Azure Native v1.102.0, May 2 23

azure-native.securityinsights.AutomationRule

Explore with Pulumi AI

Represents an automation rule. API Version: 2019-01-01-preview.

Example Usage

Creates or updates an automation rule.

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
    {
        Actions = new[]
        {
            new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
            {
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfigurationArgs
                {
                    Severity = "High",
                },
                ActionType = "ModifyProperties",
                Order = 1,
            },
            new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs
            {
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfigurationArgs
                {
                    LogicAppResourceId = "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                    TenantId = "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
                },
                ActionType = "RunPlaybook",
                Order = 2,
            },
        },
        AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        DisplayName = "High severity incidents escalation",
        OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
        Order = 1,
        ResourceGroupName = "myRg",
        TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
        {
            Conditions = new[]
            {
                
                {
                    { "conditionProperties", new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionPropertiesArgs
                    {
                        Operator = "Contains",
                        PropertyName = "IncidentRelatedAnalyticRuleIds",
                        PropertyValues = new[]
                        {
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                        },
                    } },
                    { "conditionType", "Property" },
                },
            },
            IsEnabled = true,
            TriggersOn = "Incidents",
            TriggersWhen = "Created",
        },
        WorkspaceName = "myWorkspace",
    });

});

package main

import (
	securityinsights "github.com/pulumi/pulumi-azure-native/sdk/go/azure/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
			Actions: pulumi.AnyArray{
				securityinsights.AutomationRuleModifyPropertiesAction{
					ActionConfiguration: securityinsights.AutomationRuleModifyPropertiesActionActionConfiguration{
						Severity: "High",
					},
					ActionType: "ModifyProperties",
					Order:      1,
				},
				securityinsights.AutomationRuleRunPlaybookAction{
					ActionConfiguration: securityinsights.AutomationRuleRunPlaybookActionActionConfiguration{
						LogicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
						TenantId:           "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
					},
					ActionType: "RunPlaybook",
					Order:      2,
				},
			},
			AutomationRuleId:                    pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			DisplayName:                         pulumi.String("High severity incidents escalation"),
			OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
			Order:                               pulumi.Int(1),
			ResourceGroupName:                   pulumi.String("myRg"),
			TriggeringLogic: securityinsights.AutomationRuleTriggeringLogicResponse{
				Conditions: []securityinsights.AutomationRulePropertyValuesConditionArgs{
					{
						ConditionProperties: {
							Operator:     pulumi.String("Contains"),
							PropertyName: pulumi.String("IncidentRelatedAnalyticRuleIds"),
							PropertyValues: pulumi.StringArray{
								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"),
							},
						},
						ConditionType: pulumi.String("Property"),
					},
				},
				IsEnabled:    pulumi.Bool(true),
				TriggersOn:   pulumi.String("Incidents"),
				TriggersWhen: pulumi.String("Created"),
			},
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()        
            .actions(            
                Map.ofEntries(
                    Map.entry("actionConfiguration", Map.of("severity", "High")),
                    Map.entry("actionType", "ModifyProperties"),
                    Map.entry("order", 1)
                ),
                Map.ofEntries(
                    Map.entry("actionConfiguration", Map.ofEntries(
                        Map.entry("logicAppResourceId", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
                        Map.entry("tenantId", "ee48efaf-50c6-411b-9345-b2bdc3eb4abc")
                    )),
                    Map.entry("actionType", "RunPlaybook"),
                    Map.entry("order", 2)
                ))
            .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .displayName("High severity incidents escalation")
            .operationalInsightsResourceProvider("Microsoft.OperationalInsights")
            .order(1)
            .resourceGroupName("myRg")
            .triggeringLogic(Map.ofEntries(
                Map.entry("conditions", Map.ofEntries(
                    Map.entry("conditionProperties", Map.ofEntries(
                        Map.entry("operator", "Contains"),
                        Map.entry("propertyName", "IncidentRelatedAnalyticRuleIds"),
                        Map.entry("propertyValues",                         
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")
                    )),
                    Map.entry("conditionType", "Property")
                )),
                Map.entry("isEnabled", true),
                Map.entry("triggersOn", "Incidents"),
                Map.entry("triggersWhen", "Created")
            ))
            .workspaceName("myWorkspace")
            .build());

    }
}

import pulumi
import pulumi_azure_native as azure_native

automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
    actions=[
        azure_native.securityinsights.AutomationRuleModifyPropertiesActionArgs(
            action_configuration=azure_native.securityinsights.AutomationRuleModifyPropertiesActionActionConfigurationArgs(
                severity="High",
            ),
            action_type="ModifyProperties",
            order=1,
        ),
        azure_native.securityinsights.AutomationRuleRunPlaybookActionArgs(
            action_configuration=azure_native.securityinsights.AutomationRuleRunPlaybookActionActionConfigurationArgs(
                logic_app_resource_id="/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                tenant_id="ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
            ),
            action_type="RunPlaybook",
            order=2,
        ),
    ],
    automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    display_name="High severity incidents escalation",
    operational_insights_resource_provider="Microsoft.OperationalInsights",
    order=1,
    resource_group_name="myRg",
    triggering_logic=azure_native.securityinsights.AutomationRuleTriggeringLogicResponseArgs(
        conditions=[azure_native.securityinsights.AutomationRulePropertyValuesConditionResponseArgs(
            condition_properties=azure_native.securityinsights.AutomationRulePropertyValuesConditionConditionPropertiesArgs(
                operator="Contains",
                property_name="IncidentRelatedAnalyticRuleIds",
                property_values=[
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                ],
            ),
            condition_type="Property",
        )],
        is_enabled=True,
        triggers_on="Incidents",
        triggers_when="Created",
    ),
    workspace_name="myWorkspace")

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
    actions: [
        {
            actionConfiguration: {
                severity: "High",
            },
            actionType: "ModifyProperties",
            order: 1,
        },
        {
            actionConfiguration: {
                logicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                tenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
            },
            actionType: "RunPlaybook",
            order: 2,
        },
    ],
    automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    displayName: "High severity incidents escalation",
    operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
    order: 1,
    resourceGroupName: "myRg",
    triggeringLogic: {
        conditions: [{
            conditionProperties: {
                operator: "Contains",
                propertyName: "IncidentRelatedAnalyticRuleIds",
                propertyValues: [
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                ],
            },
            conditionType: "Property",
        }],
        isEnabled: true,
        triggersOn: "Incidents",
        triggersWhen: "Created",
    },
    workspaceName: "myWorkspace",
});

resources:
  automationRule:
    type: azure-native:securityinsights:AutomationRule
    properties:
      actions:
        - actionConfiguration:
            severity: High
          actionType: ModifyProperties
          order: 1
        - actionConfiguration:
            logicAppResourceId: /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook
            tenantId: ee48efaf-50c6-411b-9345-b2bdc3eb4abc
          actionType: RunPlaybook
          order: 2
      automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
      displayName: High severity incidents escalation
      operationalInsightsResourceProvider: Microsoft.OperationalInsights
      order: 1
      resourceGroupName: myRg
      triggeringLogic:
        conditions:
          - conditionProperties:
              operator: Contains
              propertyName: IncidentRelatedAnalyticRuleIds
              propertyValues:
                - /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7
                - /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a
            conditionType: Property
        isEnabled: true
        triggersOn: Incidents
        triggersWhen: Created
      workspaceName: myWorkspace

Create AutomationRule Resource

new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);

@overload
def AutomationRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                   automation_rule_id: Optional[str] = None,
                   display_name: Optional[str] = None,
                   operational_insights_resource_provider: Optional[str] = None,
                   order: Optional[int] = None,
                   resource_group_name: Optional[str] = None,
                   triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                   workspace_name: Optional[str] = None)
@overload
def AutomationRule(resource_name: str,
                   args: AutomationRuleArgs,
                   opts: Optional[ResourceOptions] = None)

func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)

public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)

public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)

type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AutomationRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

AutomationRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AutomationRule resource accepts the following input properties:

Actions List<Union<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs, Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs>>: The actions to execute when the automation rule is triggered
DisplayName string: The display name of the automation rule
OperationalInsightsResourceProvider string: The namespace of workspaces resource provider- Microsoft.OperationalInsights.
Order int: The order of execution of the automation rule
ResourceGroupName string: The name of the resource group within the user's subscription. The name is case insensitive.
TriggeringLogic Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs: The triggering logic of the automation rule
WorkspaceName string: The name of the workspace.
AutomationRuleId string: Automation rule ID

Actions []interface{}: The actions to execute when the automation rule is triggered
DisplayName string: The display name of the automation rule
OperationalInsightsResourceProvider string: The namespace of workspaces resource provider- Microsoft.OperationalInsights.
Order int: The order of execution of the automation rule
ResourceGroupName string: The name of the resource group within the user's subscription. The name is case insensitive.
TriggeringLogic AutomationRuleTriggeringLogicArgs: The triggering logic of the automation rule
WorkspaceName string: The name of the workspace.
AutomationRuleId string: Automation rule ID

actions List<Either<AutomationRuleModifyPropertiesActionArgs,AutomationRuleRunPlaybookActionArgs>>: The actions to execute when the automation rule is triggered
displayName String: The display name of the automation rule
operationalInsightsResourceProvider String: The namespace of workspaces resource provider- Microsoft.OperationalInsights.
order Integer: The order of execution of the automation rule
resourceGroupName String: The name of the resource group within the user's subscription. The name is case insensitive.
triggeringLogic AutomationRuleTriggeringLogicArgs: The triggering logic of the automation rule
workspaceName String: The name of the workspace.
automationRuleId String: Automation rule ID

actions (AutomationRuleModifyPropertiesActionArgs | AutomationRuleRunPlaybookActionArgs)[]: The actions to execute when the automation rule is triggered
displayName string: The display name of the automation rule
operationalInsightsResourceProvider string: The namespace of workspaces resource provider- Microsoft.OperationalInsights.
order number: The order of execution of the automation rule
resourceGroupName string: The name of the resource group within the user's subscription. The name is case insensitive.
triggeringLogic AutomationRuleTriggeringLogicArgs: The triggering logic of the automation rule
workspaceName string: The name of the workspace.
automationRuleId string: Automation rule ID

actions Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]: The actions to execute when the automation rule is triggered
display_name str: The display name of the automation rule
operational_insights_resource_provider str: The namespace of workspaces resource provider- Microsoft.OperationalInsights.
order int: The order of execution of the automation rule
resource_group_name str: The name of the resource group within the user's subscription. The name is case insensitive.
triggering_logic AutomationRuleTriggeringLogicArgs: The triggering logic of the automation rule
workspace_name str: The name of the workspace.
automation_rule_id str: Automation rule ID

actions List<Property Map | Property Map>: The actions to execute when the automation rule is triggered
displayName String: The display name of the automation rule
operationalInsightsResourceProvider String: The namespace of workspaces resource provider- Microsoft.OperationalInsights.
order Number: The order of execution of the automation rule
resourceGroupName String: The name of the resource group within the user's subscription. The name is case insensitive.
triggeringLogic Property Map: The triggering logic of the automation rule
workspaceName String: The name of the workspace.
automationRuleId String: Automation rule ID

Outputs

All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

CreatedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse: Describes the client that created the automation rule
CreatedTimeUtc string: The time the automation rule was created
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse: Describes the client that last updated the automation rule
LastModifiedTimeUtc string: The last time the automation rule was updated
Name string: Azure resource name
Type string: Azure resource type
Etag string: Etag of the azure resource

CreatedBy ClientInfoResponse: Describes the client that created the automation rule
CreatedTimeUtc string: The time the automation rule was created
Id string: The provider-assigned unique ID for this managed resource.
LastModifiedBy ClientInfoResponse: Describes the client that last updated the automation rule
LastModifiedTimeUtc string: The last time the automation rule was updated
Name string: Azure resource name
Type string: Azure resource type
Etag string: Etag of the azure resource

createdBy ClientInfoResponse: Describes the client that created the automation rule
createdTimeUtc String: The time the automation rule was created
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy ClientInfoResponse: Describes the client that last updated the automation rule
lastModifiedTimeUtc String: The last time the automation rule was updated
name String: Azure resource name
type String: Azure resource type
etag String: Etag of the azure resource

createdBy ClientInfoResponse: Describes the client that created the automation rule
createdTimeUtc string: The time the automation rule was created
id string: The provider-assigned unique ID for this managed resource.
lastModifiedBy ClientInfoResponse: Describes the client that last updated the automation rule
lastModifiedTimeUtc string: The last time the automation rule was updated
name string: Azure resource name
type string: Azure resource type
etag string: Etag of the azure resource

created_by ClientInfoResponse: Describes the client that created the automation rule
created_time_utc str: The time the automation rule was created
id str: The provider-assigned unique ID for this managed resource.
last_modified_by ClientInfoResponse: Describes the client that last updated the automation rule
last_modified_time_utc str: The last time the automation rule was updated
name str: Azure resource name
type str: Azure resource type
etag str: Etag of the azure resource

createdBy Property Map: Describes the client that created the automation rule
createdTimeUtc String: The time the automation rule was created
id String: The provider-assigned unique ID for this managed resource.
lastModifiedBy Property Map: Describes the client that last updated the automation rule
lastModifiedTimeUtc String: The last time the automation rule was updated
name String: Azure resource name
type String: Azure resource type
etag String: Etag of the azure resource

Supporting Types

AutomationRuleModifyPropertiesAction

ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfiguration: The configuration of the modify properties automation rule action
Order int: The order of execution of the automation rule action

ActionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration: The configuration of the modify properties automation rule action
Order int: The order of execution of the automation rule action

actionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration: The configuration of the modify properties automation rule action
order Integer: The order of execution of the automation rule action

actionConfiguration AutomationRuleModifyPropertiesActionActionConfiguration: The configuration of the modify properties automation rule action
order number: The order of execution of the automation rule action

action_configuration AutomationRuleModifyPropertiesActionActionConfiguration: The configuration of the modify properties automation rule action
order int: The order of execution of the automation rule action

actionConfiguration Property Map: The configuration of the modify properties automation rule action
order Number: The order of execution of the automation rule action

AutomationRuleModifyPropertiesActionActionConfiguration

Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed
ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason: The classification reason to close the incident with
Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>: List of labels to add to the incident
Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo: Describes a user that the incident is assigned to
Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity: The severity of the incident
Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus: The status of the incident

Classification string | IncidentClassification: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed
ClassificationReason string | IncidentClassificationReason: The classification reason to close the incident with
Labels []IncidentLabel: List of labels to add to the incident
Owner IncidentOwnerInfo: Describes a user that the incident is assigned to
Severity string | IncidentSeverity: The severity of the incident
Status string | IncidentStatus: The status of the incident

classification String | IncidentClassification: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed
classificationReason String | IncidentClassificationReason: The classification reason to close the incident with
labels List<IncidentLabel>: List of labels to add to the incident
owner IncidentOwnerInfo: Describes a user that the incident is assigned to
severity String | IncidentSeverity: The severity of the incident
status String | IncidentStatus: The status of the incident

classification string | IncidentClassification: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed
classificationReason string | IncidentClassificationReason: The classification reason to close the incident with
labels IncidentLabel[]: List of labels to add to the incident
owner IncidentOwnerInfo: Describes a user that the incident is assigned to
severity string | IncidentSeverity: The severity of the incident
status string | IncidentStatus: The status of the incident

classification str | IncidentClassification: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed
classification_reason str | IncidentClassificationReason: The classification reason to close the incident with
labels Sequence[IncidentLabel]: List of labels to add to the incident
owner IncidentOwnerInfo: Describes a user that the incident is assigned to
severity str | IncidentSeverity: The severity of the incident
status str | IncidentStatus: The status of the incident

classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive": The reason the incident was closed
classificationComment String: Describes the reason the incident was closed
classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData": The classification reason to close the incident with
labels List<Property Map>: List of labels to add to the incident
owner Property Map: Describes a user that the incident is assigned to
severity String | "High" | "Medium" | "Low" | "Informational": The severity of the incident
status String | "New" | "Active" | "Closed": The status of the incident

AutomationRuleModifyPropertiesActionResponse

ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionResponseActionConfiguration: The configuration of the modify properties automation rule action
Order int: The order of execution of the automation rule action

ActionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration: The configuration of the modify properties automation rule action
Order int: The order of execution of the automation rule action

actionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration: The configuration of the modify properties automation rule action
order Integer: The order of execution of the automation rule action

actionConfiguration AutomationRuleModifyPropertiesActionResponseActionConfiguration: The configuration of the modify properties automation rule action
order number: The order of execution of the automation rule action

action_configuration AutomationRuleModifyPropertiesActionResponseActionConfiguration: The configuration of the modify properties automation rule action
order int: The order of execution of the automation rule action

actionConfiguration Property Map: The configuration of the modify properties automation rule action
order Number: The order of execution of the automation rule action

AutomationRuleModifyPropertiesActionResponseActionConfiguration

Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed
ClassificationReason string: The classification reason to close the incident with
Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabelResponse>: List of labels to add to the incident
Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoResponse: Describes a user that the incident is assigned to
Severity string: The severity of the incident
Status string: The status of the incident

Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed
ClassificationReason string: The classification reason to close the incident with
Labels []IncidentLabelResponse: List of labels to add to the incident
Owner IncidentOwnerInfoResponse: Describes a user that the incident is assigned to
Severity string: The severity of the incident
Status string: The status of the incident

classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed
classificationReason String: The classification reason to close the incident with
labels List<IncidentLabelResponse>: List of labels to add to the incident
owner IncidentOwnerInfoResponse: Describes a user that the incident is assigned to
severity String: The severity of the incident
status String: The status of the incident

classification string: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed
classificationReason string: The classification reason to close the incident with
labels IncidentLabelResponse[]: List of labels to add to the incident
owner IncidentOwnerInfoResponse: Describes a user that the incident is assigned to
severity string: The severity of the incident
status string: The status of the incident

classification str: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed
classification_reason str: The classification reason to close the incident with
labels Sequence[IncidentLabelResponse]: List of labels to add to the incident
owner IncidentOwnerInfoResponse: Describes a user that the incident is assigned to
severity str: The severity of the incident
status str: The status of the incident

classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed
classificationReason String: The classification reason to close the incident with
labels List<Property Map>: List of labels to add to the incident
owner Property Map: Describes a user that the incident is assigned to
severity String: The severity of the incident
status String: The status of the incident

AutomationRulePropertyConditionSupportedOperator

EqualsValue: Equals
Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals
Evaluates if the property does not equal any of the condition values
Contains: Contains
Evaluates if the property contains at least one of the condition values
NotContains: NotContains
Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith
Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith
Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith
Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith
Evaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedOperatorEquals: Equals
Evaluates if the property equals at least one of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEquals: NotEquals
Evaluates if the property does not equal any of the condition values
AutomationRulePropertyConditionSupportedOperatorContains: Contains
Evaluates if the property contains at least one of the condition values
AutomationRulePropertyConditionSupportedOperatorNotContains: NotContains
Evaluates if the property does not contain any of the condition values
AutomationRulePropertyConditionSupportedOperatorStartsWith: StartsWith
Evaluates if the property starts with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotStartsWith: NotStartsWith
Evaluates if the property does not start with any of the condition values
AutomationRulePropertyConditionSupportedOperatorEndsWith: EndsWith
Evaluates if the property ends with any of the condition values
AutomationRulePropertyConditionSupportedOperatorNotEndsWith: NotEndsWith
Evaluates if the property does not end with any of the condition values

Equals: Equals
Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals
Evaluates if the property does not equal any of the condition values
Contains: Contains
Evaluates if the property contains at least one of the condition values
NotContains: NotContains
Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith
Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith
Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith
Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith
Evaluates if the property does not end with any of the condition values

Equals: Equals
Evaluates if the property equals at least one of the condition values
NotEquals: NotEquals
Evaluates if the property does not equal any of the condition values
Contains: Contains
Evaluates if the property contains at least one of the condition values
NotContains: NotContains
Evaluates if the property does not contain any of the condition values
StartsWith: StartsWith
Evaluates if the property starts with any of the condition values
NotStartsWith: NotStartsWith
Evaluates if the property does not start with any of the condition values
EndsWith: EndsWith
Evaluates if the property ends with any of the condition values
NotEndsWith: NotEndsWith
Evaluates if the property does not end with any of the condition values

EQUALS: Equals
Evaluates if the property equals at least one of the condition values
NOT_EQUALS: NotEquals
Evaluates if the property does not equal any of the condition values
CONTAINS: Contains
Evaluates if the property contains at least one of the condition values
NOT_CONTAINS: NotContains
Evaluates if the property does not contain any of the condition values
STARTS_WITH: StartsWith
Evaluates if the property starts with any of the condition values
NOT_STARTS_WITH: NotStartsWith
Evaluates if the property does not start with any of the condition values
ENDS_WITH: EndsWith
Evaluates if the property ends with any of the condition values
NOT_ENDS_WITH: NotEndsWith
Evaluates if the property does not end with any of the condition values

"Equals": Equals
Evaluates if the property equals at least one of the condition values
"NotEquals": NotEquals
Evaluates if the property does not equal any of the condition values
"Contains": Contains
Evaluates if the property contains at least one of the condition values
"NotContains": NotContains
Evaluates if the property does not contain any of the condition values
"StartsWith": StartsWith
Evaluates if the property starts with any of the condition values
"NotStartsWith": NotStartsWith
Evaluates if the property does not start with any of the condition values
"EndsWith": EndsWith
Evaluates if the property ends with any of the condition values
"NotEndsWith": NotEndsWith
Evaluates if the property does not end with any of the condition values

AutomationRulePropertyConditionSupportedProperty

IncidentTitle: IncidentTitle
The title of the incident
IncidentDescription: IncidentDescription
The description of the incident
IncidentSeverity: IncidentSeverity
The severity of the incident
IncidentStatus: IncidentStatus
The status of the incident
IncidentTactics: IncidentTactics
The tactics of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
IncidentProviderName: IncidentProviderName
The provider name of the incident
AccountAadTenantId: AccountAadTenantId
The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId
The account Azure Active Directory user id.
AccountName: AccountName
The account name
AccountNTDomain: AccountNTDomain
The account NetBIOS domain name
AccountPUID: AccountPUID
The account Azure Active Directory Passport User ID
AccountSid: AccountSid
The account security identifier
AccountObjectGuid: AccountObjectGuid
The account unique identifier
AccountUPNSuffix: AccountUPNSuffix
The account user principal name suffix
AzureResourceResourceId: AzureResourceResourceId
The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId
The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId
The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName
The cloud application name
DNSDomainName: DNSDomainName
The dns record domain name
FileDirectory: FileDirectory
The file directory full path
FileName: FileName
The file name without path
FileHashValue: FileHashValue
The file hash value
HostAzureID: HostAzureID
The host Azure resource id
HostName: HostName
The host name without domain
HostNetBiosName: HostNetBiosName
The host NetBIOS name
HostNTDomain: HostNTDomain
The host NT domain
HostOSVersion: HostOSVersion
The host operating system
IoTDeviceId: IoTDeviceId
The IoT device id
IoTDeviceName: IoTDeviceName
The IoT device name
IoTDeviceType: IoTDeviceType
The IoT device type
IoTDeviceVendor: IoTDeviceVendor
The IoT device vendor
IoTDeviceModel: IoTDeviceModel
The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem
The IoT device operating system
IPAddress: IPAddress
The IP address
MailboxDisplayName: MailboxDisplayName
The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress
The mailbox primary address
MailboxUPN: MailboxUPN
The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction
The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation
The mail message delivery location
MailMessageRecipient: MailMessageRecipient
The mail message recipient
MailMessageSenderIP: MailMessageSenderIP
The mail message sender IP address
MailMessageSubject: MailMessageSubject
The mail message subject
MailMessageP1Sender: MailMessageP1Sender
The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender
The mail message P2 sender
MalwareCategory: MalwareCategory
The malware category
MalwareName: MalwareName
The malware name
ProcessCommandLine: ProcessCommandLine
The process execution command line
ProcessId: ProcessId
The process id
RegistryKey: RegistryKey
The registry key path
RegistryValueData: RegistryValueData
The registry key value in string formatted representation
Url: Url
The url

AutomationRulePropertyConditionSupportedPropertyIncidentTitle: IncidentTitle
The title of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentDescription: IncidentDescription
The description of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentSeverity: IncidentSeverity
The severity of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentStatus: IncidentStatus
The status of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentTactics: IncidentTactics
The tactics of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
AutomationRulePropertyConditionSupportedPropertyIncidentProviderName: IncidentProviderName
The provider name of the incident
AutomationRulePropertyConditionSupportedPropertyAccountAadTenantId: AccountAadTenantId
The account Azure Active Directory tenant id
AutomationRulePropertyConditionSupportedPropertyAccountAadUserId: AccountAadUserId
The account Azure Active Directory user id.
AutomationRulePropertyConditionSupportedPropertyAccountName: AccountName
The account name
AutomationRulePropertyConditionSupportedPropertyAccountNTDomain: AccountNTDomain
The account NetBIOS domain name
AutomationRulePropertyConditionSupportedPropertyAccountPUID: AccountPUID
The account Azure Active Directory Passport User ID
AutomationRulePropertyConditionSupportedPropertyAccountSid: AccountSid
The account security identifier
AutomationRulePropertyConditionSupportedPropertyAccountObjectGuid: AccountObjectGuid
The account unique identifier
AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix: AccountUPNSuffix
The account user principal name suffix
AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceId: AzureResourceResourceId
The Azure resource id
AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionId: AzureResourceSubscriptionId
The Azure resource subscription id
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppId: CloudApplicationAppId
The cloud application identifier
AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName: CloudApplicationAppName
The cloud application name
AutomationRulePropertyConditionSupportedPropertyDNSDomainName: DNSDomainName
The dns record domain name
AutomationRulePropertyConditionSupportedPropertyFileDirectory: FileDirectory
The file directory full path
AutomationRulePropertyConditionSupportedPropertyFileName: FileName
The file name without path
AutomationRulePropertyConditionSupportedPropertyFileHashValue: FileHashValue
The file hash value
AutomationRulePropertyConditionSupportedPropertyHostAzureID: HostAzureID
The host Azure resource id
AutomationRulePropertyConditionSupportedPropertyHostName: HostName
The host name without domain
AutomationRulePropertyConditionSupportedPropertyHostNetBiosName: HostNetBiosName
The host NetBIOS name
AutomationRulePropertyConditionSupportedPropertyHostNTDomain: HostNTDomain
The host NT domain
AutomationRulePropertyConditionSupportedPropertyHostOSVersion: HostOSVersion
The host operating system
AutomationRulePropertyConditionSupportedPropertyIoTDeviceId: IoTDeviceId
The IoT device id
AutomationRulePropertyConditionSupportedPropertyIoTDeviceName: IoTDeviceName
The IoT device name
AutomationRulePropertyConditionSupportedPropertyIoTDeviceType: IoTDeviceType
The IoT device type
AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor: IoTDeviceVendor
The IoT device vendor
AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel: IoTDeviceModel
The IoT device model
AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem: IoTDeviceOperatingSystem
The IoT device operating system
AutomationRulePropertyConditionSupportedPropertyIPAddress: IPAddress
The IP address
AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName: MailboxDisplayName
The mailbox display name
AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress: MailboxPrimaryAddress
The mailbox primary address
AutomationRulePropertyConditionSupportedPropertyMailboxUPN: MailboxUPN
The mailbox user principal name
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction: MailMessageDeliveryAction
The mail message delivery action
AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation: MailMessageDeliveryLocation
The mail message delivery location
AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient: MailMessageRecipient
The mail message recipient
AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP: MailMessageSenderIP
The mail message sender IP address
AutomationRulePropertyConditionSupportedPropertyMailMessageSubject: MailMessageSubject
The mail message subject
AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender: MailMessageP1Sender
The mail message P1 sender
AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender: MailMessageP2Sender
The mail message P2 sender
AutomationRulePropertyConditionSupportedPropertyMalwareCategory: MalwareCategory
The malware category
AutomationRulePropertyConditionSupportedPropertyMalwareName: MalwareName
The malware name
AutomationRulePropertyConditionSupportedPropertyProcessCommandLine: ProcessCommandLine
The process execution command line
AutomationRulePropertyConditionSupportedPropertyProcessId: ProcessId
The process id
AutomationRulePropertyConditionSupportedPropertyRegistryKey: RegistryKey
The registry key path
AutomationRulePropertyConditionSupportedPropertyRegistryValueData: RegistryValueData
The registry key value in string formatted representation
AutomationRulePropertyConditionSupportedPropertyUrl: Url
The url

IncidentTitle: IncidentTitle
The title of the incident
IncidentDescription: IncidentDescription
The description of the incident
IncidentSeverity: IncidentSeverity
The severity of the incident
IncidentStatus: IncidentStatus
The status of the incident
IncidentTactics: IncidentTactics
The tactics of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
IncidentProviderName: IncidentProviderName
The provider name of the incident
AccountAadTenantId: AccountAadTenantId
The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId
The account Azure Active Directory user id.
AccountName: AccountName
The account name
AccountNTDomain: AccountNTDomain
The account NetBIOS domain name
AccountPUID: AccountPUID
The account Azure Active Directory Passport User ID
AccountSid: AccountSid
The account security identifier
AccountObjectGuid: AccountObjectGuid
The account unique identifier
AccountUPNSuffix: AccountUPNSuffix
The account user principal name suffix
AzureResourceResourceId: AzureResourceResourceId
The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId
The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId
The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName
The cloud application name
DNSDomainName: DNSDomainName
The dns record domain name
FileDirectory: FileDirectory
The file directory full path
FileName: FileName
The file name without path
FileHashValue: FileHashValue
The file hash value
HostAzureID: HostAzureID
The host Azure resource id
HostName: HostName
The host name without domain
HostNetBiosName: HostNetBiosName
The host NetBIOS name
HostNTDomain: HostNTDomain
The host NT domain
HostOSVersion: HostOSVersion
The host operating system
IoTDeviceId: IoTDeviceId
The IoT device id
IoTDeviceName: IoTDeviceName
The IoT device name
IoTDeviceType: IoTDeviceType
The IoT device type
IoTDeviceVendor: IoTDeviceVendor
The IoT device vendor
IoTDeviceModel: IoTDeviceModel
The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem
The IoT device operating system
IPAddress: IPAddress
The IP address
MailboxDisplayName: MailboxDisplayName
The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress
The mailbox primary address
MailboxUPN: MailboxUPN
The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction
The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation
The mail message delivery location
MailMessageRecipient: MailMessageRecipient
The mail message recipient
MailMessageSenderIP: MailMessageSenderIP
The mail message sender IP address
MailMessageSubject: MailMessageSubject
The mail message subject
MailMessageP1Sender: MailMessageP1Sender
The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender
The mail message P2 sender
MalwareCategory: MalwareCategory
The malware category
MalwareName: MalwareName
The malware name
ProcessCommandLine: ProcessCommandLine
The process execution command line
ProcessId: ProcessId
The process id
RegistryKey: RegistryKey
The registry key path
RegistryValueData: RegistryValueData
The registry key value in string formatted representation
Url: Url
The url

IncidentTitle: IncidentTitle
The title of the incident
IncidentDescription: IncidentDescription
The description of the incident
IncidentSeverity: IncidentSeverity
The severity of the incident
IncidentStatus: IncidentStatus
The status of the incident
IncidentTactics: IncidentTactics
The tactics of the incident
IncidentRelatedAnalyticRuleIds: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
IncidentProviderName: IncidentProviderName
The provider name of the incident
AccountAadTenantId: AccountAadTenantId
The account Azure Active Directory tenant id
AccountAadUserId: AccountAadUserId
The account Azure Active Directory user id.
AccountName: AccountName
The account name
AccountNTDomain: AccountNTDomain
The account NetBIOS domain name
AccountPUID: AccountPUID
The account Azure Active Directory Passport User ID
AccountSid: AccountSid
The account security identifier
AccountObjectGuid: AccountObjectGuid
The account unique identifier
AccountUPNSuffix: AccountUPNSuffix
The account user principal name suffix
AzureResourceResourceId: AzureResourceResourceId
The Azure resource id
AzureResourceSubscriptionId: AzureResourceSubscriptionId
The Azure resource subscription id
CloudApplicationAppId: CloudApplicationAppId
The cloud application identifier
CloudApplicationAppName: CloudApplicationAppName
The cloud application name
DNSDomainName: DNSDomainName
The dns record domain name
FileDirectory: FileDirectory
The file directory full path
FileName: FileName
The file name without path
FileHashValue: FileHashValue
The file hash value
HostAzureID: HostAzureID
The host Azure resource id
HostName: HostName
The host name without domain
HostNetBiosName: HostNetBiosName
The host NetBIOS name
HostNTDomain: HostNTDomain
The host NT domain
HostOSVersion: HostOSVersion
The host operating system
IoTDeviceId: IoTDeviceId
The IoT device id
IoTDeviceName: IoTDeviceName
The IoT device name
IoTDeviceType: IoTDeviceType
The IoT device type
IoTDeviceVendor: IoTDeviceVendor
The IoT device vendor
IoTDeviceModel: IoTDeviceModel
The IoT device model
IoTDeviceOperatingSystem: IoTDeviceOperatingSystem
The IoT device operating system
IPAddress: IPAddress
The IP address
MailboxDisplayName: MailboxDisplayName
The mailbox display name
MailboxPrimaryAddress: MailboxPrimaryAddress
The mailbox primary address
MailboxUPN: MailboxUPN
The mailbox user principal name
MailMessageDeliveryAction: MailMessageDeliveryAction
The mail message delivery action
MailMessageDeliveryLocation: MailMessageDeliveryLocation
The mail message delivery location
MailMessageRecipient: MailMessageRecipient
The mail message recipient
MailMessageSenderIP: MailMessageSenderIP
The mail message sender IP address
MailMessageSubject: MailMessageSubject
The mail message subject
MailMessageP1Sender: MailMessageP1Sender
The mail message P1 sender
MailMessageP2Sender: MailMessageP2Sender
The mail message P2 sender
MalwareCategory: MalwareCategory
The malware category
MalwareName: MalwareName
The malware name
ProcessCommandLine: ProcessCommandLine
The process execution command line
ProcessId: ProcessId
The process id
RegistryKey: RegistryKey
The registry key path
RegistryValueData: RegistryValueData
The registry key value in string formatted representation
Url: Url
The url

INCIDENT_TITLE: IncidentTitle
The title of the incident
INCIDENT_DESCRIPTION: IncidentDescription
The description of the incident
INCIDENT_SEVERITY: IncidentSeverity
The severity of the incident
INCIDENT_STATUS: IncidentStatus
The status of the incident
INCIDENT_TACTICS: IncidentTactics
The tactics of the incident
INCIDENT_RELATED_ANALYTIC_RULE_IDS: IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
INCIDENT_PROVIDER_NAME: IncidentProviderName
The provider name of the incident
ACCOUNT_AAD_TENANT_ID: AccountAadTenantId
The account Azure Active Directory tenant id
ACCOUNT_AAD_USER_ID: AccountAadUserId
The account Azure Active Directory user id.
ACCOUNT_NAME: AccountName
The account name
ACCOUNT_NT_DOMAIN: AccountNTDomain
The account NetBIOS domain name
ACCOUNT_PUID: AccountPUID
The account Azure Active Directory Passport User ID
ACCOUNT_SID: AccountSid
The account security identifier
ACCOUNT_OBJECT_GUID: AccountObjectGuid
The account unique identifier
ACCOUNT_UPN_SUFFIX: AccountUPNSuffix
The account user principal name suffix
AZURE_RESOURCE_RESOURCE_ID: AzureResourceResourceId
The Azure resource id
AZURE_RESOURCE_SUBSCRIPTION_ID: AzureResourceSubscriptionId
The Azure resource subscription id
CLOUD_APPLICATION_APP_ID: CloudApplicationAppId
The cloud application identifier
CLOUD_APPLICATION_APP_NAME: CloudApplicationAppName
The cloud application name
DNS_DOMAIN_NAME: DNSDomainName
The dns record domain name
FILE_DIRECTORY: FileDirectory
The file directory full path
FILE_NAME: FileName
The file name without path
FILE_HASH_VALUE: FileHashValue
The file hash value
HOST_AZURE_ID: HostAzureID
The host Azure resource id
HOST_NAME: HostName
The host name without domain
HOST_NET_BIOS_NAME: HostNetBiosName
The host NetBIOS name
HOST_NT_DOMAIN: HostNTDomain
The host NT domain
HOST_OS_VERSION: HostOSVersion
The host operating system
IO_T_DEVICE_ID: IoTDeviceId
The IoT device id
IO_T_DEVICE_NAME: IoTDeviceName
The IoT device name
IO_T_DEVICE_TYPE: IoTDeviceType
The IoT device type
IO_T_DEVICE_VENDOR: IoTDeviceVendor
The IoT device vendor
IO_T_DEVICE_MODEL: IoTDeviceModel
The IoT device model
IO_T_DEVICE_OPERATING_SYSTEM: IoTDeviceOperatingSystem
The IoT device operating system
IP_ADDRESS: IPAddress
The IP address
MAILBOX_DISPLAY_NAME: MailboxDisplayName
The mailbox display name
MAILBOX_PRIMARY_ADDRESS: MailboxPrimaryAddress
The mailbox primary address
MAILBOX_UPN: MailboxUPN
The mailbox user principal name
MAIL_MESSAGE_DELIVERY_ACTION: MailMessageDeliveryAction
The mail message delivery action
MAIL_MESSAGE_DELIVERY_LOCATION: MailMessageDeliveryLocation
The mail message delivery location
MAIL_MESSAGE_RECIPIENT: MailMessageRecipient
The mail message recipient
MAIL_MESSAGE_SENDER_IP: MailMessageSenderIP
The mail message sender IP address
MAIL_MESSAGE_SUBJECT: MailMessageSubject
The mail message subject
MAIL_MESSAGE_P1_SENDER: MailMessageP1Sender
The mail message P1 sender
MAIL_MESSAGE_P2_SENDER: MailMessageP2Sender
The mail message P2 sender
MALWARE_CATEGORY: MalwareCategory
The malware category
MALWARE_NAME: MalwareName
The malware name
PROCESS_COMMAND_LINE: ProcessCommandLine
The process execution command line
PROCESS_ID: ProcessId
The process id
REGISTRY_KEY: RegistryKey
The registry key path
REGISTRY_VALUE_DATA: RegistryValueData
The registry key value in string formatted representation
URL: Url
The url

"IncidentTitle": IncidentTitle
The title of the incident
"IncidentDescription": IncidentDescription
The description of the incident
"IncidentSeverity": IncidentSeverity
The severity of the incident
"IncidentStatus": IncidentStatus
The status of the incident
"IncidentTactics": IncidentTactics
The tactics of the incident
"IncidentRelatedAnalyticRuleIds": IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
"IncidentProviderName": IncidentProviderName
The provider name of the incident
"AccountAadTenantId": AccountAadTenantId
The account Azure Active Directory tenant id
"AccountAadUserId": AccountAadUserId
The account Azure Active Directory user id.
"AccountName": AccountName
The account name
"AccountNTDomain": AccountNTDomain
The account NetBIOS domain name
"AccountPUID": AccountPUID
The account Azure Active Directory Passport User ID
"AccountSid": AccountSid
The account security identifier
"AccountObjectGuid": AccountObjectGuid
The account unique identifier
"AccountUPNSuffix": AccountUPNSuffix
The account user principal name suffix
"AzureResourceResourceId": AzureResourceResourceId
The Azure resource id
"AzureResourceSubscriptionId": AzureResourceSubscriptionId
The Azure resource subscription id
"CloudApplicationAppId": CloudApplicationAppId
The cloud application identifier
"CloudApplicationAppName": CloudApplicationAppName
The cloud application name
"DNSDomainName": DNSDomainName
The dns record domain name
"FileDirectory": FileDirectory
The file directory full path
"FileName": FileName
The file name without path
"FileHashValue": FileHashValue
The file hash value
"HostAzureID": HostAzureID
The host Azure resource id
"HostName": HostName
The host name without domain
"HostNetBiosName": HostNetBiosName
The host NetBIOS name
"HostNTDomain": HostNTDomain
The host NT domain
"HostOSVersion": HostOSVersion
The host operating system
"IoTDeviceId": IoTDeviceId
The IoT device id
"IoTDeviceName": IoTDeviceName
The IoT device name
"IoTDeviceType": IoTDeviceType
The IoT device type
"IoTDeviceVendor": IoTDeviceVendor
The IoT device vendor
"IoTDeviceModel": IoTDeviceModel
The IoT device model
"IoTDeviceOperatingSystem": IoTDeviceOperatingSystem
The IoT device operating system
"IPAddress": IPAddress
The IP address
"MailboxDisplayName": MailboxDisplayName
The mailbox display name
"MailboxPrimaryAddress": MailboxPrimaryAddress
The mailbox primary address
"MailboxUPN": MailboxUPN
The mailbox user principal name
"MailMessageDeliveryAction": MailMessageDeliveryAction
The mail message delivery action
"MailMessageDeliveryLocation": MailMessageDeliveryLocation
The mail message delivery location
"MailMessageRecipient": MailMessageRecipient
The mail message recipient
"MailMessageSenderIP": MailMessageSenderIP
The mail message sender IP address
"MailMessageSubject": MailMessageSubject
The mail message subject
"MailMessageP1Sender": MailMessageP1Sender
The mail message P1 sender
"MailMessageP2Sender": MailMessageP2Sender
The mail message P2 sender
"MalwareCategory": MalwareCategory
The malware category
"MalwareName": MalwareName
The malware name
"ProcessCommandLine": ProcessCommandLine
The process execution command line
"ProcessId": ProcessId
The process id
"RegistryKey": RegistryKey
The registry key path
"RegistryValueData": RegistryValueData
The registry key value in string formatted representation
"Url": Url
The url

AutomationRulePropertyValuesCondition

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionProperties: The configuration of the automation rule condition

ConditionProperties AutomationRulePropertyValuesConditionConditionProperties: The configuration of the automation rule condition

conditionProperties AutomationRulePropertyValuesConditionConditionProperties: The configuration of the automation rule condition

conditionProperties AutomationRulePropertyValuesConditionConditionProperties: The configuration of the automation rule condition

condition_properties AutomationRulePropertyValuesConditionConditionProperties: The configuration of the automation rule condition

conditionProperties Property Map: The configuration of the automation rule condition

AutomationRulePropertyValuesConditionConditionProperties

Operator string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedOperator: The operator to use for evaluation the condition
PropertyName string | Pulumi.AzureNative.SecurityInsights.AutomationRulePropertyConditionSupportedProperty: The property to evaluate
PropertyValues List<string>: The values to use for evaluating the condition

Operator string | AutomationRulePropertyConditionSupportedOperator: The operator to use for evaluation the condition
PropertyName string | AutomationRulePropertyConditionSupportedProperty: The property to evaluate
PropertyValues []string: The values to use for evaluating the condition

operator String | AutomationRulePropertyConditionSupportedOperator: The operator to use for evaluation the condition
propertyName String | AutomationRulePropertyConditionSupportedProperty: The property to evaluate
propertyValues List<String>: The values to use for evaluating the condition

operator string | AutomationRulePropertyConditionSupportedOperator: The operator to use for evaluation the condition
propertyName string | AutomationRulePropertyConditionSupportedProperty: The property to evaluate
propertyValues string[]: The values to use for evaluating the condition

operator str | AutomationRulePropertyConditionSupportedOperator: The operator to use for evaluation the condition
property_name str | AutomationRulePropertyConditionSupportedProperty: The property to evaluate
property_values Sequence[str]: The values to use for evaluating the condition

operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith": The operator to use for evaluation the condition
propertyName String | "IncidentTitle" | "IncidentDescription" | "IncidentSeverity" | "IncidentStatus" | "IncidentTactics" | "IncidentRelatedAnalyticRuleIds" | "IncidentProviderName" | "AccountAadTenantId" | "AccountAadUserId" | "AccountName" | "AccountNTDomain" | "AccountPUID" | "AccountSid" | "AccountObjectGuid" | "AccountUPNSuffix" | "AzureResourceResourceId" | "AzureResourceSubscriptionId" | "CloudApplicationAppId" | "CloudApplicationAppName" | "DNSDomainName" | "FileDirectory" | "FileName" | "FileHashValue" | "HostAzureID" | "HostName" | "HostNetBiosName" | "HostNTDomain" | "HostOSVersion" | "IoTDeviceId" | "IoTDeviceName" | "IoTDeviceType" | "IoTDeviceVendor" | "IoTDeviceModel" | "IoTDeviceOperatingSystem" | "IPAddress" | "MailboxDisplayName" | "MailboxPrimaryAddress" | "MailboxUPN" | "MailMessageDeliveryAction" | "MailMessageDeliveryLocation" | "MailMessageRecipient" | "MailMessageSenderIP" | "MailMessageSubject" | "MailMessageP1Sender" | "MailMessageP2Sender" | "MalwareCategory" | "MalwareName" | "ProcessCommandLine" | "ProcessId" | "RegistryKey" | "RegistryValueData" | "Url": The property to evaluate
propertyValues List<String>: The values to use for evaluating the condition

AutomationRulePropertyValuesConditionResponse

ConditionProperties Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionResponseConditionProperties: The configuration of the automation rule condition

ConditionProperties AutomationRulePropertyValuesConditionResponseConditionProperties: The configuration of the automation rule condition

conditionProperties AutomationRulePropertyValuesConditionResponseConditionProperties: The configuration of the automation rule condition

conditionProperties AutomationRulePropertyValuesConditionResponseConditionProperties: The configuration of the automation rule condition

condition_properties AutomationRulePropertyValuesConditionResponseConditionProperties: The configuration of the automation rule condition

conditionProperties Property Map: The configuration of the automation rule condition

AutomationRulePropertyValuesConditionResponseConditionProperties

Operator string: The operator to use for evaluation the condition
PropertyName string: The property to evaluate
PropertyValues List<string>: The values to use for evaluating the condition

Operator string: The operator to use for evaluation the condition
PropertyName string: The property to evaluate
PropertyValues []string: The values to use for evaluating the condition

operator String: The operator to use for evaluation the condition
propertyName String: The property to evaluate
propertyValues List<String>: The values to use for evaluating the condition

operator string: The operator to use for evaluation the condition
propertyName string: The property to evaluate
propertyValues string[]: The values to use for evaluating the condition

operator str: The operator to use for evaluation the condition
property_name str: The property to evaluate
property_values Sequence[str]: The values to use for evaluating the condition

operator String: The operator to use for evaluation the condition
propertyName String: The property to evaluate
propertyValues List<String>: The values to use for evaluating the condition

AutomationRuleRunPlaybookAction

ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfiguration: The configuration of the run playbook automation rule action
Order int: The order of execution of the automation rule action

ActionConfiguration AutomationRuleRunPlaybookActionActionConfiguration: The configuration of the run playbook automation rule action
Order int: The order of execution of the automation rule action

actionConfiguration AutomationRuleRunPlaybookActionActionConfiguration: The configuration of the run playbook automation rule action
order Integer: The order of execution of the automation rule action

actionConfiguration AutomationRuleRunPlaybookActionActionConfiguration: The configuration of the run playbook automation rule action
order number: The order of execution of the automation rule action

action_configuration AutomationRuleRunPlaybookActionActionConfiguration: The configuration of the run playbook automation rule action
order int: The order of execution of the automation rule action

actionConfiguration Property Map: The configuration of the run playbook automation rule action
order Number: The order of execution of the automation rule action

AutomationRuleRunPlaybookActionActionConfiguration

LogicAppResourceId string: The resource id of the playbook resource
TenantId string: The tenant id of the playbook resource

LogicAppResourceId string: The resource id of the playbook resource
TenantId string: The tenant id of the playbook resource

logicAppResourceId String: The resource id of the playbook resource
tenantId String: The tenant id of the playbook resource

logicAppResourceId string: The resource id of the playbook resource
tenantId string: The tenant id of the playbook resource

logic_app_resource_id str: The resource id of the playbook resource
tenant_id str: The tenant id of the playbook resource

logicAppResourceId String: The resource id of the playbook resource
tenantId String: The tenant id of the playbook resource

AutomationRuleRunPlaybookActionResponse

ActionConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionResponseActionConfiguration: The configuration of the run playbook automation rule action
Order int: The order of execution of the automation rule action

ActionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration: The configuration of the run playbook automation rule action
Order int: The order of execution of the automation rule action

actionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration: The configuration of the run playbook automation rule action
order Integer: The order of execution of the automation rule action

actionConfiguration AutomationRuleRunPlaybookActionResponseActionConfiguration: The configuration of the run playbook automation rule action
order number: The order of execution of the automation rule action

action_configuration AutomationRuleRunPlaybookActionResponseActionConfiguration: The configuration of the run playbook automation rule action
order int: The order of execution of the automation rule action

actionConfiguration Property Map: The configuration of the run playbook automation rule action
order Number: The order of execution of the automation rule action

AutomationRuleRunPlaybookActionResponseActionConfiguration

LogicAppResourceId string: The resource id of the playbook resource
TenantId string: The tenant id of the playbook resource

LogicAppResourceId string: The resource id of the playbook resource
TenantId string: The tenant id of the playbook resource

logicAppResourceId String: The resource id of the playbook resource
tenantId String: The tenant id of the playbook resource

logicAppResourceId string: The resource id of the playbook resource
tenantId string: The tenant id of the playbook resource

logic_app_resource_id str: The resource id of the playbook resource
tenant_id str: The tenant id of the playbook resource

logicAppResourceId String: The resource id of the playbook resource
tenantId String: The tenant id of the playbook resource

AutomationRuleTriggeringLogic

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string | Pulumi.AzureNative.SecurityInsights.TriggersOn: The type of object the automation rule triggers on
TriggersWhen string | Pulumi.AzureNative.SecurityInsights.TriggersWhen: The type of event the automation rule triggers on
Conditions List<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesCondition>: The conditions to evaluate to determine if the automation rule should be triggered on a given object
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string | TriggersOn: The type of object the automation rule triggers on
TriggersWhen string | TriggersWhen: The type of event the automation rule triggers on
Conditions []AutomationRulePropertyValuesCondition: The conditions to evaluate to determine if the automation rule should be triggered on a given object
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String | TriggersOn: The type of object the automation rule triggers on
triggersWhen String | TriggersWhen: The type of event the automation rule triggers on
conditions List<AutomationRulePropertyValuesCondition>: The conditions to evaluate to determine if the automation rule should be triggered on a given object
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean: Determines whether the automation rule is enabled or disabled.
triggersOn string | TriggersOn: The type of object the automation rule triggers on
triggersWhen string | TriggersWhen: The type of event the automation rule triggers on
conditions AutomationRulePropertyValuesCondition[]: The conditions to evaluate to determine if the automation rule should be triggered on a given object
expirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

is_enabled bool: Determines whether the automation rule is enabled or disabled.
triggers_on str | TriggersOn: The type of object the automation rule triggers on
triggers_when str | TriggersWhen: The type of event the automation rule triggers on
conditions Sequence[AutomationRulePropertyValuesCondition]: The conditions to evaluate to determine if the automation rule should be triggered on a given object
expiration_time_utc str: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String | "Incidents": The type of object the automation rule triggers on
triggersWhen String | "Created": The type of event the automation rule triggers on
conditions List<Property Map>: The conditions to evaluate to determine if the automation rule should be triggered on a given object
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

AutomationRuleTriggeringLogicResponse

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string: The type of object the automation rule triggers on
TriggersWhen string: The type of event the automation rule triggers on
Conditions List<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionResponse>: The conditions to evaluate to determine if the automation rule should be triggered on a given object
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

IsEnabled bool: Determines whether the automation rule is enabled or disabled.
TriggersOn string: The type of object the automation rule triggers on
TriggersWhen string: The type of event the automation rule triggers on
Conditions []AutomationRulePropertyValuesConditionResponse: The conditions to evaluate to determine if the automation rule should be triggered on a given object
ExpirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String: The type of object the automation rule triggers on
triggersWhen String: The type of event the automation rule triggers on
conditions List<AutomationRulePropertyValuesConditionResponse>: The conditions to evaluate to determine if the automation rule should be triggered on a given object
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

isEnabled boolean: Determines whether the automation rule is enabled or disabled.
triggersOn string: The type of object the automation rule triggers on
triggersWhen string: The type of event the automation rule triggers on
conditions AutomationRulePropertyValuesConditionResponse[]: The conditions to evaluate to determine if the automation rule should be triggered on a given object
expirationTimeUtc string: Determines when the automation rule should automatically expire and be disabled.

is_enabled bool: Determines whether the automation rule is enabled or disabled.
triggers_on str: The type of object the automation rule triggers on
triggers_when str: The type of event the automation rule triggers on
conditions Sequence[AutomationRulePropertyValuesConditionResponse]: The conditions to evaluate to determine if the automation rule should be triggered on a given object
expiration_time_utc str: Determines when the automation rule should automatically expire and be disabled.

isEnabled Boolean: Determines whether the automation rule is enabled or disabled.
triggersOn String: The type of object the automation rule triggers on
triggersWhen String: The type of event the automation rule triggers on
conditions List<Property Map>: The conditions to evaluate to determine if the automation rule should be triggered on a given object
expirationTimeUtc String: Determines when the automation rule should automatically expire and be disabled.

ClientInfoResponse

Email string: The email of the client.
Name string: The name of the client.
ObjectId string: The object id of the client.
UserPrincipalName string: The user principal name of the client.

Email string: The email of the client.
Name string: The name of the client.
ObjectId string: The object id of the client.
UserPrincipalName string: The user principal name of the client.

email String: The email of the client.
name String: The name of the client.
objectId String: The object id of the client.
userPrincipalName String: The user principal name of the client.

email string: The email of the client.
name string: The name of the client.
objectId string: The object id of the client.
userPrincipalName string: The user principal name of the client.

email str: The email of the client.
name str: The name of the client.
object_id str: The object id of the client.
user_principal_name str: The user principal name of the client.

email String: The email of the client.
name String: The name of the client.
objectId String: The object id of the client.
userPrincipalName String: The user principal name of the client.

IncidentClassification

Undetermined: Undetermined
Incident classification was undetermined
TruePositive: TruePositive
Incident was true positive
BenignPositive: BenignPositive
Incident was benign positive
FalsePositive: FalsePositive
Incident was false positive

IncidentClassificationUndetermined: Undetermined
Incident classification was undetermined
IncidentClassificationTruePositive: TruePositive
Incident was true positive
IncidentClassificationBenignPositive: BenignPositive
Incident was benign positive
IncidentClassificationFalsePositive: FalsePositive
Incident was false positive

Undetermined: Undetermined
Incident classification was undetermined
TruePositive: TruePositive
Incident was true positive
BenignPositive: BenignPositive
Incident was benign positive
FalsePositive: FalsePositive
Incident was false positive

Undetermined: Undetermined
Incident classification was undetermined
TruePositive: TruePositive
Incident was true positive
BenignPositive: BenignPositive
Incident was benign positive
FalsePositive: FalsePositive
Incident was false positive

UNDETERMINED: Undetermined
Incident classification was undetermined
TRUE_POSITIVE: TruePositive
Incident was true positive
BENIGN_POSITIVE: BenignPositive
Incident was benign positive
FALSE_POSITIVE: FalsePositive
Incident was false positive

"Undetermined": Undetermined
Incident classification was undetermined
"TruePositive": TruePositive
Incident was true positive
"BenignPositive": BenignPositive
Incident was benign positive
"FalsePositive": FalsePositive
Incident was false positive

IncidentClassificationReason

SuspiciousActivity: SuspiciousActivity
Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected
Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic
Classification reason was incorrect alert logic
InaccurateData: InaccurateData
Classification reason was inaccurate data

IncidentClassificationReasonSuspiciousActivity: SuspiciousActivity
Classification reason was suspicious activity
IncidentClassificationReasonSuspiciousButExpected: SuspiciousButExpected
Classification reason was suspicious but expected
IncidentClassificationReasonIncorrectAlertLogic: IncorrectAlertLogic
Classification reason was incorrect alert logic
IncidentClassificationReasonInaccurateData: InaccurateData
Classification reason was inaccurate data

SuspiciousActivity: SuspiciousActivity
Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected
Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic
Classification reason was incorrect alert logic
InaccurateData: InaccurateData
Classification reason was inaccurate data

SuspiciousActivity: SuspiciousActivity
Classification reason was suspicious activity
SuspiciousButExpected: SuspiciousButExpected
Classification reason was suspicious but expected
IncorrectAlertLogic: IncorrectAlertLogic
Classification reason was incorrect alert logic
InaccurateData: InaccurateData
Classification reason was inaccurate data

SUSPICIOUS_ACTIVITY: SuspiciousActivity
Classification reason was suspicious activity
SUSPICIOUS_BUT_EXPECTED: SuspiciousButExpected
Classification reason was suspicious but expected
INCORRECT_ALERT_LOGIC: IncorrectAlertLogic
Classification reason was incorrect alert logic
INACCURATE_DATA: InaccurateData
Classification reason was inaccurate data

"SuspiciousActivity": SuspiciousActivity
Classification reason was suspicious activity
"SuspiciousButExpected": SuspiciousButExpected
Classification reason was suspicious but expected
"IncorrectAlertLogic": IncorrectAlertLogic
Classification reason was incorrect alert logic
"InaccurateData": InaccurateData
Classification reason was inaccurate data

IncidentLabel

LabelName string: The name of the label

LabelName string: The name of the label

labelName String: The name of the label

labelName string: The name of the label

label_name str: The name of the label

labelName String: The name of the label

IncidentLabelResponse

LabelName string: The name of the label
LabelType string: The type of the label

LabelName string: The name of the label
LabelType string: The type of the label

labelName String: The name of the label
labelType String: The type of the label

labelName string: The name of the label
labelType string: The type of the label

label_name str: The name of the label
label_type str: The type of the label

labelName String: The name of the label
labelType String: The type of the label

IncidentOwnerInfo

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

IncidentOwnerInfoResponse

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

IncidentSeverity

High: High
High severity
Medium: Medium
Medium severity
Low: Low
Low severity
Informational: Informational
Informational severity

IncidentSeverityHigh: High
High severity
IncidentSeverityMedium: Medium
Medium severity
IncidentSeverityLow: Low
Low severity
IncidentSeverityInformational: Informational
Informational severity

High: High
High severity
Medium: Medium
Medium severity
Low: Low
Low severity
Informational: Informational
Informational severity

High: High
High severity
Medium: Medium
Medium severity
Low: Low
Low severity
Informational: Informational
Informational severity

HIGH: High
High severity
MEDIUM: Medium
Medium severity
LOW: Low
Low severity
INFORMATIONAL: Informational
Informational severity

"High": High
High severity
"Medium": Medium
Medium severity
"Low": Low
Low severity
"Informational": Informational
Informational severity

IncidentStatus

New: New
An active incident which isn't being handled currently
Active: Active
An active incident which is being handled
Closed: Closed
A non-active incident

IncidentStatusNew: New
An active incident which isn't being handled currently
IncidentStatusActive: Active
An active incident which is being handled
IncidentStatusClosed: Closed
A non-active incident

New: New
An active incident which isn't being handled currently
Active: Active
An active incident which is being handled
Closed: Closed
A non-active incident

New: New
An active incident which isn't being handled currently
Active: Active
An active incident which is being handled
Closed: Closed
A non-active incident

NEW: New
An active incident which isn't being handled currently
ACTIVE: Active
An active incident which is being handled
CLOSED: Closed
A non-active incident

"New": New
An active incident which isn't being handled currently
"Active": Active
An active incident which is being handled
"Closed": Closed
A non-active incident

TriggersOn

Incidents: Incidents
Trigger on Incidents

TriggersOnIncidents: Incidents
Trigger on Incidents

Incidents: Incidents
Trigger on Incidents

Incidents: Incidents
Trigger on Incidents

INCIDENTS: Incidents
Trigger on Incidents

"Incidents": Incidents
Trigger on Incidents

TriggersWhen

Created: Created
Trigger on created objects

TriggersWhenCreated: Created
Trigger on created objects

Created: Created
Trigger on created objects

Created: Created
Trigger on created objects

CREATED: Created
Trigger on created objects

"Created": Created
Trigger on created objects

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0