Azure Native v1.102.0, May 2 23
Azure Native v1.102.0, May 2 23
azure-native.securityinsights.AutomationRule
Explore with Pulumi AI
Represents an automation rule. API Version: 2019-01-01-preview.
Example Usage
Creates or updates an automation rule.
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
{
Actions = new[]
{
new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
{
ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfigurationArgs
{
Severity = "High",
},
ActionType = "ModifyProperties",
Order = 1,
},
new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs
{
ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfigurationArgs
{
LogicAppResourceId = "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
TenantId = "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
},
ActionType = "RunPlaybook",
Order = 2,
},
},
AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
DisplayName = "High severity incidents escalation",
OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
Order = 1,
ResourceGroupName = "myRg",
TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
{
Conditions = new[]
{
{
{ "conditionProperties", new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionPropertiesArgs
{
Operator = "Contains",
PropertyName = "IncidentRelatedAnalyticRuleIds",
PropertyValues = new[]
{
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
},
} },
{ "conditionType", "Property" },
},
},
IsEnabled = true,
TriggersOn = "Incidents",
TriggersWhen = "Created",
},
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native/sdk/go/azure/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
Actions: pulumi.AnyArray{
securityinsights.AutomationRuleModifyPropertiesAction{
ActionConfiguration: securityinsights.AutomationRuleModifyPropertiesActionActionConfiguration{
Severity: "High",
},
ActionType: "ModifyProperties",
Order: 1,
},
securityinsights.AutomationRuleRunPlaybookAction{
ActionConfiguration: securityinsights.AutomationRuleRunPlaybookActionActionConfiguration{
LogicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
TenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
},
ActionType: "RunPlaybook",
Order: 2,
},
},
AutomationRuleId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
DisplayName: pulumi.String("High severity incidents escalation"),
OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
Order: pulumi.Int(1),
ResourceGroupName: pulumi.String("myRg"),
TriggeringLogic: securityinsights.AutomationRuleTriggeringLogicResponse{
Conditions: []securityinsights.AutomationRulePropertyValuesConditionArgs{
{
ConditionProperties: {
Operator: pulumi.String("Contains"),
PropertyName: pulumi.String("IncidentRelatedAnalyticRuleIds"),
PropertyValues: pulumi.StringArray{
pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"),
},
},
ConditionType: pulumi.String("Property"),
},
},
IsEnabled: pulumi.Bool(true),
TriggersOn: pulumi.String("Incidents"),
TriggersWhen: pulumi.String("Created"),
},
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()
.actions(
Map.ofEntries(
Map.entry("actionConfiguration", Map.of("severity", "High")),
Map.entry("actionType", "ModifyProperties"),
Map.entry("order", 1)
),
Map.ofEntries(
Map.entry("actionConfiguration", Map.ofEntries(
Map.entry("logicAppResourceId", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
Map.entry("tenantId", "ee48efaf-50c6-411b-9345-b2bdc3eb4abc")
)),
Map.entry("actionType", "RunPlaybook"),
Map.entry("order", 2)
))
.automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.displayName("High severity incidents escalation")
.operationalInsightsResourceProvider("Microsoft.OperationalInsights")
.order(1)
.resourceGroupName("myRg")
.triggeringLogic(Map.ofEntries(
Map.entry("conditions", Map.ofEntries(
Map.entry("conditionProperties", Map.ofEntries(
Map.entry("operator", "Contains"),
Map.entry("propertyName", "IncidentRelatedAnalyticRuleIds"),
Map.entry("propertyValues",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")
)),
Map.entry("conditionType", "Property")
)),
Map.entry("isEnabled", true),
Map.entry("triggersOn", "Incidents"),
Map.entry("triggersWhen", "Created")
))
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
actions=[
azure_native.securityinsights.AutomationRuleModifyPropertiesActionArgs(
action_configuration=azure_native.securityinsights.AutomationRuleModifyPropertiesActionActionConfigurationArgs(
severity="High",
),
action_type="ModifyProperties",
order=1,
),
azure_native.securityinsights.AutomationRuleRunPlaybookActionArgs(
action_configuration=azure_native.securityinsights.AutomationRuleRunPlaybookActionActionConfigurationArgs(
logic_app_resource_id="/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
tenant_id="ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
),
action_type="RunPlaybook",
order=2,
),
],
automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
display_name="High severity incidents escalation",
operational_insights_resource_provider="Microsoft.OperationalInsights",
order=1,
resource_group_name="myRg",
triggering_logic=azure_native.securityinsights.AutomationRuleTriggeringLogicResponseArgs(
conditions=[azure_native.securityinsights.AutomationRulePropertyValuesConditionResponseArgs(
condition_properties=azure_native.securityinsights.AutomationRulePropertyValuesConditionConditionPropertiesArgs(
operator="Contains",
property_name="IncidentRelatedAnalyticRuleIds",
property_values=[
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
],
),
condition_type="Property",
)],
is_enabled=True,
triggers_on="Incidents",
triggers_when="Created",
),
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
actions: [
{
actionConfiguration: {
severity: "High",
},
actionType: "ModifyProperties",
order: 1,
},
{
actionConfiguration: {
logicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
tenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
},
actionType: "RunPlaybook",
order: 2,
},
],
automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
displayName: "High severity incidents escalation",
operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
order: 1,
resourceGroupName: "myRg",
triggeringLogic: {
conditions: [{
conditionProperties: {
operator: "Contains",
propertyName: "IncidentRelatedAnalyticRuleIds",
propertyValues: [
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
],
},
conditionType: "Property",
}],
isEnabled: true,
triggersOn: "Incidents",
triggersWhen: "Created",
},
workspaceName: "myWorkspace",
});
resources:
automationRule:
type: azure-native:securityinsights:AutomationRule
properties:
actions:
- actionConfiguration:
severity: High
actionType: ModifyProperties
order: 1
- actionConfiguration:
logicAppResourceId: /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook
tenantId: ee48efaf-50c6-411b-9345-b2bdc3eb4abc
actionType: RunPlaybook
order: 2
automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
displayName: High severity incidents escalation
operationalInsightsResourceProvider: Microsoft.OperationalInsights
order: 1
resourceGroupName: myRg
triggeringLogic:
conditions:
- conditionProperties:
operator: Contains
propertyName: IncidentRelatedAnalyticRuleIds
propertyValues:
- /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7
- /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a
conditionType: Property
isEnabled: true
triggersOn: Incidents
triggersWhen: Created
workspaceName: myWorkspace
Create AutomationRule Resource
new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
@overload
def AutomationRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
automation_rule_id: Optional[str] = None,
display_name: Optional[str] = None,
operational_insights_resource_provider: Optional[str] = None,
order: Optional[int] = None,
resource_group_name: Optional[str] = None,
triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
workspace_name: Optional[str] = None)
@overload
def AutomationRule(resource_name: str,
args: AutomationRuleArgs,
opts: Optional[ResourceOptions] = None)
func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AutomationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AutomationRule resource accepts the following input properties:
- Actions
List<Union<Pulumi.
Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action Args, Pulumi. Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Args>> The actions to execute when the automation rule is triggered
- Display
Name string The display name of the automation rule
- Operational
Insights stringResource Provider The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Order int
The order of execution of the automation rule
- Resource
Group stringName The name of the resource group within the user's subscription. The name is case insensitive.
- Triggering
Logic Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Triggering Logic Args The triggering logic of the automation rule
- Workspace
Name string The name of the workspace.
- Automation
Rule stringId Automation rule ID
- Actions []interface{}
The actions to execute when the automation rule is triggered
- Display
Name string The display name of the automation rule
- Operational
Insights stringResource Provider The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Order int
The order of execution of the automation rule
- Resource
Group stringName The name of the resource group within the user's subscription. The name is case insensitive.
- Triggering
Logic AutomationRule Triggering Logic Args The triggering logic of the automation rule
- Workspace
Name string The name of the workspace.
- Automation
Rule stringId Automation rule ID
- actions
List<Either<Automation
Rule Modify Properties Action Args,Automation Rule Run Playbook Action Args>> The actions to execute when the automation rule is triggered
- display
Name String The display name of the automation rule
- operational
Insights StringResource Provider The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order Integer
The order of execution of the automation rule
- resource
Group StringName The name of the resource group within the user's subscription. The name is case insensitive.
- triggering
Logic AutomationRule Triggering Logic Args The triggering logic of the automation rule
- workspace
Name String The name of the workspace.
- automation
Rule StringId Automation rule ID
- actions
(Automation
Rule Modify Properties Action Args | Automation Rule Run Playbook Action Args)[] The actions to execute when the automation rule is triggered
- display
Name string The display name of the automation rule
- operational
Insights stringResource Provider The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order number
The order of execution of the automation rule
- resource
Group stringName The name of the resource group within the user's subscription. The name is case insensitive.
- triggering
Logic AutomationRule Triggering Logic Args The triggering logic of the automation rule
- workspace
Name string The name of the workspace.
- automation
Rule stringId Automation rule ID
- actions
Sequence[Union[Automation
Rule Modify Properties Action Args, Automation Rule Run Playbook Action Args]] The actions to execute when the automation rule is triggered
- display_
name str The display name of the automation rule
- operational_
insights_ strresource_ provider The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order int
The order of execution of the automation rule
- resource_
group_ strname The name of the resource group within the user's subscription. The name is case insensitive.
- triggering_
logic AutomationRule Triggering Logic Args The triggering logic of the automation rule
- workspace_
name str The name of the workspace.
- automation_
rule_ strid Automation rule ID
- actions List<Property Map | Property Map>
The actions to execute when the automation rule is triggered
- display
Name String The display name of the automation rule
- operational
Insights StringResource Provider The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order Number
The order of execution of the automation rule
- resource
Group StringName The name of the resource group within the user's subscription. The name is case insensitive.
- triggering
Logic Property Map The triggering logic of the automation rule
- workspace
Name String The name of the workspace.
- automation
Rule StringId Automation rule ID
Outputs
All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:
- Created
By Pulumi.Azure Native. Security Insights. Outputs. Client Info Response Describes the client that created the automation rule
- Created
Time stringUtc The time the automation rule was created
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Modified Pulumi.By Azure Native. Security Insights. Outputs. Client Info Response Describes the client that last updated the automation rule
- Last
Modified stringTime Utc The last time the automation rule was updated
- Name string
Azure resource name
- Type string
Azure resource type
- Etag string
Etag of the azure resource
- Created
By ClientInfo Response Describes the client that created the automation rule
- Created
Time stringUtc The time the automation rule was created
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Modified ClientBy Info Response Describes the client that last updated the automation rule
- Last
Modified stringTime Utc The last time the automation rule was updated
- Name string
Azure resource name
- Type string
Azure resource type
- Etag string
Etag of the azure resource
- created
By ClientInfo Response Describes the client that created the automation rule
- created
Time StringUtc The time the automation rule was created
- id String
The provider-assigned unique ID for this managed resource.
- last
Modified ClientBy Info Response Describes the client that last updated the automation rule
- last
Modified StringTime Utc The last time the automation rule was updated
- name String
Azure resource name
- type String
Azure resource type
- etag String
Etag of the azure resource
- created
By ClientInfo Response Describes the client that created the automation rule
- created
Time stringUtc The time the automation rule was created
- id string
The provider-assigned unique ID for this managed resource.
- last
Modified ClientBy Info Response Describes the client that last updated the automation rule
- last
Modified stringTime Utc The last time the automation rule was updated
- name string
Azure resource name
- type string
Azure resource type
- etag string
Etag of the azure resource
- created_
by ClientInfo Response Describes the client that created the automation rule
- created_
time_ strutc The time the automation rule was created
- id str
The provider-assigned unique ID for this managed resource.
- last_
modified_ Clientby Info Response Describes the client that last updated the automation rule
- last_
modified_ strtime_ utc The last time the automation rule was updated
- name str
Azure resource name
- type str
Azure resource type
- etag str
Etag of the azure resource
- created
By Property Map Describes the client that created the automation rule
- created
Time StringUtc The time the automation rule was created
- id String
The provider-assigned unique ID for this managed resource.
- last
Modified Property MapBy Describes the client that last updated the automation rule
- last
Modified StringTime Utc The last time the automation rule was updated
- name String
Azure resource name
- type String
Azure resource type
- etag String
Etag of the azure resource
Supporting Types
AutomationRuleModifyPropertiesAction
- Action
Configuration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action Action Configuration The configuration of the modify properties automation rule action
- Order int
The order of execution of the automation rule action
- Action
Configuration AutomationRule Modify Properties Action Action Configuration The configuration of the modify properties automation rule action
- Order int
The order of execution of the automation rule action
- action
Configuration AutomationRule Modify Properties Action Action Configuration The configuration of the modify properties automation rule action
- order Integer
The order of execution of the automation rule action
- action
Configuration AutomationRule Modify Properties Action Action Configuration The configuration of the modify properties automation rule action
- order number
The order of execution of the automation rule action
- action_
configuration AutomationRule Modify Properties Action Action Configuration The configuration of the modify properties automation rule action
- order int
The order of execution of the automation rule action
- action
Configuration Property Map The configuration of the modify properties automation rule action
- order Number
The order of execution of the automation rule action
AutomationRuleModifyPropertiesActionActionConfiguration
- Classification
string | Pulumi.
Azure Native. Security Insights. Incident Classification The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed
- Classification
Reason string | Pulumi.Azure Native. Security Insights. Incident Classification Reason The classification reason to close the incident with
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label> List of labels to add to the incident
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info Describes a user that the incident is assigned to
- Severity
string | Pulumi.
Azure Native. Security Insights. Incident Severity The severity of the incident
- Status
string | Pulumi.
Azure Native. Security Insights. Incident Status The status of the incident
- Classification
string | Incident
Classification The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed
- Classification
Reason string | IncidentClassification Reason The classification reason to close the incident with
- Labels
[]Incident
Label List of labels to add to the incident
- Owner
Incident
Owner Info Describes a user that the incident is assigned to
- Severity
string | Incident
Severity The severity of the incident
- Status
string | Incident
Status The status of the incident
- classification
String | Incident
Classification The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed
- classification
Reason String | IncidentClassification Reason The classification reason to close the incident with
- labels
List<Incident
Label> List of labels to add to the incident
- owner
Incident
Owner Info Describes a user that the incident is assigned to
- severity
String | Incident
Severity The severity of the incident
- status
String | Incident
Status The status of the incident
- classification
string | Incident
Classification The reason the incident was closed
- classification
Comment string Describes the reason the incident was closed
- classification
Reason string | IncidentClassification Reason The classification reason to close the incident with
- labels
Incident
Label[] List of labels to add to the incident
- owner
Incident
Owner Info Describes a user that the incident is assigned to
- severity
string | Incident
Severity The severity of the incident
- status
string | Incident
Status The status of the incident
- classification
str | Incident
Classification The reason the incident was closed
- classification_
comment str Describes the reason the incident was closed
- classification_
reason str | IncidentClassification Reason The classification reason to close the incident with
- labels
Sequence[Incident
Label] List of labels to add to the incident
- owner
Incident
Owner Info Describes a user that the incident is assigned to
- severity
str | Incident
Severity The severity of the incident
- status
str | Incident
Status The status of the incident
- classification
String | "Undetermined" | "True
Positive" | "Benign Positive" | "False Positive" The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed
- classification
Reason String | "SuspiciousActivity" | "Suspicious But Expected" | "Incorrect Alert Logic" | "Inaccurate Data" The classification reason to close the incident with
- labels List<Property Map>
List of labels to add to the incident
- owner Property Map
Describes a user that the incident is assigned to
- severity String | "High" | "Medium" | "Low" | "Informational"
The severity of the incident
- status String | "New" | "Active" | "Closed"
The status of the incident
AutomationRuleModifyPropertiesActionResponse
- Action
Configuration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action Response Action Configuration The configuration of the modify properties automation rule action
- Order int
The order of execution of the automation rule action
- Action
Configuration AutomationRule Modify Properties Action Response Action Configuration The configuration of the modify properties automation rule action
- Order int
The order of execution of the automation rule action
- action
Configuration AutomationRule Modify Properties Action Response Action Configuration The configuration of the modify properties automation rule action
- order Integer
The order of execution of the automation rule action
- action
Configuration AutomationRule Modify Properties Action Response Action Configuration The configuration of the modify properties automation rule action
- order number
The order of execution of the automation rule action
- action_
configuration AutomationRule Modify Properties Action Response Action Configuration The configuration of the modify properties automation rule action
- order int
The order of execution of the automation rule action
- action
Configuration Property Map The configuration of the modify properties automation rule action
- order Number
The order of execution of the automation rule action
AutomationRuleModifyPropertiesActionResponseActionConfiguration
- Classification string
The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed
- Classification
Reason string The classification reason to close the incident with
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label Response> List of labels to add to the incident
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info Response Describes a user that the incident is assigned to
- Severity string
The severity of the incident
- Status string
The status of the incident
- Classification string
The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed
- Classification
Reason string The classification reason to close the incident with
- Labels
[]Incident
Label Response List of labels to add to the incident
- Owner
Incident
Owner Info Response Describes a user that the incident is assigned to
- Severity string
The severity of the incident
- Status string
The status of the incident
- classification String
The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed
- classification
Reason String The classification reason to close the incident with
- labels
List<Incident
Label Response> List of labels to add to the incident
- owner
Incident
Owner Info Response Describes a user that the incident is assigned to
- severity String
The severity of the incident
- status String
The status of the incident
- classification string
The reason the incident was closed
- classification
Comment string Describes the reason the incident was closed
- classification
Reason string The classification reason to close the incident with
- labels
Incident
Label Response[] List of labels to add to the incident
- owner
Incident
Owner Info Response Describes a user that the incident is assigned to
- severity string
The severity of the incident
- status string
The status of the incident
- classification str
The reason the incident was closed
- classification_
comment str Describes the reason the incident was closed
- classification_
reason str The classification reason to close the incident with
- labels
Sequence[Incident
Label Response] List of labels to add to the incident
- owner
Incident
Owner Info Response Describes a user that the incident is assigned to
- severity str
The severity of the incident
- status str
The status of the incident
- classification String
The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed
- classification
Reason String The classification reason to close the incident with
- labels List<Property Map>
List of labels to add to the incident
- owner Property Map
Describes a user that the incident is assigned to
- severity String
The severity of the incident
- status String
The status of the incident
AutomationRulePropertyConditionSupportedOperator
- Equals
Value - Equals
Evaluates if the property equals at least one of the condition values
- Not
Equals - NotEquals
Evaluates if the property does not equal any of the condition values
- Contains
- Contains
Evaluates if the property contains at least one of the condition values
- Not
Contains - NotContains
Evaluates if the property does not contain any of the condition values
- Starts
With - StartsWith
Evaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWith
Evaluates if the property does not start with any of the condition values
- Ends
With - EndsWith
Evaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWith
Evaluates if the property does not end with any of the condition values
- Automation
Rule Property Condition Supported Operator Equals - Equals
Evaluates if the property equals at least one of the condition values
- Automation
Rule Property Condition Supported Operator Not Equals - NotEquals
Evaluates if the property does not equal any of the condition values
- Automation
Rule Property Condition Supported Operator Contains - Contains
Evaluates if the property contains at least one of the condition values
- Automation
Rule Property Condition Supported Operator Not Contains - NotContains
Evaluates if the property does not contain any of the condition values
- Automation
Rule Property Condition Supported Operator Starts With - StartsWith
Evaluates if the property starts with any of the condition values
- Automation
Rule Property Condition Supported Operator Not Starts With - NotStartsWith
Evaluates if the property does not start with any of the condition values
- Automation
Rule Property Condition Supported Operator Ends With - EndsWith
Evaluates if the property ends with any of the condition values
- Automation
Rule Property Condition Supported Operator Not Ends With - NotEndsWith
Evaluates if the property does not end with any of the condition values
- Equals
- Equals
Evaluates if the property equals at least one of the condition values
- Not
Equals - NotEquals
Evaluates if the property does not equal any of the condition values
- Contains
- Contains
Evaluates if the property contains at least one of the condition values
- Not
Contains - NotContains
Evaluates if the property does not contain any of the condition values
- Starts
With - StartsWith
Evaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWith
Evaluates if the property does not start with any of the condition values
- Ends
With - EndsWith
Evaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWith
Evaluates if the property does not end with any of the condition values
- Equals
- Equals
Evaluates if the property equals at least one of the condition values
- Not
Equals - NotEquals
Evaluates if the property does not equal any of the condition values
- Contains
- Contains
Evaluates if the property contains at least one of the condition values
- Not
Contains - NotContains
Evaluates if the property does not contain any of the condition values
- Starts
With - StartsWith
Evaluates if the property starts with any of the condition values
- Not
Starts With - NotStartsWith
Evaluates if the property does not start with any of the condition values
- Ends
With - EndsWith
Evaluates if the property ends with any of the condition values
- Not
Ends With - NotEndsWith
Evaluates if the property does not end with any of the condition values
- EQUALS
- Equals
Evaluates if the property equals at least one of the condition values
- NOT_EQUALS
- NotEquals
Evaluates if the property does not equal any of the condition values
- CONTAINS
- Contains
Evaluates if the property contains at least one of the condition values
- NOT_CONTAINS
- NotContains
Evaluates if the property does not contain any of the condition values
- STARTS_WITH
- StartsWith
Evaluates if the property starts with any of the condition values
- NOT_STARTS_WITH
- NotStartsWith
Evaluates if the property does not start with any of the condition values
- ENDS_WITH
- EndsWith
Evaluates if the property ends with any of the condition values
- NOT_ENDS_WITH
- NotEndsWith
Evaluates if the property does not end with any of the condition values
- "Equals"
- Equals
Evaluates if the property equals at least one of the condition values
- "Not
Equals" - NotEquals
Evaluates if the property does not equal any of the condition values
- "Contains"
- Contains
Evaluates if the property contains at least one of the condition values
- "Not
Contains" - NotContains
Evaluates if the property does not contain any of the condition values
- "Starts
With" - StartsWith
Evaluates if the property starts with any of the condition values
- "Not
Starts With" - NotStartsWith
Evaluates if the property does not start with any of the condition values
- "Ends
With" - EndsWith
Evaluates if the property ends with any of the condition values
- "Not
Ends With" - NotEndsWith
Evaluates if the property does not end with any of the condition values
AutomationRulePropertyConditionSupportedProperty
- Incident
Title - IncidentTitle
The title of the incident
- Incident
Description - IncidentDescription
The description of the incident
- Incident
Severity - IncidentSeverity
The severity of the incident
- Incident
Status - IncidentStatus
The status of the incident
- Incident
Tactics - IncidentTactics
The tactics of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- Incident
Provider Name - IncidentProviderName
The provider name of the incident
- Account
Aad Tenant Id - AccountAadTenantId
The account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserId
The account Azure Active Directory user id.
- Account
Name - AccountName
The account name
- Account
NTDomain - AccountNTDomain
The account NetBIOS domain name
- Account
PUID - AccountPUID
The account Azure Active Directory Passport User ID
- Account
Sid - AccountSid
The account security identifier
- Account
Object Guid - AccountObjectGuid
The account unique identifier
- Account
UPNSuffix - AccountUPNSuffix
The account user principal name suffix
- Azure
Resource Resource Id - AzureResourceResourceId
The Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionId
The Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppId
The cloud application identifier
- Cloud
Application App Name - CloudApplicationAppName
The cloud application name
- DNSDomain
Name - DNSDomainName
The dns record domain name
- File
Directory - FileDirectory
The file directory full path
- File
Name - FileName
The file name without path
- File
Hash Value - FileHashValue
The file hash value
- Host
Azure ID - HostAzureID
The host Azure resource id
- Host
Name - HostName
The host name without domain
- Host
Net Bios Name - HostNetBiosName
The host NetBIOS name
- Host
NTDomain - HostNTDomain
The host NT domain
- Host
OSVersion - HostOSVersion
The host operating system
- Io
TDevice Id - IoTDeviceId
The IoT device id
- Io
TDevice Name - IoTDeviceName
The IoT device name
- Io
TDevice Type - IoTDeviceType
The IoT device type
- Io
TDevice Vendor - IoTDeviceVendor
The IoT device vendor
- Io
TDevice Model - IoTDeviceModel
The IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystem
The IoT device operating system
- IPAddress
- IPAddress
The IP address
- Mailbox
Display Name - MailboxDisplayName
The mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddress
The mailbox primary address
- Mailbox
UPN - MailboxUPN
The mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryAction
The mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocation
The mail message delivery location
- Mail
Message Recipient - MailMessageRecipient
The mail message recipient
- Mail
Message Sender IP - MailMessageSenderIP
The mail message sender IP address
- Mail
Message Subject - MailMessageSubject
The mail message subject
- Mail
Message P1Sender - MailMessageP1Sender
The mail message P1 sender
- Mail
Message P2Sender - MailMessageP2Sender
The mail message P2 sender
- Malware
Category - MalwareCategory
The malware category
- Malware
Name - MalwareName
The malware name
- Process
Command Line - ProcessCommandLine
The process execution command line
- Process
Id - ProcessId
The process id
- Registry
Key - RegistryKey
The registry key path
- Registry
Value Data - RegistryValueData
The registry key value in string formatted representation
- Url
- Url
The url
- Automation
Rule Property Condition Supported Property Incident Title - IncidentTitle
The title of the incident
- Automation
Rule Property Condition Supported Property Incident Description - IncidentDescription
The description of the incident
- Automation
Rule Property Condition Supported Property Incident Severity - IncidentSeverity
The severity of the incident
- Automation
Rule Property Condition Supported Property Incident Status - IncidentStatus
The status of the incident
- Automation
Rule Property Condition Supported Property Incident Tactics - IncidentTactics
The tactics of the incident
- Automation
Rule Property Condition Supported Property Incident Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- Automation
Rule Property Condition Supported Property Incident Provider Name - IncidentProviderName
The provider name of the incident
- Automation
Rule Property Condition Supported Property Account Aad Tenant Id - AccountAadTenantId
The account Azure Active Directory tenant id
- Automation
Rule Property Condition Supported Property Account Aad User Id - AccountAadUserId
The account Azure Active Directory user id.
- Automation
Rule Property Condition Supported Property Account Name - AccountName
The account name
- Automation
Rule Property Condition Supported Property Account NTDomain - AccountNTDomain
The account NetBIOS domain name
- Automation
Rule Property Condition Supported Property Account PUID - AccountPUID
The account Azure Active Directory Passport User ID
- Automation
Rule Property Condition Supported Property Account Sid - AccountSid
The account security identifier
- Automation
Rule Property Condition Supported Property Account Object Guid - AccountObjectGuid
The account unique identifier
- Automation
Rule Property Condition Supported Property Account UPNSuffix - AccountUPNSuffix
The account user principal name suffix
- Automation
Rule Property Condition Supported Property Azure Resource Resource Id - AzureResourceResourceId
The Azure resource id
- Automation
Rule Property Condition Supported Property Azure Resource Subscription Id - AzureResourceSubscriptionId
The Azure resource subscription id
- Automation
Rule Property Condition Supported Property Cloud Application App Id - CloudApplicationAppId
The cloud application identifier
- Automation
Rule Property Condition Supported Property Cloud Application App Name - CloudApplicationAppName
The cloud application name
- Automation
Rule Property Condition Supported Property DNSDomain Name - DNSDomainName
The dns record domain name
- Automation
Rule Property Condition Supported Property File Directory - FileDirectory
The file directory full path
- Automation
Rule Property Condition Supported Property File Name - FileName
The file name without path
- Automation
Rule Property Condition Supported Property File Hash Value - FileHashValue
The file hash value
- Automation
Rule Property Condition Supported Property Host Azure ID - HostAzureID
The host Azure resource id
- Automation
Rule Property Condition Supported Property Host Name - HostName
The host name without domain
- Automation
Rule Property Condition Supported Property Host Net Bios Name - HostNetBiosName
The host NetBIOS name
- Automation
Rule Property Condition Supported Property Host NTDomain - HostNTDomain
The host NT domain
- Automation
Rule Property Condition Supported Property Host OSVersion - HostOSVersion
The host operating system
- Automation
Rule Property Condition Supported Property Io TDevice Id - IoTDeviceId
The IoT device id
- Automation
Rule Property Condition Supported Property Io TDevice Name - IoTDeviceName
The IoT device name
- Automation
Rule Property Condition Supported Property Io TDevice Type - IoTDeviceType
The IoT device type
- Automation
Rule Property Condition Supported Property Io TDevice Vendor - IoTDeviceVendor
The IoT device vendor
- Automation
Rule Property Condition Supported Property Io TDevice Model - IoTDeviceModel
The IoT device model
- Automation
Rule Property Condition Supported Property Io TDevice Operating System - IoTDeviceOperatingSystem
The IoT device operating system
- Automation
Rule Property Condition Supported Property IPAddress - IPAddress
The IP address
- Automation
Rule Property Condition Supported Property Mailbox Display Name - MailboxDisplayName
The mailbox display name
- Automation
Rule Property Condition Supported Property Mailbox Primary Address - MailboxPrimaryAddress
The mailbox primary address
- Automation
Rule Property Condition Supported Property Mailbox UPN - MailboxUPN
The mailbox user principal name
- Automation
Rule Property Condition Supported Property Mail Message Delivery Action - MailMessageDeliveryAction
The mail message delivery action
- Automation
Rule Property Condition Supported Property Mail Message Delivery Location - MailMessageDeliveryLocation
The mail message delivery location
- Automation
Rule Property Condition Supported Property Mail Message Recipient - MailMessageRecipient
The mail message recipient
- Automation
Rule Property Condition Supported Property Mail Message Sender IP - MailMessageSenderIP
The mail message sender IP address
- Automation
Rule Property Condition Supported Property Mail Message Subject - MailMessageSubject
The mail message subject
- Automation
Rule Property Condition Supported Property Mail Message P1Sender - MailMessageP1Sender
The mail message P1 sender
- Automation
Rule Property Condition Supported Property Mail Message P2Sender - MailMessageP2Sender
The mail message P2 sender
- Automation
Rule Property Condition Supported Property Malware Category - MalwareCategory
The malware category
- Automation
Rule Property Condition Supported Property Malware Name - MalwareName
The malware name
- Automation
Rule Property Condition Supported Property Process Command Line - ProcessCommandLine
The process execution command line
- Automation
Rule Property Condition Supported Property Process Id - ProcessId
The process id
- Automation
Rule Property Condition Supported Property Registry Key - RegistryKey
The registry key path
- Automation
Rule Property Condition Supported Property Registry Value Data - RegistryValueData
The registry key value in string formatted representation
- Automation
Rule Property Condition Supported Property Url - Url
The url
- Incident
Title - IncidentTitle
The title of the incident
- Incident
Description - IncidentDescription
The description of the incident
- Incident
Severity - IncidentSeverity
The severity of the incident
- Incident
Status - IncidentStatus
The status of the incident
- Incident
Tactics - IncidentTactics
The tactics of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- Incident
Provider Name - IncidentProviderName
The provider name of the incident
- Account
Aad Tenant Id - AccountAadTenantId
The account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserId
The account Azure Active Directory user id.
- Account
Name - AccountName
The account name
- Account
NTDomain - AccountNTDomain
The account NetBIOS domain name
- Account
PUID - AccountPUID
The account Azure Active Directory Passport User ID
- Account
Sid - AccountSid
The account security identifier
- Account
Object Guid - AccountObjectGuid
The account unique identifier
- Account
UPNSuffix - AccountUPNSuffix
The account user principal name suffix
- Azure
Resource Resource Id - AzureResourceResourceId
The Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionId
The Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppId
The cloud application identifier
- Cloud
Application App Name - CloudApplicationAppName
The cloud application name
- DNSDomain
Name - DNSDomainName
The dns record domain name
- File
Directory - FileDirectory
The file directory full path
- File
Name - FileName
The file name without path
- File
Hash Value - FileHashValue
The file hash value
- Host
Azure ID - HostAzureID
The host Azure resource id
- Host
Name - HostName
The host name without domain
- Host
Net Bios Name - HostNetBiosName
The host NetBIOS name
- Host
NTDomain - HostNTDomain
The host NT domain
- Host
OSVersion - HostOSVersion
The host operating system
- Io
TDevice Id - IoTDeviceId
The IoT device id
- Io
TDevice Name - IoTDeviceName
The IoT device name
- Io
TDevice Type - IoTDeviceType
The IoT device type
- Io
TDevice Vendor - IoTDeviceVendor
The IoT device vendor
- Io
TDevice Model - IoTDeviceModel
The IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystem
The IoT device operating system
- IPAddress
- IPAddress
The IP address
- Mailbox
Display Name - MailboxDisplayName
The mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddress
The mailbox primary address
- Mailbox
UPN - MailboxUPN
The mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryAction
The mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocation
The mail message delivery location
- Mail
Message Recipient - MailMessageRecipient
The mail message recipient
- Mail
Message Sender IP - MailMessageSenderIP
The mail message sender IP address
- Mail
Message Subject - MailMessageSubject
The mail message subject
- Mail
Message P1Sender - MailMessageP1Sender
The mail message P1 sender
- Mail
Message P2Sender - MailMessageP2Sender
The mail message P2 sender
- Malware
Category - MalwareCategory
The malware category
- Malware
Name - MalwareName
The malware name
- Process
Command Line - ProcessCommandLine
The process execution command line
- Process
Id - ProcessId
The process id
- Registry
Key - RegistryKey
The registry key path
- Registry
Value Data - RegistryValueData
The registry key value in string formatted representation
- Url
- Url
The url
- Incident
Title - IncidentTitle
The title of the incident
- Incident
Description - IncidentDescription
The description of the incident
- Incident
Severity - IncidentSeverity
The severity of the incident
- Incident
Status - IncidentStatus
The status of the incident
- Incident
Tactics - IncidentTactics
The tactics of the incident
- Incident
Related Analytic Rule Ids - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- Incident
Provider Name - IncidentProviderName
The provider name of the incident
- Account
Aad Tenant Id - AccountAadTenantId
The account Azure Active Directory tenant id
- Account
Aad User Id - AccountAadUserId
The account Azure Active Directory user id.
- Account
Name - AccountName
The account name
- Account
NTDomain - AccountNTDomain
The account NetBIOS domain name
- Account
PUID - AccountPUID
The account Azure Active Directory Passport User ID
- Account
Sid - AccountSid
The account security identifier
- Account
Object Guid - AccountObjectGuid
The account unique identifier
- Account
UPNSuffix - AccountUPNSuffix
The account user principal name suffix
- Azure
Resource Resource Id - AzureResourceResourceId
The Azure resource id
- Azure
Resource Subscription Id - AzureResourceSubscriptionId
The Azure resource subscription id
- Cloud
Application App Id - CloudApplicationAppId
The cloud application identifier
- Cloud
Application App Name - CloudApplicationAppName
The cloud application name
- DNSDomain
Name - DNSDomainName
The dns record domain name
- File
Directory - FileDirectory
The file directory full path
- File
Name - FileName
The file name without path
- File
Hash Value - FileHashValue
The file hash value
- Host
Azure ID - HostAzureID
The host Azure resource id
- Host
Name - HostName
The host name without domain
- Host
Net Bios Name - HostNetBiosName
The host NetBIOS name
- Host
NTDomain - HostNTDomain
The host NT domain
- Host
OSVersion - HostOSVersion
The host operating system
- Io
TDevice Id - IoTDeviceId
The IoT device id
- Io
TDevice Name - IoTDeviceName
The IoT device name
- Io
TDevice Type - IoTDeviceType
The IoT device type
- Io
TDevice Vendor - IoTDeviceVendor
The IoT device vendor
- Io
TDevice Model - IoTDeviceModel
The IoT device model
- Io
TDevice Operating System - IoTDeviceOperatingSystem
The IoT device operating system
- IPAddress
- IPAddress
The IP address
- Mailbox
Display Name - MailboxDisplayName
The mailbox display name
- Mailbox
Primary Address - MailboxPrimaryAddress
The mailbox primary address
- Mailbox
UPN - MailboxUPN
The mailbox user principal name
- Mail
Message Delivery Action - MailMessageDeliveryAction
The mail message delivery action
- Mail
Message Delivery Location - MailMessageDeliveryLocation
The mail message delivery location
- Mail
Message Recipient - MailMessageRecipient
The mail message recipient
- Mail
Message Sender IP - MailMessageSenderIP
The mail message sender IP address
- Mail
Message Subject - MailMessageSubject
The mail message subject
- Mail
Message P1Sender - MailMessageP1Sender
The mail message P1 sender
- Mail
Message P2Sender - MailMessageP2Sender
The mail message P2 sender
- Malware
Category - MalwareCategory
The malware category
- Malware
Name - MalwareName
The malware name
- Process
Command Line - ProcessCommandLine
The process execution command line
- Process
Id - ProcessId
The process id
- Registry
Key - RegistryKey
The registry key path
- Registry
Value Data - RegistryValueData
The registry key value in string formatted representation
- Url
- Url
The url
- INCIDENT_TITLE
- IncidentTitle
The title of the incident
- INCIDENT_DESCRIPTION
- IncidentDescription
The description of the incident
- INCIDENT_SEVERITY
- IncidentSeverity
The severity of the incident
- INCIDENT_STATUS
- IncidentStatus
The status of the incident
- INCIDENT_TACTICS
- IncidentTactics
The tactics of the incident
- INCIDENT_RELATED_ANALYTIC_RULE_IDS
- IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- INCIDENT_PROVIDER_NAME
- IncidentProviderName
The provider name of the incident
- ACCOUNT_AAD_TENANT_ID
- AccountAadTenantId
The account Azure Active Directory tenant id
- ACCOUNT_AAD_USER_ID
- AccountAadUserId
The account Azure Active Directory user id.
- ACCOUNT_NAME
- AccountName
The account name
- ACCOUNT_NT_DOMAIN
- AccountNTDomain
The account NetBIOS domain name
- ACCOUNT_PUID
- AccountPUID
The account Azure Active Directory Passport User ID
- ACCOUNT_SID
- AccountSid
The account security identifier
- ACCOUNT_OBJECT_GUID
- AccountObjectGuid
The account unique identifier
- ACCOUNT_UPN_SUFFIX
- AccountUPNSuffix
The account user principal name suffix
- AZURE_RESOURCE_RESOURCE_ID
- AzureResourceResourceId
The Azure resource id
- AZURE_RESOURCE_SUBSCRIPTION_ID
- AzureResourceSubscriptionId
The Azure resource subscription id
- CLOUD_APPLICATION_APP_ID
- CloudApplicationAppId
The cloud application identifier
- CLOUD_APPLICATION_APP_NAME
- CloudApplicationAppName
The cloud application name
- DNS_DOMAIN_NAME
- DNSDomainName
The dns record domain name
- FILE_DIRECTORY
- FileDirectory
The file directory full path
- FILE_NAME
- FileName
The file name without path
- FILE_HASH_VALUE
- FileHashValue
The file hash value
- HOST_AZURE_ID
- HostAzureID
The host Azure resource id
- HOST_NAME
- HostName
The host name without domain
- HOST_NET_BIOS_NAME
- HostNetBiosName
The host NetBIOS name
- HOST_NT_DOMAIN
- HostNTDomain
The host NT domain
- HOST_OS_VERSION
- HostOSVersion
The host operating system
- IO_T_DEVICE_ID
- IoTDeviceId
The IoT device id
- IO_T_DEVICE_NAME
- IoTDeviceName
The IoT device name
- IO_T_DEVICE_TYPE
- IoTDeviceType
The IoT device type
- IO_T_DEVICE_VENDOR
- IoTDeviceVendor
The IoT device vendor
- IO_T_DEVICE_MODEL
- IoTDeviceModel
The IoT device model
- IO_T_DEVICE_OPERATING_SYSTEM
- IoTDeviceOperatingSystem
The IoT device operating system
- IP_ADDRESS
- IPAddress
The IP address
- MAILBOX_DISPLAY_NAME
- MailboxDisplayName
The mailbox display name
- MAILBOX_PRIMARY_ADDRESS
- MailboxPrimaryAddress
The mailbox primary address
- MAILBOX_UPN
- MailboxUPN
The mailbox user principal name
- MAIL_MESSAGE_DELIVERY_ACTION
- MailMessageDeliveryAction
The mail message delivery action
- MAIL_MESSAGE_DELIVERY_LOCATION
- MailMessageDeliveryLocation
The mail message delivery location
- MAIL_MESSAGE_RECIPIENT
- MailMessageRecipient
The mail message recipient
- MAIL_MESSAGE_SENDER_IP
- MailMessageSenderIP
The mail message sender IP address
- MAIL_MESSAGE_SUBJECT
- MailMessageSubject
The mail message subject
- MAIL_MESSAGE_P1_SENDER
- MailMessageP1Sender
The mail message P1 sender
- MAIL_MESSAGE_P2_SENDER
- MailMessageP2Sender
The mail message P2 sender
- MALWARE_CATEGORY
- MalwareCategory
The malware category
- MALWARE_NAME
- MalwareName
The malware name
- PROCESS_COMMAND_LINE
- ProcessCommandLine
The process execution command line
- PROCESS_ID
- ProcessId
The process id
- REGISTRY_KEY
- RegistryKey
The registry key path
- REGISTRY_VALUE_DATA
- RegistryValueData
The registry key value in string formatted representation
- URL
- Url
The url
- "Incident
Title" - IncidentTitle
The title of the incident
- "Incident
Description" - IncidentDescription
The description of the incident
- "Incident
Severity" - IncidentSeverity
The severity of the incident
- "Incident
Status" - IncidentStatus
The status of the incident
- "Incident
Tactics" - IncidentTactics
The tactics of the incident
- "Incident
Related Analytic Rule Ids" - IncidentRelatedAnalyticRuleIds
The related Analytic rule ids of the incident
- "Incident
Provider Name" - IncidentProviderName
The provider name of the incident
- "Account
Aad Tenant Id" - AccountAadTenantId
The account Azure Active Directory tenant id
- "Account
Aad User Id" - AccountAadUserId
The account Azure Active Directory user id.
- "Account
Name" - AccountName
The account name
- "Account
NTDomain" - AccountNTDomain
The account NetBIOS domain name
- "Account
PUID" - AccountPUID
The account Azure Active Directory Passport User ID
- "Account
Sid" - AccountSid
The account security identifier
- "Account
Object Guid" - AccountObjectGuid
The account unique identifier
- "Account
UPNSuffix" - AccountUPNSuffix
The account user principal name suffix
- "Azure
Resource Resource Id" - AzureResourceResourceId
The Azure resource id
- "Azure
Resource Subscription Id" - AzureResourceSubscriptionId
The Azure resource subscription id
- "Cloud
Application App Id" - CloudApplicationAppId
The cloud application identifier
- "Cloud
Application App Name" - CloudApplicationAppName
The cloud application name
- "DNSDomain
Name" - DNSDomainName
The dns record domain name
- "File
Directory" - FileDirectory
The file directory full path
- "File
Name" - FileName
The file name without path
- "File
Hash Value" - FileHashValue
The file hash value
- "Host
Azure ID" - HostAzureID
The host Azure resource id
- "Host
Name" - HostName
The host name without domain
- "Host
Net Bios Name" - HostNetBiosName
The host NetBIOS name
- "Host
NTDomain" - HostNTDomain
The host NT domain
- "Host
OSVersion" - HostOSVersion
The host operating system
- "Io
TDevice Id" - IoTDeviceId
The IoT device id
- "Io
TDevice Name" - IoTDeviceName
The IoT device name
- "Io
TDevice Type" - IoTDeviceType
The IoT device type
- "Io
TDevice Vendor" - IoTDeviceVendor
The IoT device vendor
- "Io
TDevice Model" - IoTDeviceModel
The IoT device model
- "Io
TDevice Operating System" - IoTDeviceOperatingSystem
The IoT device operating system
- "IPAddress"
- IPAddress
The IP address
- "Mailbox
Display Name" - MailboxDisplayName
The mailbox display name
- "Mailbox
Primary Address" - MailboxPrimaryAddress
The mailbox primary address
- "Mailbox
UPN" - MailboxUPN
The mailbox user principal name
- "Mail
Message Delivery Action" - MailMessageDeliveryAction
The mail message delivery action
- "Mail
Message Delivery Location" - MailMessageDeliveryLocation
The mail message delivery location
- "Mail
Message Recipient" - MailMessageRecipient
The mail message recipient
- "Mail
Message Sender IP" - MailMessageSenderIP
The mail message sender IP address
- "Mail
Message Subject" - MailMessageSubject
The mail message subject
- "Mail
Message P1Sender" - MailMessageP1Sender
The mail message P1 sender
- "Mail
Message P2Sender" - MailMessageP2Sender
The mail message P2 sender
- "Malware
Category" - MalwareCategory
The malware category
- "Malware
Name" - MalwareName
The malware name
- "Process
Command Line" - ProcessCommandLine
The process execution command line
- "Process
Id" - ProcessId
The process id
- "Registry
Key" - RegistryKey
The registry key path
- "Registry
Value Data" - RegistryValueData
The registry key value in string formatted representation
- "Url"
- Url
The url
AutomationRulePropertyValuesCondition
- Condition
Properties Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Condition Properties The configuration of the automation rule condition
- Condition
Properties AutomationRule Property Values Condition Condition Properties The configuration of the automation rule condition
- condition
Properties AutomationRule Property Values Condition Condition Properties The configuration of the automation rule condition
- condition
Properties AutomationRule Property Values Condition Condition Properties The configuration of the automation rule condition
- condition_
properties AutomationRule Property Values Condition Condition Properties The configuration of the automation rule condition
- condition
Properties Property Map The configuration of the automation rule condition
AutomationRulePropertyValuesConditionConditionProperties
- Operator
string | Pulumi.
Azure Native. Security Insights. Automation Rule Property Condition Supported Operator The operator to use for evaluation the condition
- Property
Name string | Pulumi.Azure Native. Security Insights. Automation Rule Property Condition Supported Property The property to evaluate
- Property
Values List<string> The values to use for evaluating the condition
- Operator
string | Automation
Rule Property Condition Supported Operator The operator to use for evaluation the condition
- Property
Name string | AutomationRule Property Condition Supported Property The property to evaluate
- Property
Values []string The values to use for evaluating the condition
- operator
String | Automation
Rule Property Condition Supported Operator The operator to use for evaluation the condition
- property
Name String | AutomationRule Property Condition Supported Property The property to evaluate
- property
Values List<String> The values to use for evaluating the condition
- operator
string | Automation
Rule Property Condition Supported Operator The operator to use for evaluation the condition
- property
Name string | AutomationRule Property Condition Supported Property The property to evaluate
- property
Values string[] The values to use for evaluating the condition
- operator
str | Automation
Rule Property Condition Supported Operator The operator to use for evaluation the condition
- property_
name str | AutomationRule Property Condition Supported Property The property to evaluate
- property_
values Sequence[str] The values to use for evaluating the condition
- operator
String | "Equals" | "Not
Equals" | "Contains" | "Not Contains" | "Starts With" | "Not Starts With" | "Ends With" | "Not Ends With" The operator to use for evaluation the condition
- property
Name String | "IncidentTitle" | "Incident Description" | "Incident Severity" | "Incident Status" | "Incident Tactics" | "Incident Related Analytic Rule Ids" | "Incident Provider Name" | "Account Aad Tenant Id" | "Account Aad User Id" | "Account Name" | "Account NTDomain" | "Account PUID" | "Account Sid" | "Account Object Guid" | "Account UPNSuffix" | "Azure Resource Resource Id" | "Azure Resource Subscription Id" | "Cloud Application App Id" | "Cloud Application App Name" | "DNSDomain Name" | "File Directory" | "File Name" | "File Hash Value" | "Host Azure ID" | "Host Name" | "Host Net Bios Name" | "Host NTDomain" | "Host OSVersion" | "Io TDevice Id" | "Io TDevice Name" | "Io TDevice Type" | "Io TDevice Vendor" | "Io TDevice Model" | "Io TDevice Operating System" | "IPAddress" | "Mailbox Display Name" | "Mailbox Primary Address" | "Mailbox UPN" | "Mail Message Delivery Action" | "Mail Message Delivery Location" | "Mail Message Recipient" | "Mail Message Sender IP" | "Mail Message Subject" | "Mail Message P1Sender" | "Mail Message P2Sender" | "Malware Category" | "Malware Name" | "Process Command Line" | "Process Id" | "Registry Key" | "Registry Value Data" | "Url" The property to evaluate
- property
Values List<String> The values to use for evaluating the condition
AutomationRulePropertyValuesConditionResponse
- Condition
Properties Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Response Condition Properties The configuration of the automation rule condition
- Condition
Properties AutomationRule Property Values Condition Response Condition Properties The configuration of the automation rule condition
- condition
Properties AutomationRule Property Values Condition Response Condition Properties The configuration of the automation rule condition
- condition
Properties AutomationRule Property Values Condition Response Condition Properties The configuration of the automation rule condition
- condition_
properties AutomationRule Property Values Condition Response Condition Properties The configuration of the automation rule condition
- condition
Properties Property Map The configuration of the automation rule condition
AutomationRulePropertyValuesConditionResponseConditionProperties
- Operator string
The operator to use for evaluation the condition
- Property
Name string The property to evaluate
- Property
Values List<string> The values to use for evaluating the condition
- Operator string
The operator to use for evaluation the condition
- Property
Name string The property to evaluate
- Property
Values []string The values to use for evaluating the condition
- operator String
The operator to use for evaluation the condition
- property
Name String The property to evaluate
- property
Values List<String> The values to use for evaluating the condition
- operator string
The operator to use for evaluation the condition
- property
Name string The property to evaluate
- property
Values string[] The values to use for evaluating the condition
- operator str
The operator to use for evaluation the condition
- property_
name str The property to evaluate
- property_
values Sequence[str] The values to use for evaluating the condition
- operator String
The operator to use for evaluation the condition
- property
Name String The property to evaluate
- property
Values List<String> The values to use for evaluating the condition
AutomationRuleRunPlaybookAction
- Action
Configuration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Action Configuration The configuration of the run playbook automation rule action
- Order int
The order of execution of the automation rule action
- Action
Configuration AutomationRule Run Playbook Action Action Configuration The configuration of the run playbook automation rule action
- Order int
The order of execution of the automation rule action
- action
Configuration AutomationRule Run Playbook Action Action Configuration The configuration of the run playbook automation rule action
- order Integer
The order of execution of the automation rule action
- action
Configuration AutomationRule Run Playbook Action Action Configuration The configuration of the run playbook automation rule action
- order number
The order of execution of the automation rule action
- action_
configuration AutomationRule Run Playbook Action Action Configuration The configuration of the run playbook automation rule action
- order int
The order of execution of the automation rule action
- action
Configuration Property Map The configuration of the run playbook automation rule action
- order Number
The order of execution of the automation rule action
AutomationRuleRunPlaybookActionActionConfiguration
- Logic
App stringResource Id The resource id of the playbook resource
- Tenant
Id string The tenant id of the playbook resource
- Logic
App stringResource Id The resource id of the playbook resource
- Tenant
Id string The tenant id of the playbook resource
- logic
App StringResource Id The resource id of the playbook resource
- tenant
Id String The tenant id of the playbook resource
- logic
App stringResource Id The resource id of the playbook resource
- tenant
Id string The tenant id of the playbook resource
- logic_
app_ strresource_ id The resource id of the playbook resource
- tenant_
id str The tenant id of the playbook resource
- logic
App StringResource Id The resource id of the playbook resource
- tenant
Id String The tenant id of the playbook resource
AutomationRuleRunPlaybookActionResponse
- Action
Configuration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Response Action Configuration The configuration of the run playbook automation rule action
- Order int
The order of execution of the automation rule action
- Action
Configuration AutomationRule Run Playbook Action Response Action Configuration The configuration of the run playbook automation rule action
- Order int
The order of execution of the automation rule action
- action
Configuration AutomationRule Run Playbook Action Response Action Configuration The configuration of the run playbook automation rule action
- order Integer
The order of execution of the automation rule action
- action
Configuration AutomationRule Run Playbook Action Response Action Configuration The configuration of the run playbook automation rule action
- order number
The order of execution of the automation rule action
- action_
configuration AutomationRule Run Playbook Action Response Action Configuration The configuration of the run playbook automation rule action
- order int
The order of execution of the automation rule action
- action
Configuration Property Map The configuration of the run playbook automation rule action
- order Number
The order of execution of the automation rule action
AutomationRuleRunPlaybookActionResponseActionConfiguration
- Logic
App stringResource Id The resource id of the playbook resource
- Tenant
Id string The tenant id of the playbook resource
- Logic
App stringResource Id The resource id of the playbook resource
- Tenant
Id string The tenant id of the playbook resource
- logic
App StringResource Id The resource id of the playbook resource
- tenant
Id String The tenant id of the playbook resource
- logic
App stringResource Id The resource id of the playbook resource
- tenant
Id string The tenant id of the playbook resource
- logic_
app_ strresource_ id The resource id of the playbook resource
- tenant_
id str The tenant id of the playbook resource
- logic
App StringResource Id The resource id of the playbook resource
- tenant
Id String The tenant id of the playbook resource
AutomationRuleTriggeringLogic
- Is
Enabled bool Determines whether the automation rule is enabled or disabled.
- Triggers
On string | Pulumi.Azure Native. Security Insights. Triggers On The type of object the automation rule triggers on
- Triggers
When string | Pulumi.Azure Native. Security Insights. Triggers When The type of event the automation rule triggers on
- Conditions
List<Pulumi.
Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition> The conditions to evaluate to determine if the automation rule should be triggered on a given object
- Expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- Is
Enabled bool Determines whether the automation rule is enabled or disabled.
- Triggers
On string | TriggersOn The type of object the automation rule triggers on
- Triggers
When string | TriggersWhen The type of event the automation rule triggers on
- Conditions
[]Automation
Rule Property Values Condition The conditions to evaluate to determine if the automation rule should be triggered on a given object
- Expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean Determines whether the automation rule is enabled or disabled.
- triggers
On String | TriggersOn The type of object the automation rule triggers on
- triggers
When String | TriggersWhen The type of event the automation rule triggers on
- conditions
List<Automation
Rule Property Values Condition> The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time StringUtc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled boolean Determines whether the automation rule is enabled or disabled.
- triggers
On string | TriggersOn The type of object the automation rule triggers on
- triggers
When string | TriggersWhen The type of event the automation rule triggers on
- conditions
Automation
Rule Property Values Condition[] The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- is_
enabled bool Determines whether the automation rule is enabled or disabled.
- triggers_
on str | TriggersOn The type of object the automation rule triggers on
- triggers_
when str | TriggersWhen The type of event the automation rule triggers on
- conditions
Sequence[Automation
Rule Property Values Condition] The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration_
time_ strutc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean Determines whether the automation rule is enabled or disabled.
- triggers
On String | "Incidents" The type of object the automation rule triggers on
- triggers
When String | "Created" The type of event the automation rule triggers on
- conditions List<Property Map>
The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time StringUtc Determines when the automation rule should automatically expire and be disabled.
AutomationRuleTriggeringLogicResponse
- Is
Enabled bool Determines whether the automation rule is enabled or disabled.
- Triggers
On string The type of object the automation rule triggers on
- Triggers
When string The type of event the automation rule triggers on
- Conditions
List<Pulumi.
Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Response> The conditions to evaluate to determine if the automation rule should be triggered on a given object
- Expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- Is
Enabled bool Determines whether the automation rule is enabled or disabled.
- Triggers
On string The type of object the automation rule triggers on
- Triggers
When string The type of event the automation rule triggers on
- Conditions
[]Automation
Rule Property Values Condition Response The conditions to evaluate to determine if the automation rule should be triggered on a given object
- Expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean Determines whether the automation rule is enabled or disabled.
- triggers
On String The type of object the automation rule triggers on
- triggers
When String The type of event the automation rule triggers on
- conditions
List<Automation
Rule Property Values Condition Response> The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time StringUtc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled boolean Determines whether the automation rule is enabled or disabled.
- triggers
On string The type of object the automation rule triggers on
- triggers
When string The type of event the automation rule triggers on
- conditions
Automation
Rule Property Values Condition Response[] The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time stringUtc Determines when the automation rule should automatically expire and be disabled.
- is_
enabled bool Determines whether the automation rule is enabled or disabled.
- triggers_
on str The type of object the automation rule triggers on
- triggers_
when str The type of event the automation rule triggers on
- conditions
Sequence[Automation
Rule Property Values Condition Response] The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration_
time_ strutc Determines when the automation rule should automatically expire and be disabled.
- is
Enabled Boolean Determines whether the automation rule is enabled or disabled.
- triggers
On String The type of object the automation rule triggers on
- triggers
When String The type of event the automation rule triggers on
- conditions List<Property Map>
The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration
Time StringUtc Determines when the automation rule should automatically expire and be disabled.
ClientInfoResponse
- Email string
The email of the client.
- Name string
The name of the client.
- Object
Id string The object id of the client.
- User
Principal stringName The user principal name of the client.
- Email string
The email of the client.
- Name string
The name of the client.
- Object
Id string The object id of the client.
- User
Principal stringName The user principal name of the client.
- email String
The email of the client.
- name String
The name of the client.
- object
Id String The object id of the client.
- user
Principal StringName The user principal name of the client.
- email string
The email of the client.
- name string
The name of the client.
- object
Id string The object id of the client.
- user
Principal stringName The user principal name of the client.
- email str
The email of the client.
- name str
The name of the client.
- object_
id str The object id of the client.
- user_
principal_ strname The user principal name of the client.
- email String
The email of the client.
- name String
The name of the client.
- object
Id String The object id of the client.
- user
Principal StringName The user principal name of the client.
IncidentClassification
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- Incident
Classification Undetermined - Undetermined
Incident classification was undetermined
- Incident
Classification True Positive - TruePositive
Incident was true positive
- Incident
Classification Benign Positive - BenignPositive
Incident was benign positive
- Incident
Classification False Positive - FalsePositive
Incident was false positive
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- UNDETERMINED
- Undetermined
Incident classification was undetermined
- TRUE_POSITIVE
- TruePositive
Incident was true positive
- BENIGN_POSITIVE
- BenignPositive
Incident was benign positive
- FALSE_POSITIVE
- FalsePositive
Incident was false positive
- "Undetermined"
- Undetermined
Incident classification was undetermined
- "True
Positive" - TruePositive
Incident was true positive
- "Benign
Positive" - BenignPositive
Incident was benign positive
- "False
Positive" - FalsePositive
Incident was false positive
IncidentClassificationReason
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- Incident
Classification Reason Suspicious Activity - SuspiciousActivity
Classification reason was suspicious activity
- Incident
Classification Reason Suspicious But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incident
Classification Reason Incorrect Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Incident
Classification Reason Inaccurate Data - InaccurateData
Classification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- SUSPICIOUS_ACTIVITY
- SuspiciousActivity
Classification reason was suspicious activity
- SUSPICIOUS_BUT_EXPECTED
- SuspiciousButExpected
Classification reason was suspicious but expected
- INCORRECT_ALERT_LOGIC
- IncorrectAlertLogic
Classification reason was incorrect alert logic
- INACCURATE_DATA
- InaccurateData
Classification reason was inaccurate data
- "Suspicious
Activity" - SuspiciousActivity
Classification reason was suspicious activity
- "Suspicious
But Expected" - SuspiciousButExpected
Classification reason was suspicious but expected
- "Incorrect
Alert Logic" - IncorrectAlertLogic
Classification reason was incorrect alert logic
- "Inaccurate
Data" - InaccurateData
Classification reason was inaccurate data
IncidentLabel
- Label
Name string The name of the label
- Label
Name string The name of the label
- label
Name String The name of the label
- label
Name string The name of the label
- label_
name str The name of the label
- label
Name String The name of the label
IncidentLabelResponse
- label_
name str The name of the label
- label_
type str The type of the label
IncidentOwnerInfo
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
- assigned
To string The name of the user the incident is assigned to.
- email string
The email of the user the incident is assigned to.
- object
Id string The object id of the user the incident is assigned to.
- user
Principal stringName The user principal name of the user the incident is assigned to.
- assigned_
to str The name of the user the incident is assigned to.
- email str
The email of the user the incident is assigned to.
- object_
id str The object id of the user the incident is assigned to.
- user_
principal_ strname The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
IncidentOwnerInfoResponse
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
- assigned
To string The name of the user the incident is assigned to.
- email string
The email of the user the incident is assigned to.
- object
Id string The object id of the user the incident is assigned to.
- user
Principal stringName The user principal name of the user the incident is assigned to.
- assigned_
to str The name of the user the incident is assigned to.
- email str
The email of the user the incident is assigned to.
- object_
id str The object id of the user the incident is assigned to.
- user_
principal_ strname The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
IncidentSeverity
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- Incident
Severity High - High
High severity
- Incident
Severity Medium - Medium
Medium severity
- Incident
Severity Low - Low
Low severity
- Incident
Severity Informational - Informational
Informational severity
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- HIGH
- High
High severity
- MEDIUM
- Medium
Medium severity
- LOW
- Low
Low severity
- INFORMATIONAL
- Informational
Informational severity
- "High"
- High
High severity
- "Medium"
- Medium
Medium severity
- "Low"
- Low
Low severity
- "Informational"
- Informational
Informational severity
IncidentStatus
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- Incident
Status New - New
An active incident which isn't being handled currently
- Incident
Status Active - Active
An active incident which is being handled
- Incident
Status Closed - Closed
A non-active incident
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- NEW
- New
An active incident which isn't being handled currently
- ACTIVE
- Active
An active incident which is being handled
- CLOSED
- Closed
A non-active incident
- "New"
- New
An active incident which isn't being handled currently
- "Active"
- Active
An active incident which is being handled
- "Closed"
- Closed
A non-active incident
TriggersOn
- Incidents
- Incidents
Trigger on Incidents
- Triggers
On Incidents - Incidents
Trigger on Incidents
- Incidents
- Incidents
Trigger on Incidents
- Incidents
- Incidents
Trigger on Incidents
- INCIDENTS
- Incidents
Trigger on Incidents
- "Incidents"
- Incidents
Trigger on Incidents
TriggersWhen
- Created
- Created
Trigger on created objects
- Triggers
When Created - Created
Trigger on created objects
- Created
- Created
Trigger on created objects
- Created
- Created
Trigger on created objects
- CREATED
- Created
Trigger on created objects
- "Created"
- Created
Trigger on created objects
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0