
The account user principal name suffix
"AlertProductNames": AlertProductNames
The name of the product of the alert
"AlertAnalyticRuleIds": AlertAnalyticRuleIds
The analytic rule ids of the alert
"AzureResourceResourceId": AzureResourceResourceId
The Azure resource id
"AzureResourceSubscriptionId": AzureResourceSubscriptionId
The Azure resource subscription id
"CloudApplicationAppId": CloudApplicationAppId
The cloud application identifier
"CloudApplicationAppName": CloudApplicationAppName
The cloud application name
"DNSDomainName": DNSDomainName
The dns record domain name
"FileDirectory": FileDirectory
The file directory full path
"FileName": FileName
The file name without path
"FileHashValue": FileHashValue
The file hash value
"HostAzureID": HostAzureID
The host Azure resource id
"HostName": HostName
The host name without domain
"HostNetBiosName": HostNetBiosName
The host NetBIOS name
"HostNTDomain": HostNTDomain
The host NT domain
"HostOSVersion": HostOSVersion
The host operating system
"IoTDeviceId": IoTDeviceId
"The IoT device id
"IoTDeviceName": IoTDeviceName
The IoT device name
"IoTDeviceType": IoTDeviceType
The IoT device type
"IoTDeviceVendor": IoTDeviceVendor
The IoT device vendor
"IoTDeviceModel": IoTDeviceModel
The IoT device model
"IoTDeviceOperatingSystem": IoTDeviceOperatingSystem
The IoT device operating system
"IPAddress": IPAddress
The IP address
"MailboxDisplayName": MailboxDisplayName
The mailbox display name
"MailboxPrimaryAddress": MailboxPrimaryAddress
The mailbox primary address
"MailboxUPN": MailboxUPN
The mailbox user principal name
"MailMessageDeliveryAction": MailMessageDeliveryAction
The mail message delivery action
"MailMessageDeliveryLocation": MailMessageDeliveryLocation
The mail message delivery location
"MailMessageRecipient": MailMessageRecipient
The mail message recipient
"MailMessageSenderIP": MailMessageSenderIP
The mail message sender IP address
"MailMessageSubject": MailMessageSubject
The mail message subject
"MailMessageP1Sender": MailMessageP1Sender
The mail message P1 sender
"MailMessageP2Sender": MailMessageP2Sender
The mail message P2 sender
"MalwareCategory": MalwareCategory
The malware category
"MalwareName": MalwareName
The malware name
"ProcessCommandLine": ProcessCommandLine
The process execution command line
"ProcessId": ProcessId
The process id
"RegistryKey": RegistryKey
The registry key path
"RegistryValueData": RegistryValueData
The registry key value in string formatted representation
"Url": Url
The url

AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs

ChangeType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyChangedConditionSupportedChangedType
Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator
PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyChangedConditionSupportedPropertyType
PropertyValues List<string>

ChangeType string | AutomationRulePropertyChangedConditionSupportedChangedType
Operator string | AutomationRulePropertyConditionSupportedOperator
PropertyName string | AutomationRulePropertyChangedConditionSupportedPropertyType
PropertyValues []string

changeType String | AutomationRulePropertyChangedConditionSupportedChangedType
operator String | AutomationRulePropertyConditionSupportedOperator
propertyName String | AutomationRulePropertyChangedConditionSupportedPropertyType
propertyValues List<String>

changeType string | AutomationRulePropertyChangedConditionSupportedChangedType
operator string | AutomationRulePropertyConditionSupportedOperator
propertyName string | AutomationRulePropertyChangedConditionSupportedPropertyType
propertyValues string[]

change_type str | AutomationRulePropertyChangedConditionSupportedChangedType
operator str | AutomationRulePropertyConditionSupportedOperator
property_name str | AutomationRulePropertyChangedConditionSupportedPropertyType
property_values Sequence[str]

changeType String | "ChangedFrom" | "ChangedTo"
operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
propertyName String | "IncidentSeverity" | "IncidentStatus" | "IncidentOwner"
propertyValues List<String>

AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs

ChangeType string
Operator string
PropertyName string
PropertyValues List<string>

ChangeType string
Operator string
PropertyName string
PropertyValues []string

changeType String
operator String
propertyName String
propertyValues List<String>

changeType string
operator string
propertyName string
propertyValues string[]

change_type str
operator str
property_name str
property_values Sequence[str]

changeType String
operator String
propertyName String
propertyValues List<String>

AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator
PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
PropertyValues List<string>

Operator string | AutomationRulePropertyConditionSupportedOperator
PropertyName string | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
PropertyValues []string

operator String | AutomationRulePropertyConditionSupportedOperator
propertyName String | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
propertyValues List<String>

operator string | AutomationRulePropertyConditionSupportedOperator
propertyName string | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
propertyValues string[]

operator str | AutomationRulePropertyConditionSupportedOperator
property_name str | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
property_values Sequence[str]

operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
propertyName String | "IncidentTitle" | "IncidentDescription" | "IncidentSeverity" | "IncidentStatus" | "IncidentRelatedAnalyticRuleIds" | "IncidentTactics" | "IncidentLabel" | "IncidentProviderName" | "IncidentUpdatedBySource" | "AccountAadTenantId" | "AccountAadUserId" | "AccountName" | "AccountNTDomain" | "AccountPUID" | "AccountSid" | "AccountObjectGuid" | "AccountUPNSuffix" | "AlertProductNames" | "AlertAnalyticRuleIds" | "AzureResourceResourceId" | "AzureResourceSubscriptionId" | "CloudApplicationAppId" | "CloudApplicationAppName" | "DNSDomainName" | "FileDirectory" | "FileName" | "FileHashValue" | "HostAzureID" | "HostName" | "HostNetBiosName" | "HostNTDomain" | "HostOSVersion" | "IoTDeviceId" | "IoTDeviceName" | "IoTDeviceType" | "IoTDeviceVendor" | "IoTDeviceModel" | "IoTDeviceOperatingSystem" | "IPAddress" | "MailboxDisplayName" | "MailboxPrimaryAddress" | "MailboxUPN" | "MailMessageDeliveryAction" | "MailMessageDeliveryLocation" | "MailMessageRecipient" | "MailMessageSenderIP" | "MailMessageSubject" | "MailMessageP1Sender" | "MailMessageP2Sender" | "MalwareCategory" | "MalwareName" | "ProcessCommandLine" | "ProcessId" | "RegistryKey" | "RegistryValueData" | "Url": The property to evaluate in an automation rule property condition.
propertyValues List<String>

AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

Operator string
PropertyName string: The property to evaluate in an automation rule property condition.
PropertyValues List<string>

Operator string
PropertyName string: The property to evaluate in an automation rule property condition.
PropertyValues []string

operator String
propertyName String: The property to evaluate in an automation rule property condition.
propertyValues List<String>

operator string
propertyName string: The property to evaluate in an automation rule property condition.
propertyValues string[]

operator str
property_name str: The property to evaluate in an automation rule property condition.
property_values Sequence[str]

operator String
propertyName String: The property to evaluate in an automation rule property condition.
propertyValues List<String>

AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.PlaybookActionProperties

Order int
ActionConfiguration PlaybookActionProperties

order Integer
actionConfiguration PlaybookActionProperties

order number
actionConfiguration PlaybookActionProperties

order int
action_configuration PlaybookActionProperties

order Number
actionConfiguration Property Map

AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.PlaybookActionPropertiesResponse

Order int
ActionConfiguration PlaybookActionPropertiesResponse

order Integer
actionConfiguration PlaybookActionPropertiesResponse

order number
actionConfiguration PlaybookActionPropertiesResponse

order int
action_configuration PlaybookActionPropertiesResponse

order Number
actionConfiguration Property Map

AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string | Pulumi.AzureNative.SecurityInsights.TriggersOn
TriggersWhen string | Pulumi.AzureNative.SecurityInsights.TriggersWhen
Conditions List<object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string | TriggersOn
TriggersWhen string | TriggersWhen
Conditions []interface{}: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String | TriggersOn
triggersWhen String | TriggersWhen
conditions List<Object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean: Determines whether the automation rule is enabled or disabled.
triggersOn string | TriggersOn
triggersWhen string | TriggersWhen
conditions (PropertyArrayChangedConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties)[]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

is_enabled bool: Determines whether the automation rule is enabled or disabled.
triggers_on str | TriggersOn
triggers_when str | TriggersWhen
conditions Sequence[Union[PropertyArrayChangedConditionProperties, PropertyChangedConditionProperties, PropertyConditionProperties]]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expiration_time_utc str: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String | "Incidents" | "Alerts"
triggersWhen String | "Created" | "Updated"
conditions List<Property Map | Property Map | Property Map>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string
TriggersWhen string
Conditions List<object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string
TriggersWhen string
Conditions []interface{}: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String
triggersWhen String
conditions List<Object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean: Determines whether the automation rule is enabled or disabled.
triggersOn string
triggersWhen string
conditions (PropertyArrayChangedConditionPropertiesResponse | PropertyChangedConditionPropertiesResponse | PropertyConditionPropertiesResponse)[]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

is_enabled bool: Determines whether the automation rule is enabled or disabled.
triggers_on str
triggers_when str
conditions Sequence[Union[PropertyArrayChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponse, PropertyConditionPropertiesResponse]]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expiration_time_utc str: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String
triggersWhen String
conditions List<Property Map | Property Map | Property Map>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

ClientInfoResponse, ClientInfoResponseArgs

Email string: The email of the client.
Name string: The name of the client.
ObjectId string: The object id of the client.
UserPrincipalName string: The user principal name of the client.

Email string: The email of the client.
Name string: The name of the client.
ObjectId string: The object id of the client.
UserPrincipalName string: The user principal name of the client.

email String: The email of the client.
name String: The name of the client.
objectId String: The object id of the client.
userPrincipalName String: The user principal name of the client.

email string: The email of the client.
name string: The name of the client.
objectId string: The object id of the client.
userPrincipalName string: The user principal name of the client.

email str: The email of the client.
name str: The name of the client.
object_id str: The object id of the client.
user_principal_name str: The user principal name of the client.

email String: The email of the client.
name String: The name of the client.
objectId String: The object id of the client.
userPrincipalName String: The user principal name of the client.

IncidentClassification, IncidentClassificationArgs

Undetermined: Undetermined
Incident classification was undetermined
TruePositive: TruePositive
Incident was true positive
BenignPositive: BenignPositive
Incident was benign positive
FalsePositive: FalsePositive
Incident was false positive

IncidentClassificationUndetermined: Undetermined
Incident classification was undetermined
IncidentClassificationTruePositive: TruePositive
Incident was true positive
IncidentClassificationBenignPositive: BenignPositive
Incident was benign positive
IncidentClassificationFalsePositive: FalsePositive
Incident was false positive

Undetermined: Undetermined
Incident classification was undetermined
TruePositive: TruePositive
Incident was true positive
BenignPositive: BenignPositive
Incident was benign positive
FalsePositive: FalsePositive
Incident was false positive

Undetermined: Undetermined
Incident classification was undetermined
TruePositive: TruePositive
Incident was true positive
BenignPositive: BenignPositive
Incident was benign positive
FalsePositive: FalsePositive
Incident was false positive

UNDETERMINED: Undetermined
Incident classification was undetermined
TRUE_POSITIVE: TruePositive
Incident was true positive
BENIGN_POSITIVE: BenignPositive
Incident was benign positive
FALSE_POSITIVE: FalsePositive
Incident was false positive

"Undetermined": Undetermined
Incident classification was undetermined
"TruePositive": TruePositive
Incident was true positive
"BenignPositive": BenignPositive
Incident was benign positive
"FalsePositive": FalsePositive
Incident was false positive

IncidentClassificationReason, IncidentClassificationReasonArgs

SuspiciousActivity: SuspiciousActivity
Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected
Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic
Classification reason was incorrect alert logic
InaccurateData: InaccurateData
Classification reason was inaccurate data

IncidentClassificationReasonSuspiciousActivity: SuspiciousActivity
Classification reason was suspicious activity
IncidentClassificationReasonSuspiciousButExpected: SuspiciousButExpected
Classification reason was suspicious but expected
IncidentClassificationReasonIncorrectAlertLogic: IncorrectAlertLogic
Classification reason was incorrect alert logic
IncidentClassificationReasonInaccurateData: InaccurateData
Classification reason was inaccurate data

SuspiciousActivity: SuspiciousActivity
Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected
Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic
Classification reason was incorrect alert logic
InaccurateData: InaccurateData
Classification reason was inaccurate data

SuspiciousActivity: SuspiciousActivity
Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected
Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic
Classification reason was incorrect alert logic
InaccurateData: InaccurateData
Classification reason was inaccurate data

SUSPICIOUS_ACTIVITY: SuspiciousActivity
Classification reason was suspicious activity
SUSPICIOUS_BUT_EXPECTED: SuspiciousButExpected
Classification reason was suspicious but expected
INCORRECT_ALERT_LOGIC: IncorrectAlertLogic
Classification reason was incorrect alert logic
INACCURATE_DATA: InaccurateData
Classification reason was inaccurate data

"SuspiciousActivity": SuspiciousActivity
Classification reason was suspicious activity
"SuspiciousButExpected": SuspiciousButExpected
Classification reason was suspicious but expected
"IncorrectAlertLogic": IncorrectAlertLogic
Classification reason was incorrect alert logic
"InaccurateData": InaccurateData
Classification reason was inaccurate data

IncidentLabel, IncidentLabelArgs

LabelName string: The name of the label

LabelName string: The name of the label

labelName String: The name of the label

labelName string: The name of the label

label_name str: The name of the label

labelName String: The name of the label

IncidentLabelResponse, IncidentLabelResponseArgs

LabelName string: The name of the label
LabelType string: The type of the label

LabelName string: The name of the label
LabelType string: The type of the label

labelName String: The name of the label
labelType String: The type of the label

labelName string: The name of the label
labelType string: The type of the label

label_name str: The name of the label
label_type str: The type of the label

labelName String: The name of the label
labelType String: The type of the label

IncidentOwnerInfo, IncidentOwnerInfoArgs

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string | Pulumi.AzureNative.SecurityInsights.OwnerType: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string | OwnerType: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String | OwnerType: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
ownerType string | OwnerType: The type of the owner the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
owner_type str | OwnerType: The type of the owner the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String | "Unknown" | "User" | "Group": The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
ownerType string: The type of the owner the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
owner_type str: The type of the owner the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

IncidentPropertiesAction, IncidentPropertiesActionArgs

Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason: The classification reason the incident was closed with
Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>: List of labels to add to the incident.
Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo: Information on the user an incident is assigned to
Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity: The severity of the incident
Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus: The status of the incident

Classification string | IncidentClassification: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string | IncidentClassificationReason: The classification reason the incident was closed with
Labels []IncidentLabel: List of labels to add to the incident.
Owner IncidentOwnerInfo: Information on the user an incident is assigned to
Severity string | IncidentSeverity: The severity of the incident
Status string | IncidentStatus: The status of the incident

classification String | IncidentClassification: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String | IncidentClassificationReason: The classification reason the incident was closed with
labels List<IncidentLabel>: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity String | IncidentSeverity: The severity of the incident
status String | IncidentStatus: The status of the incident

classification string | IncidentClassification: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed.
classificationReason string | IncidentClassificationReason: The classification reason the incident was closed with
labels IncidentLabel[]: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity string | IncidentSeverity: The severity of the incident
status string | IncidentStatus: The status of the incident

classification str | IncidentClassification: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed.
classification_reason str | IncidentClassificationReason: The classification reason the incident was closed with
labels Sequence[IncidentLabel]: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity str | IncidentSeverity: The severity of the incident
status str | IncidentStatus: The status of the incident

classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive": The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData": The classification reason the incident was closed with
labels List<Property Map>: List of labels to add to the incident.
owner Property Map: Information on the user an incident is assigned to
severity String | "High" | "Medium" | "Low" | "Informational": The severity of the incident
status String | "New" | "Active" | "Closed": The status of the incident

IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs

Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string: The classification reason the incident was closed with
Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabelResponse>: List of labels to add to the incident.
Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoResponse: Information on the user an incident is assigned to
Severity string: The severity of the incident
Status string: The status of the incident

Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string: The classification reason the incident was closed with
Labels []IncidentLabelResponse: List of labels to add to the incident.
Owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
Severity string: The severity of the incident
Status string: The status of the incident

classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String: The classification reason the incident was closed with
labels List<IncidentLabelResponse>: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity String: The severity of the incident
status String: The status of the incident

classification string: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed.
classificationReason string: The classification reason the incident was closed with
labels IncidentLabelResponse[]: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity string: The severity of the incident
status string: The status of the incident

classification str: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed.
classification_reason str: The classification reason the incident was closed with
labels Sequence[IncidentLabelResponse]: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity str: The severity of the incident
status str: The status of the incident

classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String: The classification reason the incident was closed with
labels List<Property Map>: List of labels to add to the incident.
owner Property Map: Information on the user an incident is assigned to
severity String: The severity of the incident
status String: The status of the incident

IncidentSeverity, IncidentSeverityArgs

High: High
High severity
Medium: Medium
Medium severity
Low: Low
Low severity
Informational: Informational
Informational severity

IncidentSeverityHigh: High
High severity
IncidentSeverityMedium: Medium
Medium severity
IncidentSeverityLow: Low
Low severity
IncidentSeverityInformational: Informational
Informational severity

High: High
High severity
Medium: Medium
Medium severity
Low: Low
Low severity
Informational: Informational
Informational severity

High: High
High severity
Medium: Medium
Medium severity
Low: Low
Low severity
Informational: Informational
Informational severity

HIGH: High
High severity
MEDIUM: Medium
Medium severity
LOW: Low
Low severity
INFORMATIONAL: Informational
Informational severity

"High": High
High severity
"Medium": Medium
Medium severity
"Low": Low
Low severity
"Informational": Informational
Informational severity

IncidentStatus, IncidentStatusArgs

New: New
An active incident which isn't being handled currently
Active: Active
An active incident which is being handled
Closed: Closed
A non-active incident

IncidentStatusNew: New
An active incident which isn't being handled currently
IncidentStatusActive: Active
An active incident which is being handled
IncidentStatusClosed: Closed
A non-active incident

New: New
An active incident which isn't being handled currently
Active: Active
An active incident which is being handled
Closed: Closed
A non-active incident

New: New
An active incident which isn't being handled currently
Active: Active
An active incident which is being handled
Closed: Closed
A non-active incident

NEW: New
An active incident which isn't being handled currently
ACTIVE: Active
An active incident which is being handled
CLOSED: Closed
A non-active incident

"New": New
An active incident which isn't being handled currently
"Active": Active
An active incident which is being handled
"Closed": Closed
A non-active incident

OwnerType, OwnerTypeArgs

Unknown: Unknown
The incident owner type is unknown
User: User
The incident owner type is an AAD user
Group: Group
The incident owner type is an AAD group

OwnerTypeUnknown: Unknown
The incident owner type is unknown
OwnerTypeUser: User
The incident owner type is an AAD user
OwnerTypeGroup: Group
The incident owner type is an AAD group

Unknown: Unknown
The incident owner type is unknown
User: User
The incident owner type is an AAD user
Group: Group
The incident owner type is an AAD group

Unknown: Unknown
The incident owner type is unknown
User: User
The incident owner type is an AAD user
Group: Group
The incident owner type is an AAD group

UNKNOWN: Unknown
The incident owner type is unknown
USER: User
The incident owner type is an AAD user
GROUP: Group
The incident owner type is an AAD group

"Unknown": Unknown
The incident owner type is unknown
"User": User
The incident owner type is an AAD user
"Group": Group
The incident owner type is an AAD group

PlaybookActionProperties, PlaybookActionPropertiesArgs

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

logicAppResourceId string: The resource id of the playbook resource.
tenantId string: The tenant id of the playbook resource.

logic_app_resource_id str: The resource id of the playbook resource.
tenant_id str: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

logicAppResourceId string: The resource id of the playbook resource.
tenantId string: The tenant id of the playbook resource.

logic_app_resource_id str: The resource id of the playbook resource.
tenant_id str: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesCondition

ConditionProperties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties AutomationRulePropertyArrayChangedValuesCondition

condition_properties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties Property Map

PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesConditionResponse

ConditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

condition_properties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties Property Map

PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesChangedCondition

ConditionProperties AutomationRulePropertyValuesChangedCondition

conditionProperties AutomationRulePropertyValuesChangedCondition

conditionProperties AutomationRulePropertyValuesChangedCondition

condition_properties AutomationRulePropertyValuesChangedCondition

conditionProperties Property Map

PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesChangedConditionResponse

ConditionProperties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties AutomationRulePropertyValuesChangedConditionResponse

condition_properties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties Property Map

PropertyConditionProperties, PropertyConditionPropertiesArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesCondition

ConditionProperties AutomationRulePropertyValuesCondition

conditionProperties AutomationRulePropertyValuesCondition

conditionProperties AutomationRulePropertyValuesCondition

condition_properties AutomationRulePropertyValuesCondition

conditionProperties Property Map

PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionResponse

ConditionProperties AutomationRulePropertyValuesConditionResponse

conditionProperties AutomationRulePropertyValuesConditionResponse

conditionProperties AutomationRulePropertyValuesConditionResponse

condition_properties AutomationRulePropertyValuesConditionResponse

conditionProperties Property Map

SystemDataResponse, SystemDataResponseArgs

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

TriggersOn, TriggersOnArgs

Incidents: Incidents
Trigger on Incidents
Alerts: Alerts
Trigger on Alerts

TriggersOnIncidents: Incidents
Trigger on Incidents
TriggersOnAlerts: Alerts
Trigger on Alerts

Incidents: Incidents
Trigger on Incidents
Alerts: Alerts
Trigger on Alerts

Incidents: Incidents
Trigger on Incidents
Alerts: Alerts
Trigger on Alerts

INCIDENTS: Incidents
Trigger on Incidents
ALERTS: Alerts
Trigger on Alerts

"Incidents": Incidents
Trigger on Incidents
"Alerts": Alerts
Trigger on Alerts

TriggersWhen, TriggersWhenArgs

Created: Created
Trigger on created objects
Updated: Updated
Trigger on updated objects

TriggersWhenCreated: Created
Trigger on created objects
TriggersWhenUpdated: Updated
Trigger on updated objects

Created: Created
Trigger on created objects
Updated: Updated
Trigger on updated objects

Created: Created
Trigger on created objects
Updated: Updated
Trigger on updated objects

CREATED: Created
Trigger on created objects
UPDATED: Updated
Trigger on updated objects

"Created": Created
Trigger on created objects
"Updated": Updated
Trigger on updated objects

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.9.0 published on Wednesday, Sep 27, 2023 by Pulumi

pulumi/pulumi-azure-native

azure-native.securityinsights.AutomationRule

On this page

On this page

Example Usage

AutomationRules_CreateOrUpdate

Create AutomationRule Resource

AutomationRule Resource Properties

Inputs

Outputs

Supporting Types

AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs

AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs

AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs

AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs

AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs

AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs

AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs

AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs

AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

ClientInfoResponse, ClientInfoResponseArgs

IncidentClassification, IncidentClassificationArgs

IncidentClassificationReason, IncidentClassificationReasonArgs

IncidentLabel, IncidentLabelArgs

IncidentLabelResponse, IncidentLabelResponseArgs

IncidentOwnerInfo, IncidentOwnerInfoArgs

IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

IncidentPropertiesAction, IncidentPropertiesActionArgs

IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs

IncidentSeverity, IncidentSeverityArgs

IncidentStatus, IncidentStatusArgs

OwnerType, OwnerTypeArgs

PlaybookActionProperties, PlaybookActionPropertiesArgs

PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs

PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs

PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs

PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs

PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs

PropertyConditionProperties, PropertyConditionPropertiesArgs

PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs

SystemDataResponse, SystemDataResponseArgs

TriggersOn, TriggersOnArgs

TriggersWhen, TriggersWhenArgs

Import

Package Details

On this page

On this page