Azure Native v2.37.0, Apr 15 24

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.37.0 published on Monday, Apr 15, 2024 by Pulumi

pulumi/pulumi-azure-native

azure-native.securityinsights.AutomationRule

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.37.0 published on Monday, Apr 15, 2024 by Pulumi

pulumi/pulumi-azure-native

Example Usage

AutomationRules_CreateOrUpdate

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
    {
        AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        ResourceGroupName = "myRg",
        WorkspaceName = "myWorkspace",
    });

});

package main

import (
	"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
			AutomationRuleId:  pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			ResourceGroupName: pulumi.String("myRg"),
			WorkspaceName:     pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()        
            .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .resourceGroupName("myRg")
            .workspaceName("myWorkspace")
            .build());

    }
}

import pulumi
import pulumi_azure_native as azure_native

automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
    automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    resource_group_name="myRg",
    workspace_name="myWorkspace")

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
    automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    resourceGroupName: "myRg",
    workspaceName: "myWorkspace",
});

resources:
  automationRule:
    type: azure-native:securityinsights:AutomationRule
    properties:
      automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
      resourceGroupName: myRg
      workspaceName: myWorkspace

Create AutomationRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);

@overload
def AutomationRule(resource_name: str,
                   args: AutomationRuleArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def AutomationRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                   display_name: Optional[str] = None,
                   order: Optional[int] = None,
                   resource_group_name: Optional[str] = None,
                   triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                   workspace_name: Optional[str] = None,
                   automation_rule_id: Optional[str] = None)

func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)

public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)

public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)

type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

var automationRuleResource = new AzureNative.SecurityInsights.AutomationRule("automationRuleResource", new()
{
    Actions = new[]
    {
        new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
        {
            ActionType = "ModifyProperties",
            Order = 0,
            ActionConfiguration = new AzureNative.SecurityInsights.Inputs.IncidentPropertiesActionArgs
            {
                Classification = "string",
                ClassificationComment = "string",
                ClassificationReason = "string",
                Labels = new[]
                {
                    new AzureNative.SecurityInsights.Inputs.IncidentLabelArgs
                    {
                        LabelName = "string",
                    },
                },
                Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
                {
                    AssignedTo = "string",
                    Email = "string",
                    ObjectId = "string",
                    OwnerType = "string",
                    UserPrincipalName = "string",
                },
                Severity = "string",
                Status = "string",
            },
        },
    },
    DisplayName = "string",
    Order = 0,
    ResourceGroupName = "string",
    TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
    {
        IsEnabled = false,
        TriggersOn = "string",
        TriggersWhen = "string",
        Conditions = new[]
        {
            new AzureNative.SecurityInsights.Inputs.PropertyArrayChangedConditionPropertiesArgs
            {
                ConditionType = "PropertyArrayChanged",
                ConditionProperties = new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesConditionArgs
                {
                    ArrayType = "string",
                    ChangeType = "string",
                },
            },
        },
        ExpirationTimeUtc = "string",
    },
    WorkspaceName = "string",
    AutomationRuleId = "string",
});

example, err := securityinsights.NewAutomationRule(ctx, "automationRuleResource", &securityinsights.AutomationRuleArgs{
Actions: pulumi.Array{
securityinsights.AutomationRuleModifyPropertiesAction{
ActionType: "ModifyProperties",
Order: 0,
ActionConfiguration: securityinsights.IncidentPropertiesAction{
Classification: "string",
ClassificationComment: "string",
ClassificationReason: "string",
Labels: []securityinsights.IncidentLabel{
{
LabelName: "string",
},
},
Owner: securityinsights.IncidentOwnerInfo{
AssignedTo: "string",
Email: "string",
ObjectId: "string",
OwnerType: "string",
UserPrincipalName: "string",
},
Severity: "string",
Status: "string",
},
},
},
DisplayName: pulumi.String("string"),
Order: pulumi.Int(0),
ResourceGroupName: pulumi.String("string"),
TriggeringLogic: &securityinsights.AutomationRuleTriggeringLogicArgs{
IsEnabled: pulumi.Bool(false),
TriggersOn: pulumi.String("string"),
TriggersWhen: pulumi.String("string"),
Conditions: pulumi.Array{
securityinsights.PropertyArrayChangedConditionProperties{
ConditionType: "PropertyArrayChanged",
ConditionProperties: securityinsights.AutomationRulePropertyArrayChangedValuesCondition{
ArrayType: "string",
ChangeType: "string",
},
},
},
ExpirationTimeUtc: pulumi.String("string"),
},
WorkspaceName: pulumi.String("string"),
AutomationRuleId: pulumi.String("string"),
})

var automationRuleResource = new AutomationRule("automationRuleResource", AutomationRuleArgs.builder()        
    .actions(AutomationRuleModifyPropertiesActionArgs.builder()
        .actionType("ModifyProperties")
        .order(0)
        .actionConfiguration(IncidentPropertiesActionArgs.builder()
            .classification("string")
            .classificationComment("string")
            .classificationReason("string")
            .labels(IncidentLabelArgs.builder()
                .labelName("string")
                .build())
            .owner(IncidentOwnerInfoArgs.builder()
                .assignedTo("string")
                .email("string")
                .objectId("string")
                .ownerType("string")
                .userPrincipalName("string")
                .build())
            .severity("string")
            .status("string")
            .build())
        .build())
    .displayName("string")
    .order(0)
    .resourceGroupName("string")
    .triggeringLogic(AutomationRuleTriggeringLogicArgs.builder()
        .isEnabled(false)
        .triggersOn("string")
        .triggersWhen("string")
        .conditions(PropertyArrayChangedConditionPropertiesArgs.builder()
            .conditionType("PropertyArrayChanged")
            .conditionProperties(AutomationRulePropertyArrayChangedValuesConditionArgs.builder()
                .arrayType("string")
                .changeType("string")
                .build())
            .build())
        .expirationTimeUtc("string")
        .build())
    .workspaceName("string")
    .automationRuleId("string")
    .build());

automation_rule_resource = azure_native.securityinsights.AutomationRule("automationRuleResource",
    actions=[azure_native.securityinsights.AutomationRuleModifyPropertiesActionArgs(
        action_type="ModifyProperties",
        order=0,
        action_configuration=azure_native.securityinsights.IncidentPropertiesActionArgs(
            classification="string",
            classification_comment="string",
            classification_reason="string",
            labels=[azure_native.securityinsights.IncidentLabelArgs(
                label_name="string",
            )],
            owner=azure_native.securityinsights.IncidentOwnerInfoArgs(
                assigned_to="string",
                email="string",
                object_id="string",
                owner_type="string",
                user_principal_name="string",
            ),
            severity="string",
            status="string",
        ),
    )],
    display_name="string",
    order=0,
    resource_group_name="string",
    triggering_logic=azure_native.securityinsights.AutomationRuleTriggeringLogicArgs(
        is_enabled=False,
        triggers_on="string",
        triggers_when="string",
        conditions=[azure_native.securityinsights.PropertyArrayChangedConditionPropertiesArgs(
            condition_type="PropertyArrayChanged",
            condition_properties=azure_native.securityinsights.AutomationRulePropertyArrayChangedValuesConditionArgs(
                array_type="string",
                change_type="string",
            ),
        )],
        expiration_time_utc="string",
    ),
    workspace_name="string",
    automation_rule_id="string")

const automationRuleResource = new azure_native.securityinsights.AutomationRule("automationRuleResource", {
    actions: [{
        actionType: "ModifyProperties",
        order: 0,
        actionConfiguration: {
            classification: "string",
            classificationComment: "string",
            classificationReason: "string",
            labels: [{
                labelName: "string",
            }],
            owner: {
                assignedTo: "string",
                email: "string",
                objectId: "string",
                ownerType: "string",
                userPrincipalName: "string",
            },
            severity: "string",
            status: "string",
        },
    }],
    displayName: "string",
    order: 0,
    resourceGroupName: "string",
    triggeringLogic: {
        isEnabled: false,
        triggersOn: "string",
        triggersWhen: "string",
        conditions: [{
            conditionType: "PropertyArrayChanged",
            conditionProperties: {
                arrayType: "string",
                changeType: "string",
            },
        }],
        expirationTimeUtc: "string",
    },
    workspaceName: "string",
    automationRuleId: "string",
});

type: azure-native:securityinsights:AutomationRule
properties:
    actions:
        - actionConfiguration:
            classification: string
            classificationComment: string
            classificationReason: string
            labels:
                - labelName: string
            owner:
                assignedTo: string
                email: string
                objectId: string
                ownerType: string
                userPrincipalName: string
            severity: string
            status: string
          actionType: ModifyProperties
          order: 0
    automationRuleId: string
    displayName: string
    order: 0
    resourceGroupName: string
    triggeringLogic:
        conditions:
            - conditionProperties:
                arrayType: string
                changeType: string
              conditionType: PropertyArrayChanged
        expirationTimeUtc: string
        isEnabled: false
        triggersOn: string
        triggersWhen: string
    workspaceName: string

AutomationRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AutomationRule resource accepts the following input properties:

Actions List<Union<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesAction, Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs>>: The actions to execute when the automation rule is triggered.
DisplayName string: The display name of the automation rule.
Order int: The order of execution of the automation rule.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
TriggeringLogic Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
WorkspaceName string: The name of the workspace.
AutomationRuleId string: Automation rule ID

Actions []interface{}: The actions to execute when the automation rule is triggered.
DisplayName string: The display name of the automation rule.
Order int: The order of execution of the automation rule.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
TriggeringLogic AutomationRuleTriggeringLogicArgs: Describes automation rule triggering logic.
WorkspaceName string: The name of the workspace.
AutomationRuleId string: Automation rule ID

actions List<Either<AutomationRuleModifyPropertiesAction,AutomationRuleRunPlaybookActionArgs>>: The actions to execute when the automation rule is triggered.
displayName String: The display name of the automation rule.
order Integer: The order of execution of the automation rule.
resourceGroupName String: The name of the resource group. The name is case insensitive.
triggeringLogic AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
workspaceName String: The name of the workspace.
automationRuleId String: Automation rule ID

actions (AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookActionArgs)[]: The actions to execute when the automation rule is triggered.
displayName string: The display name of the automation rule.
order number: The order of execution of the automation rule.
resourceGroupName string: The name of the resource group. The name is case insensitive.
triggeringLogic AutomationRuleTriggeringLogic: Describes automation rule triggering logic.
workspaceName string: The name of the workspace.
automationRuleId string: Automation rule ID

actions Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]: The actions to execute when the automation rule is triggered.
display_name str: The display name of the automation rule.
order int: The order of execution of the automation rule.
resource_group_name str: The name of the resource group. The name is case insensitive.
triggering_logic AutomationRuleTriggeringLogicArgs: Describes automation rule triggering logic.
workspace_name str: The name of the workspace.
automation_rule_id str: Automation rule ID

actions List<Property Map | Property Map>: The actions to execute when the automation rule is triggered.
displayName String: The display name of the automation rule.
order Number: The order of execution of the automation rule.
resourceGroupName String: The name of the resource group. The name is case insensitive.
triggeringLogic Property Map: Describes automation rule triggering logic.
workspaceName String: The name of the workspace.
automationRuleId String: Automation rule ID

Outputs

All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

CreatedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse: Information on the client (user or application) that made some action
CreatedTimeUtc string: The time the automation rule was created.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse: Information on the client (user or application) that made some action
LastModifiedTimeUtc string: The last time the automation rule was updated.
Name string: The name of the resource
SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Etag string: Etag of the azure resource

CreatedBy ClientInfoResponse: Information on the client (user or application) that made some action
CreatedTimeUtc string: The time the automation rule was created.
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
LastModifiedTimeUtc string: The last time the automation rule was updated.
Name string: The name of the resource
SystemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Etag string: Etag of the azure resource

createdBy ClientInfoResponse: Information on the client (user or application) that made some action
createdTimeUtc String: The time the automation rule was created.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
lastModifiedTimeUtc String: The last time the automation rule was updated.
name String: The name of the resource
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag String: Etag of the azure resource

createdBy ClientInfoResponse: Information on the client (user or application) that made some action
createdTimeUtc string: The time the automation rule was created.
id string: The provider-assigned unique ID for this managed resource.
lastModifiedBy ClientInfoResponse: Information on the client (user or application) that made some action
lastModifiedTimeUtc string: The last time the automation rule was updated.
name string: The name of the resource
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag string: Etag of the azure resource

created_by ClientInfoResponse: Information on the client (user or application) that made some action
created_time_utc str: The time the automation rule was created.
id str: The provider-assigned unique ID for this managed resource.
last_modified_by ClientInfoResponse: Information on the client (user or application) that made some action
last_modified_time_utc str: The last time the automation rule was updated.
name str: The name of the resource
system_data SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type str: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag str: Etag of the azure resource

createdBy Property Map: Information on the client (user or application) that made some action
createdTimeUtc String: The time the automation rule was created.
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy Property Map: Information on the client (user or application) that made some action
lastModifiedTimeUtc String: The last time the automation rule was updated.
name String: The name of the resource
systemData Property Map: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag String: Etag of the azure resource

Supporting Types

AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.IncidentPropertiesAction

Order int
ActionConfiguration IncidentPropertiesAction

order Integer
actionConfiguration IncidentPropertiesAction

order number
actionConfiguration IncidentPropertiesAction

order int
action_configuration IncidentPropertiesAction

order Number
actionConfiguration Property Map

AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.IncidentPropertiesActionResponse

Order int
ActionConfiguration IncidentPropertiesActionResponse

order Integer
actionConfiguration IncidentPropertiesActionResponse

order number
actionConfiguration IncidentPropertiesActionResponse

order int
action_configuration IncidentPropertiesActionResponse

order Number
actionConfiguration Property Map

AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs

Alerts: AlertsEvaluate the condition on the alerts
Labels: LabelsEvaluate the condition on the labels
Tactics: TacticsEvaluate the condition on the tactics
Comments: CommentsEvaluate the condition on the comments

AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts: AlertsEvaluate the condition on the alerts
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels: LabelsEvaluate the condition on the labels
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics: TacticsEvaluate the condition on the tactics
AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments: CommentsEvaluate the condition on the comments

Alerts: AlertsEvaluate the condition on the alerts
Labels: LabelsEvaluate the condition on the labels
Tactics: TacticsEvaluate the condition on the tactics
Comments: CommentsEvaluate the condition on the comments

Alerts: AlertsEvaluate the condition on the alerts
Labels: LabelsEvaluate the condition on the labels
Tactics: TacticsEvaluate the condition on the tactics
Comments: CommentsEvaluate the condition on the comments

ALERTS: AlertsEvaluate the condition on the alerts
LABELS: LabelsEvaluate the condition on the labels
TACTICS: TacticsEvaluate the condition on the tactics
COMMENTS: CommentsEvaluate the condition on the comments

"Alerts": AlertsEvaluate the condition on the alerts
"Labels": LabelsEvaluate the condition on the labels
"Tactics": TacticsEvaluate the condition on the tactics
"Comments": CommentsEvaluate the condition on the comments

AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs

Added: AddedEvaluate the condition on items added to the array

AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded: AddedEvaluate the condition on items added to the array

Added: AddedEvaluate the condition on items added to the array

Added: AddedEvaluate the condition on items added to the array

ADDED: AddedEvaluate the condition on items added to the array

"Added": AddedEvaluate the condition on items added to the array

AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs

ArrayType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyArrayChangedConditionSupportedArrayType
ChangeType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyArrayChangedConditionSupportedChangeType

ArrayType string | AutomationRulePropertyArrayChangedConditionSupportedArrayType
ChangeType string | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType String | AutomationRulePropertyArrayChangedConditionSupportedArrayType
changeType String | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType string | AutomationRulePropertyArrayChangedConditionSupportedArrayType
changeType string | AutomationRulePropertyArrayChangedConditionSupportedChangeType

array_type str | AutomationRulePropertyArrayChangedConditionSupportedArrayType
change_type str | AutomationRulePropertyArrayChangedConditionSupportedChangeType

arrayType String | "Alerts" | "Labels" | "Tactics" | "Comments"
changeType String | "Added"

AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs

ArrayType string
ChangeType string

ArrayType string
ChangeType string

arrayType String
changeType String

arrayType string
changeType string

array_type str
change_type str

arrayType String
changeType String

AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs

ChangedFrom: ChangedFromEvaluate the condition on the previous value of the property
ChangedTo: ChangedToEvaluate the condition on the updated value of the property

AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom: ChangedFromEvaluate the condition on the previous value of the property
AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo: ChangedToEvaluate the condition on the updated value of the property

ChangedFrom: ChangedFromEvaluate the condition on the previous value of the property
ChangedTo: ChangedToEvaluate the condition on the updated value of the property

ChangedFrom: ChangedFromEvaluate the condition on the previous value of the property
ChangedTo: ChangedToEvaluate the condition on the updated value of the property

CHANGED_FROM: ChangedFromEvaluate the condition on the previous value of the property
CHANGED_TO: ChangedToEvaluate the condition on the updated value of the property

"ChangedFrom": ChangedFromEvaluate the condition on the previous value of the property
"ChangedTo": ChangedToEvaluate the condition on the updated value of the property

AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs

IncidentSeverity: IncidentSeverityEvaluate the condition on the incident severity
IncidentStatus: IncidentStatusEvaluate the condition on the incident status
IncidentOwner: IncidentOwnerEvaluate the condition on the incident owner

AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity: IncidentSeverityEvaluate the condition on the incident severity
AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus: IncidentStatusEvaluate the condition on the incident status
AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner: IncidentOwnerEvaluate the condition on the incident owner

IncidentSeverity: IncidentSeverityEvaluate the condition on the incident severity
IncidentStatus: IncidentStatusEvaluate the condition on the incident status
IncidentOwner: IncidentOwnerEvaluate the condition on the incident owner

IncidentSeverity: IncidentSeverityEvaluate the condition on the incident severity
IncidentStatus: IncidentStatusEvaluate the condition on the incident status
IncidentOwner: IncidentOwnerEvaluate the condition on the incident owner

INCIDENT_SEVERITY: IncidentSeverityEvaluate the condition on the incident severity
INCIDENT_STATUS: IncidentStatusEvaluate the condition on the incident status
INCIDENT_OWNER: IncidentOwnerEvaluate the condition on the incident owner

"IncidentSeverity": IncidentSeverityEvaluate the condition on the incident severity
"IncidentStatus": IncidentStatusEvaluate the condition on the incident status
"IncidentOwner": IncidentOwnerEvaluate the condition on the incident owner

AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

EqualsValue: EqualsEvaluates if the property equals at least one of the condition values
NotEquals: NotEqualsEvaluates if the property does not equal any of the condition values
Contains: ContainsEvaluates if the property contains at least one of the condition values
NotContains: NotContainsEvaluates if the property does not contain any of the condition values
StartsWith: StartsWithEvaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWithEvaluates if the property does not start with any of the condition values
EndsWith: EndsWithEvaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWithEvaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedOperatorEquals: EqualsEvaluates if the property equals at least one of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEquals: NotEqualsEvaluates if the property does not equal any of the condition values
AutomationRulePropertyConditionSupportedOperatorContains: ContainsEvaluates if the property contains at least one of the condition values
AutomationRulePropertyConditionSupportedOperatorNotContains: NotContainsEvaluates if the property does not contain any of the condition values
AutomationRulePropertyConditionSupportedOperatorStartsWith: StartsWithEvaluates if the property starts with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotStartsWith: NotStartsWithEvaluates if the property does not start with any of the condition values
AutomationRulePropertyConditionSupportedOperatorEndsWith: EndsWithEvaluates if the property ends with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEndsWith: NotEndsWithEvaluates if the property does not end with any of the condition values

Equals: EqualsEvaluates if the property equals at least one of the condition values
NotEquals: NotEqualsEvaluates if the property does not equal any of the condition values
Contains: ContainsEvaluates if the property contains at least one of the condition values
NotContains: NotContainsEvaluates if the property does not contain any of the condition values
StartsWith: StartsWithEvaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWithEvaluates if the property does not start with any of the condition values
EndsWith: EndsWithEvaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWithEvaluates if the property does not end with any of the condition values

Equals: EqualsEvaluates if the property equals at least one of the condition values
NotEquals: NotEqualsEvaluates if the property does not equal any of the condition values
Contains: ContainsEvaluates if the property contains at least one of the condition values
NotContains: NotContainsEvaluates if the property does not contain any of the condition values
StartsWith: StartsWithEvaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWithEvaluates if the property does not start with any of the condition values
EndsWith: EndsWithEvaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWithEvaluates if the property does not end with any of the condition values

EQUALS: EqualsEvaluates if the property equals at least one of the condition values
NOT_EQUALS: NotEqualsEvaluates if the property does not equal any of the condition values
CONTAINS: ContainsEvaluates if the property contains at least one of the condition values
NOT_CONTAINS: NotContainsEvaluates if the property does not contain any of the condition values
STARTS_WITH: StartsWithEvaluates if the property starts with any of the condition values
NOT_STARTS_WITH: NotStartsWithEvaluates if the property does not start with any of the condition values
ENDS_WITH: EndsWithEvaluates if the property ends with any of the condition values
NOT_ENDS_WITH: NotEndsWithEvaluates if the property does not end with any of the condition values

"Equals": EqualsEvaluates if the property equals at least one of the condition values
"NotEquals": NotEqualsEvaluates if the property does not equal any of the condition values
"Contains": ContainsEvaluates if the property contains at least one of the condition values
"NotContains": NotContainsEvaluates if the property does not contain any of the condition values
"StartsWith": StartsWithEvaluates if the property starts with any of the condition values
"NotStartsWith": NotStartsWithEvaluates if the property does not start with any of the condition values
"EndsWith": EndsWithEvaluates if the property ends with any of the condition values
"NotEndsWith": NotEndsWithEvaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

IncidentTitle: IncidentTitleThe title of the incident
IncidentDescription: IncidentDescriptionThe description of the incident
IncidentSeverity: IncidentSeverityThe severity of the incident
IncidentStatus: IncidentStatusThe status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
IncidentTactics: IncidentTacticsThe tactics of the incident
IncidentLabel: IncidentLabelThe labels of the incident
IncidentProviderName: IncidentProviderNameThe provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySourceThe update source of the incident
AccountAadTenantId: AccountAadTenantIdThe account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserIdThe account Azure Active Directory user id
AccountName: AccountNameThe account name
AccountNTDomain: AccountNTDomainThe account NetBIOS domain name
AccountPUID: AccountPUIDThe account Azure Active Directory Passport User ID
AccountSid: AccountSidThe account security identifier
AccountObjectGuid: AccountObjectGuidThe account unique identifier
AccountUPNSuffix: AccountUPNSuffixThe account user principal name suffix
AlertProductNames: AlertProductNamesThe name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIdsThe analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceIdThe Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionIdThe Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppIdThe cloud application identifier
CloudApplicationAppName: CloudApplicationAppNameThe cloud application name
DNSDomainName: DNSDomainNameThe dns record domain name
FileDirectory: FileDirectoryThe file directory full path
FileName: FileNameThe file name without path
FileHashValue: FileHashValueThe file hash value
HostAzureID: HostAzureIDThe host Azure resource id
HostName: HostNameThe host name without domain
HostNetBiosName: HostNetBiosNameThe host NetBIOS name
HostNTDomain: HostNTDomainThe host NT domain
HostOSVersion: HostOSVersionThe host operating system
IoTDeviceId: IoTDeviceId"The IoT device id
IoTDeviceName: IoTDeviceNameThe IoT device name
IoTDeviceType: IoTDeviceTypeThe IoT device type
IoTDeviceVendor: IoTDeviceVendorThe IoT device vendor
IoTDeviceModel: IoTDeviceModelThe IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystemThe IoT device operating system
IPAddress: IPAddressThe IP address
MailboxDisplayName: MailboxDisplayNameThe mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddressThe mailbox primary address
MailboxUPN: MailboxUPNThe mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryActionThe mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocationThe mail message delivery location
MailMessageRecipient: MailMessageRecipientThe mail message recipient
MailMessageSenderIP: MailMessageSenderIPThe mail message sender IP address
MailMessageSubject: MailMessageSubjectThe mail message subject
MailMessageP1Sender: MailMessageP1SenderThe mail message P1 sender
MailMessageP2Sender: MailMessageP2SenderThe mail message P2 sender
MalwareCategory: MalwareCategoryThe malware category
MalwareName: MalwareNameThe malware name
ProcessCommandLine: ProcessCommandLineThe process execution command line
ProcessId: ProcessIdThe process id
RegistryKey: RegistryKeyThe registry key path
RegistryValueData: RegistryValueDataThe registry key value in string formatted representation
Url: UrlThe url

AutomationRulePropertyConditionSupportedPropertyIncidentTitle: IncidentTitleThe title of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentDescription: IncidentDescriptionThe description of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentSeverity: IncidentSeverityThe severity of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentStatus: IncidentStatusThe status of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentTactics: IncidentTacticsThe tactics of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentLabel: IncidentLabelThe labels of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentProviderName: IncidentProviderNameThe provider name of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource: IncidentUpdatedBySourceThe update source of the incident
AutomationRulePropertyConditionSupportedPropertyAccountAadTenantId: AccountAadTenantIdThe account Azure Active Directory tenant id
AutomationRulePropertyConditionSupportedPropertyAccountAadUserId: AccountAadUserIdThe account Azure Active Directory user id
AutomationRulePropertyConditionSupportedPropertyAccountName: AccountNameThe account name
AutomationRulePropertyConditionSupportedPropertyAccountNTDomain: AccountNTDomainThe account NetBIOS domain name
AutomationRulePropertyConditionSupportedPropertyAccountPUID: AccountPUIDThe account Azure Active Directory Passport User ID
AutomationRulePropertyConditionSupportedPropertyAccountSid: AccountSidThe account security identifier
AutomationRulePropertyConditionSupportedPropertyAccountObjectGuid: AccountObjectGuidThe account unique identifier
AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix: AccountUPNSuffixThe account user principal name suffix
AutomationRulePropertyConditionSupportedPropertyAlertProductNames: AlertProductNamesThe name of the product of the alert
AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIds: AlertAnalyticRuleIdsThe analytic rule ids of the alert
AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceId: AzureResourceResourceIdThe Azure resource id
AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionId: AzureResourceSubscriptionIdThe Azure resource subscription id
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppId: CloudApplicationAppIdThe cloud application identifier
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName: CloudApplicationAppNameThe cloud application name
AutomationRulePropertyConditionSupportedPropertyDNSDomainName: DNSDomainNameThe dns record domain name
AutomationRulePropertyConditionSupportedPropertyFileDirectory: FileDirectoryThe file directory full path
AutomationRulePropertyConditionSupportedPropertyFileName: FileNameThe file name without path
AutomationRulePropertyConditionSupportedPropertyFileHashValue: FileHashValueThe file hash value
AutomationRulePropertyConditionSupportedPropertyHostAzureID: HostAzureIDThe host Azure resource id
AutomationRulePropertyConditionSupportedPropertyHostName: HostNameThe host name without domain
AutomationRulePropertyConditionSupportedPropertyHostNetBiosName: HostNetBiosNameThe host NetBIOS name
AutomationRulePropertyConditionSupportedPropertyHostNTDomain: HostNTDomainThe host NT domain
AutomationRulePropertyConditionSupportedPropertyHostOSVersion: HostOSVersionThe host operating system
AutomationRulePropertyConditionSupportedPropertyIoTDeviceId: IoTDeviceId"The IoT device id
AutomationRulePropertyConditionSupportedPropertyIoTDeviceName: IoTDeviceNameThe IoT device name
AutomationRulePropertyConditionSupportedPropertyIoTDeviceType: IoTDeviceTypeThe IoT device type
AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor: IoTDeviceVendorThe IoT device vendor
AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel: IoTDeviceModelThe IoT device model
AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem: IoTDeviceOperatingSystemThe IoT device operating system
AutomationRulePropertyConditionSupportedPropertyIPAddress: IPAddressThe IP address
AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName: MailboxDisplayNameThe mailbox display name
AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress: MailboxPrimaryAddressThe mailbox primary address
AutomationRulePropertyConditionSupportedPropertyMailboxUPN: MailboxUPNThe mailbox user principal name
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction: MailMessageDeliveryActionThe mail message delivery action
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation: MailMessageDeliveryLocationThe mail message delivery location
AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient: MailMessageRecipientThe mail message recipient
AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP: MailMessageSenderIPThe mail message sender IP address
AutomationRulePropertyConditionSupportedPropertyMailMessageSubject: MailMessageSubjectThe mail message subject
AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender: MailMessageP1SenderThe mail message P1 sender
AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender: MailMessageP2SenderThe mail message P2 sender
AutomationRulePropertyConditionSupportedPropertyMalwareCategory: MalwareCategoryThe malware category
AutomationRulePropertyConditionSupportedPropertyMalwareName: MalwareNameThe malware name
AutomationRulePropertyConditionSupportedPropertyProcessCommandLine: ProcessCommandLineThe process execution command line
AutomationRulePropertyConditionSupportedPropertyProcessId: ProcessIdThe process id
AutomationRulePropertyConditionSupportedPropertyRegistryKey: RegistryKeyThe registry key path
AutomationRulePropertyConditionSupportedPropertyRegistryValueData: RegistryValueDataThe registry key value in string formatted representation
AutomationRulePropertyConditionSupportedPropertyUrl: UrlThe url

IncidentTitle: IncidentTitleThe title of the incident
IncidentDescription: IncidentDescriptionThe description of the incident
IncidentSeverity: IncidentSeverityThe severity of the incident
IncidentStatus: IncidentStatusThe status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
IncidentTactics: IncidentTacticsThe tactics of the incident
IncidentLabel: IncidentLabelThe labels of the incident
IncidentProviderName: IncidentProviderNameThe provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySourceThe update source of the incident
AccountAadTenantId: AccountAadTenantIdThe account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserIdThe account Azure Active Directory user id
AccountName: AccountNameThe account name
AccountNTDomain: AccountNTDomainThe account NetBIOS domain name
AccountPUID: AccountPUIDThe account Azure Active Directory Passport User ID
AccountSid: AccountSidThe account security identifier
AccountObjectGuid: AccountObjectGuidThe account unique identifier
AccountUPNSuffix: AccountUPNSuffixThe account user principal name suffix
AlertProductNames: AlertProductNamesThe name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIdsThe analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceIdThe Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionIdThe Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppIdThe cloud application identifier
CloudApplicationAppName: CloudApplicationAppNameThe cloud application name
DNSDomainName: DNSDomainNameThe dns record domain name
FileDirectory: FileDirectoryThe file directory full path
FileName: FileNameThe file name without path
FileHashValue: FileHashValueThe file hash value
HostAzureID: HostAzureIDThe host Azure resource id
HostName: HostNameThe host name without domain
HostNetBiosName: HostNetBiosNameThe host NetBIOS name
HostNTDomain: HostNTDomainThe host NT domain
HostOSVersion: HostOSVersionThe host operating system
IoTDeviceId: IoTDeviceId"The IoT device id
IoTDeviceName: IoTDeviceNameThe IoT device name
IoTDeviceType: IoTDeviceTypeThe IoT device type
IoTDeviceVendor: IoTDeviceVendorThe IoT device vendor
IoTDeviceModel: IoTDeviceModelThe IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystemThe IoT device operating system
IPAddress: IPAddressThe IP address
MailboxDisplayName: MailboxDisplayNameThe mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddressThe mailbox primary address
MailboxUPN: MailboxUPNThe mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryActionThe mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocationThe mail message delivery location
MailMessageRecipient: MailMessageRecipientThe mail message recipient
MailMessageSenderIP: MailMessageSenderIPThe mail message sender IP address
MailMessageSubject: MailMessageSubjectThe mail message subject
MailMessageP1Sender: MailMessageP1SenderThe mail message P1 sender
MailMessageP2Sender: MailMessageP2SenderThe mail message P2 sender
MalwareCategory: MalwareCategoryThe malware category
MalwareName: MalwareNameThe malware name
ProcessCommandLine: ProcessCommandLineThe process execution command line
ProcessId: ProcessIdThe process id
RegistryKey: RegistryKeyThe registry key path
RegistryValueData: RegistryValueDataThe registry key value in string formatted representation
Url: UrlThe url

IncidentTitle: IncidentTitleThe title of the incident
IncidentDescription: IncidentDescriptionThe description of the incident
IncidentSeverity: IncidentSeverityThe severity of the incident
IncidentStatus: IncidentStatusThe status of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
IncidentTactics: IncidentTacticsThe tactics of the incident
IncidentLabel: IncidentLabelThe labels of the incident
IncidentProviderName: IncidentProviderNameThe provider name of the incident
IncidentUpdatedBySource: IncidentUpdatedBySourceThe update source of the incident
AccountAadTenantId: AccountAadTenantIdThe account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserIdThe account Azure Active Directory user id
AccountName: AccountNameThe account name
AccountNTDomain: AccountNTDomainThe account NetBIOS domain name
AccountPUID: AccountPUIDThe account Azure Active Directory Passport User ID
AccountSid: AccountSidThe account security identifier
AccountObjectGuid: AccountObjectGuidThe account unique identifier
AccountUPNSuffix: AccountUPNSuffixThe account user principal name suffix
AlertProductNames: AlertProductNamesThe name of the product of the alert
AlertAnalyticRuleIds: AlertAnalyticRuleIdsThe analytic rule ids of the alert
AzureResourceResourceId: AzureResourceResourceIdThe Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionIdThe Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppIdThe cloud application identifier
CloudApplicationAppName: CloudApplicationAppNameThe cloud application name
DNSDomainName: DNSDomainNameThe dns record domain name
FileDirectory: FileDirectoryThe file directory full path
FileName: FileNameThe file name without path
FileHashValue: FileHashValueThe file hash value
HostAzureID: HostAzureIDThe host Azure resource id
HostName: HostNameThe host name without domain
HostNetBiosName: HostNetBiosNameThe host NetBIOS name
HostNTDomain: HostNTDomainThe host NT domain
HostOSVersion: HostOSVersionThe host operating system
IoTDeviceId: IoTDeviceId"The IoT device id
IoTDeviceName: IoTDeviceNameThe IoT device name
IoTDeviceType: IoTDeviceTypeThe IoT device type
IoTDeviceVendor: IoTDeviceVendorThe IoT device vendor
IoTDeviceModel: IoTDeviceModelThe IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystemThe IoT device operating system
IPAddress: IPAddressThe IP address
MailboxDisplayName: MailboxDisplayNameThe mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddressThe mailbox primary address
MailboxUPN: MailboxUPNThe mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryActionThe mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocationThe mail message delivery location
MailMessageRecipient: MailMessageRecipientThe mail message recipient
MailMessageSenderIP: MailMessageSenderIPThe mail message sender IP address
MailMessageSubject: MailMessageSubjectThe mail message subject
MailMessageP1Sender: MailMessageP1SenderThe mail message P1 sender
MailMessageP2Sender: MailMessageP2SenderThe mail message P2 sender
MalwareCategory: MalwareCategoryThe malware category
MalwareName: MalwareNameThe malware name
ProcessCommandLine: ProcessCommandLineThe process execution command line
ProcessId: ProcessIdThe process id
RegistryKey: RegistryKeyThe registry key path
RegistryValueData: RegistryValueDataThe registry key value in string formatted representation
Url: UrlThe url

INCIDENT_TITLE: IncidentTitleThe title of the incident
INCIDENT_DESCRIPTION: IncidentDescriptionThe description of the incident
INCIDENT_SEVERITY: IncidentSeverityThe severity of the incident
INCIDENT_STATUS: IncidentStatusThe status of the incident
INCIDENT_RELATED_ANALYTIC_RULE_IDS: IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
INCIDENT_TACTICS: IncidentTacticsThe tactics of the incident
INCIDENT_LABEL: IncidentLabelThe labels of the incident
INCIDENT_PROVIDER_NAME: IncidentProviderNameThe provider name of the incident
INCIDENT_UPDATED_BY_SOURCE: IncidentUpdatedBySourceThe update source of the incident
ACCOUNT_AAD_TENANT_ID: AccountAadTenantIdThe account Azure Active Directory tenant id
ACCOUNT_AAD_USER_ID: AccountAadUserIdThe account Azure Active Directory user id
ACCOUNT_NAME: AccountNameThe account name
ACCOUNT_NT_DOMAIN: AccountNTDomainThe account NetBIOS domain name
ACCOUNT_PUID: AccountPUIDThe account Azure Active Directory Passport User ID
ACCOUNT_SID: AccountSidThe account security identifier
ACCOUNT_OBJECT_GUID: AccountObjectGuidThe account unique identifier
ACCOUNT_UPN_SUFFIX: AccountUPNSuffixThe account user principal name suffix
ALERT_PRODUCT_NAMES: AlertProductNamesThe name of the product of the alert
ALERT_ANALYTIC_RULE_IDS: AlertAnalyticRuleIdsThe analytic rule ids of the alert
AZURE_RESOURCE_RESOURCE_ID: AzureResourceResourceIdThe Azure resource id
AZURE_RESOURCE_SUBSCRIPTION_ID: AzureResourceSubscriptionIdThe Azure resource subscription id
CLOUD_APPLICATION_APP_ID: CloudApplicationAppIdThe cloud application identifier
CLOUD_APPLICATION_APP_NAME: CloudApplicationAppNameThe cloud application name
DNS_DOMAIN_NAME: DNSDomainNameThe dns record domain name
FILE_DIRECTORY: FileDirectoryThe file directory full path
FILE_NAME: FileNameThe file name without path
FILE_HASH_VALUE: FileHashValueThe file hash value
HOST_AZURE_ID: HostAzureIDThe host Azure resource id
HOST_NAME: HostNameThe host name without domain
HOST_NET_BIOS_NAME: HostNetBiosNameThe host NetBIOS name
HOST_NT_DOMAIN: HostNTDomainThe host NT domain
HOST_OS_VERSION: HostOSVersionThe host operating system
IO_T_DEVICE_ID: IoTDeviceId"The IoT device id
IO_T_DEVICE_NAME: IoTDeviceNameThe IoT device name
IO_T_DEVICE_TYPE: IoTDeviceTypeThe IoT device type
IO_T_DEVICE_VENDOR: IoTDeviceVendorThe IoT device vendor
IO_T_DEVICE_MODEL: IoTDeviceModelThe IoT device model
IO_T_DEVICE_OPERATING_SYSTEM: IoTDeviceOperatingSystemThe IoT device operating system
IP_ADDRESS: IPAddressThe IP address
MAILBOX_DISPLAY_NAME: MailboxDisplayNameThe mailbox display name
MAILBOX_PRIMARY_ADDRESS: MailboxPrimaryAddressThe mailbox primary address
MAILBOX_UPN: MailboxUPNThe mailbox user principal name
MAIL_MESSAGE_DELIVERY_ACTION: MailMessageDeliveryActionThe mail message delivery action
MAIL_MESSAGE_DELIVERY_LOCATION: MailMessageDeliveryLocationThe mail message delivery location
MAIL_MESSAGE_RECIPIENT: MailMessageRecipientThe mail message recipient
MAIL_MESSAGE_SENDER_IP: MailMessageSenderIPThe mail message sender IP address
MAIL_MESSAGE_SUBJECT: MailMessageSubjectThe mail message subject
MAIL_MESSAGE_P1_SENDER: MailMessageP1SenderThe mail message P1 sender
MAIL_MESSAGE_P2_SENDER: MailMessageP2SenderThe mail message P2 sender
MALWARE_CATEGORY: MalwareCategoryThe malware category
MALWARE_NAME: MalwareNameThe malware name
PROCESS_COMMAND_LINE: ProcessCommandLineThe process execution command line
PROCESS_ID: ProcessIdThe process id
REGISTRY_KEY: RegistryKeyThe registry key path
REGISTRY_VALUE_DATA: RegistryValueDataThe registry key value in string formatted representation
URL: UrlThe url

"IncidentTitle": IncidentTitleThe title of the incident
"IncidentDescription": IncidentDescriptionThe description of the incident
"IncidentSeverity": IncidentSeverityThe severity of the incident
"IncidentStatus": IncidentStatusThe status of the incident
"IncidentRelatedAnalyticRuleIds": IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
"IncidentTactics": IncidentTacticsThe tactics of the incident
"IncidentLabel": IncidentLabelThe labels of the incident
"IncidentProviderName": IncidentProviderNameThe provider name of the incident
"IncidentUpdatedBySource": IncidentUpdatedBySourceThe update source of the incident
"AccountAadTenantId": AccountAadTenantIdThe account Azure Active Directory tenant id
"AccountAadUserId": AccountAadUserIdThe account Azure Active Directory user id
"AccountName": AccountNameThe account name
"AccountNTDomain": AccountNTDomainThe account NetBIOS domain name
"AccountPUID": AccountPUIDThe account Azure Active Directory Passport User ID
"AccountSid": AccountSidThe account security identifier
"AccountObjectGuid": AccountObjectGuidThe account unique identifier
"AccountUPNSuffix": AccountUPNSuffixThe account user principal name suffix
"AlertProductNames": AlertProductNamesThe name of the product of the alert
"AlertAnalyticRuleIds": AlertAnalyticRuleIdsThe analytic rule ids of the alert
"AzureResourceResourceId": AzureResourceResourceIdThe Azure resource id
"AzureResourceSubscriptionId": AzureResourceSubscriptionIdThe Azure resource subscription id
"CloudApplicationAppId": CloudApplicationAppIdThe cloud application identifier
"CloudApplicationAppName": CloudApplicationAppNameThe cloud application name
"DNSDomainName": DNSDomainNameThe dns record domain name
"FileDirectory": FileDirectoryThe file directory full path
"FileName": FileNameThe file name without path
"FileHashValue": FileHashValueThe file hash value
"HostAzureID": HostAzureIDThe host Azure resource id
"HostName": HostNameThe host name without domain
"HostNetBiosName": HostNetBiosNameThe host NetBIOS name
"HostNTDomain": HostNTDomainThe host NT domain
"HostOSVersion": HostOSVersionThe host operating system
"IoTDeviceId": IoTDeviceId"The IoT device id
"IoTDeviceName": IoTDeviceNameThe IoT device name
"IoTDeviceType": IoTDeviceTypeThe IoT device type
"IoTDeviceVendor": IoTDeviceVendorThe IoT device vendor
"IoTDeviceModel": IoTDeviceModelThe IoT device model
"IoTDeviceOperatingSystem": IoTDeviceOperatingSystemThe IoT device operating system
"IPAddress": IPAddressThe IP address
"MailboxDisplayName": MailboxDisplayNameThe mailbox display name
"MailboxPrimaryAddress": MailboxPrimaryAddressThe mailbox primary address
"MailboxUPN": MailboxUPNThe mailbox user principal name
"MailMessageDeliveryAction": MailMessageDeliveryActionThe mail message delivery action
"MailMessageDeliveryLocation": MailMessageDeliveryLocationThe mail message delivery location
"MailMessageRecipient": MailMessageRecipientThe mail message recipient
"MailMessageSenderIP": MailMessageSenderIPThe mail message sender IP address
"MailMessageSubject": MailMessageSubjectThe mail message subject
"MailMessageP1Sender": MailMessageP1SenderThe mail message P1 sender
"MailMessageP2Sender": MailMessageP2SenderThe mail message P2 sender
"MalwareCategory": MalwareCategoryThe malware category
"MalwareName": MalwareNameThe malware name
"ProcessCommandLine": ProcessCommandLineThe process execution command line
"ProcessId": ProcessIdThe process id
"RegistryKey": RegistryKeyThe registry key path
"RegistryValueData": RegistryValueDataThe registry key value in string formatted representation
"Url": UrlThe url

AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs

ChangeType string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyChangedConditionSupportedChangedType
Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator
PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyChangedConditionSupportedPropertyType
PropertyValues List<string>

ChangeType string | AutomationRulePropertyChangedConditionSupportedChangedType
Operator string | AutomationRulePropertyConditionSupportedOperator
PropertyName string | AutomationRulePropertyChangedConditionSupportedPropertyType
PropertyValues []string

changeType String | AutomationRulePropertyChangedConditionSupportedChangedType
operator String | AutomationRulePropertyConditionSupportedOperator
propertyName String | AutomationRulePropertyChangedConditionSupportedPropertyType
propertyValues List<String>

changeType string | AutomationRulePropertyChangedConditionSupportedChangedType
operator string | AutomationRulePropertyConditionSupportedOperator
propertyName string | AutomationRulePropertyChangedConditionSupportedPropertyType
propertyValues string[]

change_type str | AutomationRulePropertyChangedConditionSupportedChangedType
operator str | AutomationRulePropertyConditionSupportedOperator
property_name str | AutomationRulePropertyChangedConditionSupportedPropertyType
property_values Sequence[str]

changeType String | "ChangedFrom" | "ChangedTo"
operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
propertyName String | "IncidentSeverity" | "IncidentStatus" | "IncidentOwner"
propertyValues List<String>

AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs

ChangeType string
Operator string
PropertyName string
PropertyValues List<string>

ChangeType string
Operator string
PropertyName string
PropertyValues []string

changeType String
operator String
propertyName String
propertyValues List<String>

changeType string
operator string
propertyName string
propertyValues string[]

change_type str
operator str
property_name str
property_values Sequence[str]

changeType String
operator String
propertyName String
propertyValues List<String>

AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator
PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
PropertyValues List<string>

Operator string | AutomationRulePropertyConditionSupportedOperator
PropertyName string | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
PropertyValues []string

operator String | AutomationRulePropertyConditionSupportedOperator
propertyName String | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
propertyValues List<String>

operator string | AutomationRulePropertyConditionSupportedOperator
propertyName string | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
propertyValues string[]

operator str | AutomationRulePropertyConditionSupportedOperator
property_name str | AutomationRulePropertyConditionSupportedProperty: The property to evaluate in an automation rule property condition.
property_values Sequence[str]

operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
propertyName String | "IncidentTitle" | "IncidentDescription" | "IncidentSeverity" | "IncidentStatus" | "IncidentRelatedAnalyticRuleIds" | "IncidentTactics" | "IncidentLabel" | "IncidentProviderName" | "IncidentUpdatedBySource" | "AccountAadTenantId" | "AccountAadUserId" | "AccountName" | "AccountNTDomain" | "AccountPUID" | "AccountSid" | "AccountObjectGuid" | "AccountUPNSuffix" | "AlertProductNames" | "AlertAnalyticRuleIds" | "AzureResourceResourceId" | "AzureResourceSubscriptionId" | "CloudApplicationAppId" | "CloudApplicationAppName" | "DNSDomainName" | "FileDirectory" | "FileName" | "FileHashValue" | "HostAzureID" | "HostName" | "HostNetBiosName" | "HostNTDomain" | "HostOSVersion" | "IoTDeviceId" | "IoTDeviceName" | "IoTDeviceType" | "IoTDeviceVendor" | "IoTDeviceModel" | "IoTDeviceOperatingSystem" | "IPAddress" | "MailboxDisplayName" | "MailboxPrimaryAddress" | "MailboxUPN" | "MailMessageDeliveryAction" | "MailMessageDeliveryLocation" | "MailMessageRecipient" | "MailMessageSenderIP" | "MailMessageSubject" | "MailMessageP1Sender" | "MailMessageP2Sender" | "MalwareCategory" | "MalwareName" | "ProcessCommandLine" | "ProcessId" | "RegistryKey" | "RegistryValueData" | "Url": The property to evaluate in an automation rule property condition.
propertyValues List<String>

AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

Operator string
PropertyName string: The property to evaluate in an automation rule property condition.
PropertyValues List<string>

Operator string
PropertyName string: The property to evaluate in an automation rule property condition.
PropertyValues []string

operator String
propertyName String: The property to evaluate in an automation rule property condition.
propertyValues List<String>

operator string
propertyName string: The property to evaluate in an automation rule property condition.
propertyValues string[]

operator str
property_name str: The property to evaluate in an automation rule property condition.
property_values Sequence[str]

operator String
propertyName String: The property to evaluate in an automation rule property condition.
propertyValues List<String>

AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.PlaybookActionProperties

Order int
ActionConfiguration PlaybookActionProperties

order Integer
actionConfiguration PlaybookActionProperties

order number
actionConfiguration PlaybookActionProperties

order int
action_configuration PlaybookActionProperties

order Number
actionConfiguration Property Map

AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

Order int
ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.PlaybookActionPropertiesResponse

Order int
ActionConfiguration PlaybookActionPropertiesResponse

order Integer
actionConfiguration PlaybookActionPropertiesResponse

order number
actionConfiguration PlaybookActionPropertiesResponse

order int
action_configuration PlaybookActionPropertiesResponse

order Number
actionConfiguration Property Map

AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string | Pulumi.AzureNative.SecurityInsights.TriggersOn
TriggersWhen string | Pulumi.AzureNative.SecurityInsights.TriggersWhen
Conditions List<object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string | TriggersOn
TriggersWhen string | TriggersWhen
Conditions []interface{}: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String | TriggersOn
triggersWhen String | TriggersWhen
conditions List<Object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean: Determines whether the automation rule is enabled or disabled.
triggersOn string | TriggersOn
triggersWhen string | TriggersWhen
conditions (PropertyArrayChangedConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties)[]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

is_enabled bool: Determines whether the automation rule is enabled or disabled.
triggers_on str | TriggersOn
triggers_when str | TriggersWhen
conditions Sequence[Union[PropertyArrayChangedConditionProperties, PropertyChangedConditionProperties, PropertyConditionProperties]]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expiration_time_utc str: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String | "Incidents" | "Alerts"
triggersWhen String | "Created" | "Updated"
conditions List<Property Map | Property Map | Property Map>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string
TriggersWhen string
Conditions List<object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string
TriggersWhen string
Conditions []interface{}: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String
triggersWhen String
conditions List<Object>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean: Determines whether the automation rule is enabled or disabled.
triggersOn string
triggersWhen string
conditions (PropertyArrayChangedConditionPropertiesResponse | PropertyChangedConditionPropertiesResponse | PropertyConditionPropertiesResponse)[]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

is_enabled bool: Determines whether the automation rule is enabled or disabled.
triggers_on str
triggers_when str
conditions Sequence[Union[PropertyArrayChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponse, PropertyConditionPropertiesResponse]]: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expiration_time_utc str: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String
triggersWhen String
conditions List<Property Map | Property Map | Property Map>: The conditions to evaluate to determine if the automation rule should be triggered on a given object.
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

ClientInfoResponse, ClientInfoResponseArgs

Email string: The email of the client.
Name string: The name of the client.
ObjectId string: The object id of the client.
UserPrincipalName string: The user principal name of the client.

Email string: The email of the client.
Name string: The name of the client.
ObjectId string: The object id of the client.
UserPrincipalName string: The user principal name of the client.

email String: The email of the client.
name String: The name of the client.
objectId String: The object id of the client.
userPrincipalName String: The user principal name of the client.

email string: The email of the client.
name string: The name of the client.
objectId string: The object id of the client.
userPrincipalName string: The user principal name of the client.

email str: The email of the client.
name str: The name of the client.
object_id str: The object id of the client.
user_principal_name str: The user principal name of the client.

email String: The email of the client.
name String: The name of the client.
objectId String: The object id of the client.
userPrincipalName String: The user principal name of the client.

IncidentClassification, IncidentClassificationArgs

Undetermined: UndeterminedIncident classification was undetermined
TruePositive: TruePositiveIncident was true positive
BenignPositive: BenignPositiveIncident was benign positive
FalsePositive: FalsePositiveIncident was false positive

IncidentClassificationUndetermined: UndeterminedIncident classification was undetermined
IncidentClassificationTruePositive: TruePositiveIncident was true positive
IncidentClassificationBenignPositive: BenignPositiveIncident was benign positive
IncidentClassificationFalsePositive: FalsePositiveIncident was false positive

Undetermined: UndeterminedIncident classification was undetermined
TruePositive: TruePositiveIncident was true positive
BenignPositive: BenignPositiveIncident was benign positive
FalsePositive: FalsePositiveIncident was false positive

Undetermined: UndeterminedIncident classification was undetermined
TruePositive: TruePositiveIncident was true positive
BenignPositive: BenignPositiveIncident was benign positive
FalsePositive: FalsePositiveIncident was false positive

UNDETERMINED: UndeterminedIncident classification was undetermined
TRUE_POSITIVE: TruePositiveIncident was true positive
BENIGN_POSITIVE: BenignPositiveIncident was benign positive
FALSE_POSITIVE: FalsePositiveIncident was false positive

"Undetermined": UndeterminedIncident classification was undetermined
"TruePositive": TruePositiveIncident was true positive
"BenignPositive": BenignPositiveIncident was benign positive
"FalsePositive": FalsePositiveIncident was false positive

IncidentClassificationReason, IncidentClassificationReasonArgs

SuspiciousActivity: SuspiciousActivityClassification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpectedClassification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogicClassification reason was incorrect alert logic
InaccurateData: InaccurateDataClassification reason was inaccurate data

IncidentClassificationReasonSuspiciousActivity: SuspiciousActivityClassification reason was suspicious activity
IncidentClassificationReasonSuspiciousButExpected: SuspiciousButExpectedClassification reason was suspicious but expected
IncidentClassificationReasonIncorrectAlertLogic: IncorrectAlertLogicClassification reason was incorrect alert logic
IncidentClassificationReasonInaccurateData: InaccurateDataClassification reason was inaccurate data

SuspiciousActivity: SuspiciousActivityClassification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpectedClassification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogicClassification reason was incorrect alert logic
InaccurateData: InaccurateDataClassification reason was inaccurate data

SuspiciousActivity: SuspiciousActivityClassification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpectedClassification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogicClassification reason was incorrect alert logic
InaccurateData: InaccurateDataClassification reason was inaccurate data

SUSPICIOUS_ACTIVITY: SuspiciousActivityClassification reason was suspicious activity
SUSPICIOUS_BUT_EXPECTED: SuspiciousButExpectedClassification reason was suspicious but expected
INCORRECT_ALERT_LOGIC: IncorrectAlertLogicClassification reason was incorrect alert logic
INACCURATE_DATA: InaccurateDataClassification reason was inaccurate data

"SuspiciousActivity": SuspiciousActivityClassification reason was suspicious activity
"SuspiciousButExpected": SuspiciousButExpectedClassification reason was suspicious but expected
"IncorrectAlertLogic": IncorrectAlertLogicClassification reason was incorrect alert logic
"InaccurateData": InaccurateDataClassification reason was inaccurate data

IncidentLabel, IncidentLabelArgs

LabelName string: The name of the label

LabelName string: The name of the label

labelName String: The name of the label

labelName string: The name of the label

label_name str: The name of the label

labelName String: The name of the label

IncidentLabelResponse, IncidentLabelResponseArgs

LabelName string: The name of the label
LabelType string: The type of the label

LabelName string: The name of the label
LabelType string: The type of the label

labelName String: The name of the label
labelType String: The type of the label

labelName string: The name of the label
labelType string: The type of the label

label_name str: The name of the label
label_type str: The type of the label

labelName String: The name of the label
labelType String: The type of the label

IncidentOwnerInfo, IncidentOwnerInfoArgs

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string | Pulumi.AzureNative.SecurityInsights.OwnerType: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string | OwnerType: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String | OwnerType: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
ownerType string | OwnerType: The type of the owner the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
owner_type str | OwnerType: The type of the owner the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String | "Unknown" | "User" | "Group": The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
ownerType string: The type of the owner the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
owner_type str: The type of the owner the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

IncidentPropertiesAction, IncidentPropertiesActionArgs

Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason: The classification reason the incident was closed with
Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>: List of labels to add to the incident.
Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo: Information on the user an incident is assigned to
Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity: The severity of the incident
Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus: The status of the incident

Classification string | IncidentClassification: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string | IncidentClassificationReason: The classification reason the incident was closed with
Labels []IncidentLabel: List of labels to add to the incident.
Owner IncidentOwnerInfo: Information on the user an incident is assigned to
Severity string | IncidentSeverity: The severity of the incident
Status string | IncidentStatus: The status of the incident

classification String | IncidentClassification: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String | IncidentClassificationReason: The classification reason the incident was closed with
labels List<IncidentLabel>: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity String | IncidentSeverity: The severity of the incident
status String | IncidentStatus: The status of the incident

classification string | IncidentClassification: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed.
classificationReason string | IncidentClassificationReason: The classification reason the incident was closed with
labels IncidentLabel[]: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity string | IncidentSeverity: The severity of the incident
status string | IncidentStatus: The status of the incident

classification str | IncidentClassification: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed.
classification_reason str | IncidentClassificationReason: The classification reason the incident was closed with
labels Sequence[IncidentLabel]: List of labels to add to the incident.
owner IncidentOwnerInfo: Information on the user an incident is assigned to
severity str | IncidentSeverity: The severity of the incident
status str | IncidentStatus: The status of the incident

classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive": The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData": The classification reason the incident was closed with
labels List<Property Map>: List of labels to add to the incident.
owner Property Map: Information on the user an incident is assigned to
severity String | "High" | "Medium" | "Low" | "Informational": The severity of the incident
status String | "New" | "Active" | "Closed": The status of the incident

IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs

Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string: The classification reason the incident was closed with
Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabelResponse>: List of labels to add to the incident.
Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoResponse: Information on the user an incident is assigned to
Severity string: The severity of the incident
Status string: The status of the incident

Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed.
ClassificationReason string: The classification reason the incident was closed with
Labels []IncidentLabelResponse: List of labels to add to the incident.
Owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
Severity string: The severity of the incident
Status string: The status of the incident

classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String: The classification reason the incident was closed with
labels List<IncidentLabelResponse>: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity String: The severity of the incident
status String: The status of the incident

classification string: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed.
classificationReason string: The classification reason the incident was closed with
labels IncidentLabelResponse[]: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity string: The severity of the incident
status string: The status of the incident

classification str: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed.
classification_reason str: The classification reason the incident was closed with
labels Sequence[IncidentLabelResponse]: List of labels to add to the incident.
owner IncidentOwnerInfoResponse: Information on the user an incident is assigned to
severity str: The severity of the incident
status str: The status of the incident

classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed.
classificationReason String: The classification reason the incident was closed with
labels List<Property Map>: List of labels to add to the incident.
owner Property Map: Information on the user an incident is assigned to
severity String: The severity of the incident
status String: The status of the incident

IncidentSeverity, IncidentSeverityArgs

High: HighHigh severity
Medium: MediumMedium severity
Low: LowLow severity
Informational: InformationalInformational severity

IncidentSeverityHigh: HighHigh severity
IncidentSeverityMedium: MediumMedium severity
IncidentSeverityLow: LowLow severity
IncidentSeverityInformational: InformationalInformational severity

High: HighHigh severity
Medium: MediumMedium severity
Low: LowLow severity
Informational: InformationalInformational severity

High: HighHigh severity
Medium: MediumMedium severity
Low: LowLow severity
Informational: InformationalInformational severity

HIGH: HighHigh severity
MEDIUM: MediumMedium severity
LOW: LowLow severity
INFORMATIONAL: InformationalInformational severity

"High": HighHigh severity
"Medium": MediumMedium severity
"Low": LowLow severity
"Informational": InformationalInformational severity

IncidentStatus, IncidentStatusArgs

New: NewAn active incident which isn't being handled currently
Active: ActiveAn active incident which is being handled
Closed: ClosedA non-active incident

IncidentStatusNew: NewAn active incident which isn't being handled currently
IncidentStatusActive: ActiveAn active incident which is being handled
IncidentStatusClosed: ClosedA non-active incident

New: NewAn active incident which isn't being handled currently
Active: ActiveAn active incident which is being handled
Closed: ClosedA non-active incident

New: NewAn active incident which isn't being handled currently
Active: ActiveAn active incident which is being handled
Closed: ClosedA non-active incident

NEW: NewAn active incident which isn't being handled currently
ACTIVE: ActiveAn active incident which is being handled
CLOSED: ClosedA non-active incident

"New": NewAn active incident which isn't being handled currently
"Active": ActiveAn active incident which is being handled
"Closed": ClosedA non-active incident

OwnerType, OwnerTypeArgs

Unknown: UnknownThe incident owner type is unknown
User: UserThe incident owner type is an AAD user
Group: GroupThe incident owner type is an AAD group

OwnerTypeUnknown: UnknownThe incident owner type is unknown
OwnerTypeUser: UserThe incident owner type is an AAD user
OwnerTypeGroup: GroupThe incident owner type is an AAD group

Unknown: UnknownThe incident owner type is unknown
User: UserThe incident owner type is an AAD user
Group: GroupThe incident owner type is an AAD group

Unknown: UnknownThe incident owner type is unknown
User: UserThe incident owner type is an AAD user
Group: GroupThe incident owner type is an AAD group

UNKNOWN: UnknownThe incident owner type is unknown
USER: UserThe incident owner type is an AAD user
GROUP: GroupThe incident owner type is an AAD group

"Unknown": UnknownThe incident owner type is unknown
"User": UserThe incident owner type is an AAD user
"Group": GroupThe incident owner type is an AAD group

PlaybookActionProperties, PlaybookActionPropertiesArgs

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

logicAppResourceId string: The resource id of the playbook resource.
tenantId string: The tenant id of the playbook resource.

logic_app_resource_id str: The resource id of the playbook resource.
tenant_id str: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

LogicAppResourceId string: The resource id of the playbook resource.
TenantId string: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

logicAppResourceId string: The resource id of the playbook resource.
tenantId string: The tenant id of the playbook resource.

logic_app_resource_id str: The resource id of the playbook resource.
tenant_id str: The tenant id of the playbook resource.

logicAppResourceId String: The resource id of the playbook resource.
tenantId String: The tenant id of the playbook resource.

PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesCondition

ConditionProperties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties AutomationRulePropertyArrayChangedValuesCondition

condition_properties AutomationRulePropertyArrayChangedValuesCondition

conditionProperties Property Map

PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesConditionResponse

ConditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties AutomationRulePropertyArrayChangedValuesConditionResponse

condition_properties AutomationRulePropertyArrayChangedValuesConditionResponse

conditionProperties Property Map

PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesChangedCondition

ConditionProperties AutomationRulePropertyValuesChangedCondition

conditionProperties AutomationRulePropertyValuesChangedCondition

conditionProperties AutomationRulePropertyValuesChangedCondition

condition_properties AutomationRulePropertyValuesChangedCondition

conditionProperties Property Map

PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesChangedConditionResponse

ConditionProperties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties AutomationRulePropertyValuesChangedConditionResponse

condition_properties AutomationRulePropertyValuesChangedConditionResponse

conditionProperties Property Map

PropertyConditionProperties, PropertyConditionPropertiesArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesCondition

ConditionProperties AutomationRulePropertyValuesCondition

conditionProperties AutomationRulePropertyValuesCondition

conditionProperties AutomationRulePropertyValuesCondition

condition_properties AutomationRulePropertyValuesCondition

conditionProperties Property Map

PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionResponse

ConditionProperties AutomationRulePropertyValuesConditionResponse

conditionProperties AutomationRulePropertyValuesConditionResponse

conditionProperties AutomationRulePropertyValuesConditionResponse

condition_properties AutomationRulePropertyValuesConditionResponse

conditionProperties Property Map

SystemDataResponse, SystemDataResponseArgs

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

TriggersOn, TriggersOnArgs

Incidents: IncidentsTrigger on Incidents
Alerts: AlertsTrigger on Alerts

TriggersOnIncidents: IncidentsTrigger on Incidents
TriggersOnAlerts: AlertsTrigger on Alerts

Incidents: IncidentsTrigger on Incidents
Alerts: AlertsTrigger on Alerts

Incidents: IncidentsTrigger on Incidents
Alerts: AlertsTrigger on Alerts

INCIDENTS: IncidentsTrigger on Incidents
ALERTS: AlertsTrigger on Alerts

"Incidents": IncidentsTrigger on Incidents
"Alerts": AlertsTrigger on Alerts

TriggersWhen, TriggersWhenArgs

Created: CreatedTrigger on created objects
Updated: UpdatedTrigger on updated objects

TriggersWhenCreated: CreatedTrigger on created objects
TriggersWhenUpdated: UpdatedTrigger on updated objects

Created: CreatedTrigger on created objects
Updated: UpdatedTrigger on updated objects

Created: CreatedTrigger on created objects
Updated: UpdatedTrigger on updated objects

CREATED: CreatedTrigger on created objects
UPDATED: UpdatedTrigger on updated objects

"Created": CreatedTrigger on created objects
"Updated": UpdatedTrigger on updated objects

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.

Azure Native v2.37.0 published on Monday, Apr 15, 2024 by Pulumi

pulumi/pulumi-azure-native

azure-native.securityinsights.AutomationRule

On this page

On this page

Example Usage

AutomationRules_CreateOrUpdate

Create AutomationRule Resource

Constructor syntax

Parameters

Example

AutomationRule Resource Properties

Inputs

Outputs

Supporting Types

AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs

AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs

AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs

AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs

AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs

AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs

AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs

AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs

AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

ClientInfoResponse, ClientInfoResponseArgs

IncidentClassification, IncidentClassificationArgs

IncidentClassificationReason, IncidentClassificationReasonArgs

IncidentLabel, IncidentLabelArgs

IncidentLabelResponse, IncidentLabelResponseArgs

IncidentOwnerInfo, IncidentOwnerInfoArgs

IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

IncidentPropertiesAction, IncidentPropertiesActionArgs

IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs

IncidentSeverity, IncidentSeverityArgs

IncidentStatus, IncidentStatusArgs

OwnerType, OwnerTypeArgs

PlaybookActionProperties, PlaybookActionPropertiesArgs

PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs

PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs

PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs

PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs

PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs

PropertyConditionProperties, PropertyConditionPropertiesArgs

PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs

SystemDataResponse, SystemDataResponseArgs

TriggersOn, TriggersOnArgs

TriggersWhen, TriggersWhenArgs

Import

Package Details

On this page

On this page