1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. AutomationRule
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.50.1 published on Tuesday, Jul 16, 2024 by Pulumi

azure-native.securityinsights.AutomationRule

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.50.1 published on Tuesday, Jul 16, 2024 by Pulumi

    Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2019-01-01-preview.

    Other available API versions: 2019-01-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01.

    Example Usage

    AutomationRules_CreateOrUpdate

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
        {
            AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
            ResourceGroupName = "myRg",
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
    			AutomationRuleId:  pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
    			ResourceGroupName: pulumi.String("myRg"),
    			WorkspaceName:     pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.AutomationRule;
    import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()
                .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
                .resourceGroupName("myRg")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
        automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        resource_group_name="myRg",
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
        automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        resourceGroupName: "myRg",
        workspaceName: "myWorkspace",
    });
    
    resources:
      automationRule:
        type: azure-native:securityinsights:AutomationRule
        properties:
          automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
          resourceGroupName: myRg
          workspaceName: myWorkspace
    

    Create AutomationRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
    @overload
    def AutomationRule(resource_name: str,
                       args: AutomationRuleArgs,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def AutomationRule(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                       display_name: Optional[str] = None,
                       order: Optional[int] = None,
                       resource_group_name: Optional[str] = None,
                       triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                       workspace_name: Optional[str] = None,
                       automation_rule_id: Optional[str] = None)
    func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
    public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
    public AutomationRule(String name, AutomationRuleArgs args)
    public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:AutomationRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AutomationRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var automationRuleResource = new AzureNative.SecurityInsights.AutomationRule("automationRuleResource", new()
    {
        Actions = new[]
        {
            new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
            {
                ActionType = "ModifyProperties",
                Order = 0,
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.IncidentPropertiesActionArgs
                {
                    Classification = "string",
                    ClassificationComment = "string",
                    ClassificationReason = "string",
                    Labels = new[]
                    {
                        new AzureNative.SecurityInsights.Inputs.IncidentLabelArgs
                        {
                            LabelName = "string",
                        },
                    },
                    Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
                    {
                        AssignedTo = "string",
                        Email = "string",
                        ObjectId = "string",
                        OwnerType = "string",
                        UserPrincipalName = "string",
                    },
                    Severity = "string",
                    Status = "string",
                },
            },
        },
        DisplayName = "string",
        Order = 0,
        ResourceGroupName = "string",
        TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
        {
            IsEnabled = false,
            TriggersOn = "string",
            TriggersWhen = "string",
            Conditions = new[]
            {
                new AzureNative.SecurityInsights.Inputs.PropertyArrayChangedConditionPropertiesArgs
                {
                    ConditionType = "PropertyArrayChanged",
                    ConditionProperties = new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyArrayChangedValuesConditionArgs
                    {
                        ArrayType = "string",
                        ChangeType = "string",
                    },
                },
            },
            ExpirationTimeUtc = "string",
        },
        WorkspaceName = "string",
        AutomationRuleId = "string",
    });
    
    example, err := securityinsights.NewAutomationRule(ctx, "automationRuleResource", &securityinsights.AutomationRuleArgs{
    	Actions: pulumi.Array{
    		securityinsights.AutomationRuleModifyPropertiesAction{
    			ActionType: "ModifyProperties",
    			Order:      0,
    			ActionConfiguration: securityinsights.IncidentPropertiesAction{
    				Classification:        "string",
    				ClassificationComment: "string",
    				ClassificationReason:  "string",
    				Labels: []securityinsights.IncidentLabel{
    					{
    						LabelName: "string",
    					},
    				},
    				Owner: securityinsights.IncidentOwnerInfo{
    					AssignedTo:        "string",
    					Email:             "string",
    					ObjectId:          "string",
    					OwnerType:         "string",
    					UserPrincipalName: "string",
    				},
    				Severity: "string",
    				Status:   "string",
    			},
    		},
    	},
    	DisplayName:       pulumi.String("string"),
    	Order:             pulumi.Int(0),
    	ResourceGroupName: pulumi.String("string"),
    	TriggeringLogic: &securityinsights.AutomationRuleTriggeringLogicArgs{
    		IsEnabled:    pulumi.Bool(false),
    		TriggersOn:   pulumi.String("string"),
    		TriggersWhen: pulumi.String("string"),
    		Conditions: pulumi.Array{
    			securityinsights.PropertyArrayChangedConditionProperties{
    				ConditionType: "PropertyArrayChanged",
    				ConditionProperties: securityinsights.AutomationRulePropertyArrayChangedValuesCondition{
    					ArrayType:  "string",
    					ChangeType: "string",
    				},
    			},
    		},
    		ExpirationTimeUtc: pulumi.String("string"),
    	},
    	WorkspaceName:    pulumi.String("string"),
    	AutomationRuleId: pulumi.String("string"),
    })
    
    var automationRuleResource = new AutomationRule("automationRuleResource", AutomationRuleArgs.builder()
        .actions(AutomationRuleModifyPropertiesActionArgs.builder()
            .actionType("ModifyProperties")
            .order(0)
            .actionConfiguration(IncidentPropertiesActionArgs.builder()
                .classification("string")
                .classificationComment("string")
                .classificationReason("string")
                .labels(IncidentLabelArgs.builder()
                    .labelName("string")
                    .build())
                .owner(IncidentOwnerInfoArgs.builder()
                    .assignedTo("string")
                    .email("string")
                    .objectId("string")
                    .ownerType("string")
                    .userPrincipalName("string")
                    .build())
                .severity("string")
                .status("string")
                .build())
            .build())
        .displayName("string")
        .order(0)
        .resourceGroupName("string")
        .triggeringLogic(AutomationRuleTriggeringLogicArgs.builder()
            .isEnabled(false)
            .triggersOn("string")
            .triggersWhen("string")
            .conditions(PropertyArrayChangedConditionPropertiesArgs.builder()
                .conditionType("PropertyArrayChanged")
                .conditionProperties(AutomationRulePropertyArrayChangedValuesConditionArgs.builder()
                    .arrayType("string")
                    .changeType("string")
                    .build())
                .build())
            .expirationTimeUtc("string")
            .build())
        .workspaceName("string")
        .automationRuleId("string")
        .build());
    
    automation_rule_resource = azure_native.securityinsights.AutomationRule("automationRuleResource",
        actions=[{
            "actionType": "ModifyProperties",
            "order": 0,
            "actionConfiguration": {
                "classification": "string",
                "classificationComment": "string",
                "classificationReason": "string",
                "labels": [{
                    "labelName": "string",
                }],
                "owner": {
                    "assignedTo": "string",
                    "email": "string",
                    "objectId": "string",
                    "ownerType": "string",
                    "userPrincipalName": "string",
                },
                "severity": "string",
                "status": "string",
            },
        }],
        display_name="string",
        order=0,
        resource_group_name="string",
        triggering_logic={
            "isEnabled": False,
            "triggersOn": "string",
            "triggersWhen": "string",
            "conditions": [{
                "conditionType": "PropertyArrayChanged",
                "conditionProperties": {
                    "arrayType": "string",
                    "changeType": "string",
                },
            }],
            "expirationTimeUtc": "string",
        },
        workspace_name="string",
        automation_rule_id="string")
    
    const automationRuleResource = new azure_native.securityinsights.AutomationRule("automationRuleResource", {
        actions: [{
            actionType: "ModifyProperties",
            order: 0,
            actionConfiguration: {
                classification: "string",
                classificationComment: "string",
                classificationReason: "string",
                labels: [{
                    labelName: "string",
                }],
                owner: {
                    assignedTo: "string",
                    email: "string",
                    objectId: "string",
                    ownerType: "string",
                    userPrincipalName: "string",
                },
                severity: "string",
                status: "string",
            },
        }],
        displayName: "string",
        order: 0,
        resourceGroupName: "string",
        triggeringLogic: {
            isEnabled: false,
            triggersOn: "string",
            triggersWhen: "string",
            conditions: [{
                conditionType: "PropertyArrayChanged",
                conditionProperties: {
                    arrayType: "string",
                    changeType: "string",
                },
            }],
            expirationTimeUtc: "string",
        },
        workspaceName: "string",
        automationRuleId: "string",
    });
    
    type: azure-native:securityinsights:AutomationRule
    properties:
        actions:
            - actionConfiguration:
                classification: string
                classificationComment: string
                classificationReason: string
                labels:
                    - labelName: string
                owner:
                    assignedTo: string
                    email: string
                    objectId: string
                    ownerType: string
                    userPrincipalName: string
                severity: string
                status: string
              actionType: ModifyProperties
              order: 0
        automationRuleId: string
        displayName: string
        order: 0
        resourceGroupName: string
        triggeringLogic:
            conditions:
                - conditionProperties:
                    arrayType: string
                    changeType: string
                  conditionType: PropertyArrayChanged
            expirationTimeUtc: string
            isEnabled: false
            triggersOn: string
            triggersWhen: string
        workspaceName: string
    

    AutomationRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AutomationRule resource accepts the following input properties:

    Actions List<Union<Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesAction, Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs>>
    The actions to execute when the automation rule is triggered.
    DisplayName string
    The display name of the automation rule.
    Order int
    The order of execution of the automation rule.
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    TriggeringLogic Pulumi.AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogic
    Describes automation rule triggering logic.
    WorkspaceName string
    The name of the workspace.
    AutomationRuleId string
    Automation rule ID
    Actions []interface{}
    The actions to execute when the automation rule is triggered.
    DisplayName string
    The display name of the automation rule.
    Order int
    The order of execution of the automation rule.
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    TriggeringLogic AutomationRuleTriggeringLogicArgs
    Describes automation rule triggering logic.
    WorkspaceName string
    The name of the workspace.
    AutomationRuleId string
    Automation rule ID
    actions List<Either<AutomationRuleModifyPropertiesAction,AutomationRuleRunPlaybookActionArgs>>
    The actions to execute when the automation rule is triggered.
    displayName String
    The display name of the automation rule.
    order Integer
    The order of execution of the automation rule.
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    triggeringLogic AutomationRuleTriggeringLogic
    Describes automation rule triggering logic.
    workspaceName String
    The name of the workspace.
    automationRuleId String
    Automation rule ID
    actions (AutomationRuleModifyPropertiesAction | AutomationRuleRunPlaybookActionArgs)[]
    The actions to execute when the automation rule is triggered.
    displayName string
    The display name of the automation rule.
    order number
    The order of execution of the automation rule.
    resourceGroupName string
    The name of the resource group. The name is case insensitive.
    triggeringLogic AutomationRuleTriggeringLogic
    Describes automation rule triggering logic.
    workspaceName string
    The name of the workspace.
    automationRuleId string
    Automation rule ID
    actions Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]
    The actions to execute when the automation rule is triggered.
    display_name str
    The display name of the automation rule.
    order int
    The order of execution of the automation rule.
    resource_group_name str
    The name of the resource group. The name is case insensitive.
    triggering_logic AutomationRuleTriggeringLogicArgs
    Describes automation rule triggering logic.
    workspace_name str
    The name of the workspace.
    automation_rule_id str
    Automation rule ID
    actions List<Property Map | Property Map>
    The actions to execute when the automation rule is triggered.
    displayName String
    The display name of the automation rule.
    order Number
    The order of execution of the automation rule.
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    triggeringLogic Property Map
    Describes automation rule triggering logic.
    workspaceName String
    The name of the workspace.
    automationRuleId String
    Automation rule ID

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:

    CreatedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse
    Information on the client (user or application) that made some action
    CreatedTimeUtc string
    The time the automation rule was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedBy Pulumi.AzureNative.SecurityInsights.Outputs.ClientInfoResponse
    Information on the client (user or application) that made some action
    LastModifiedTimeUtc string
    The last time the automation rule was updated.
    Name string
    The name of the resource
    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    CreatedBy ClientInfoResponse
    Information on the client (user or application) that made some action
    CreatedTimeUtc string
    The time the automation rule was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    LastModifiedBy ClientInfoResponse
    Information on the client (user or application) that made some action
    LastModifiedTimeUtc string
    The last time the automation rule was updated.
    Name string
    The name of the resource
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Etag string
    Etag of the azure resource
    createdBy ClientInfoResponse
    Information on the client (user or application) that made some action
    createdTimeUtc String
    The time the automation rule was created.
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedBy ClientInfoResponse
    Information on the client (user or application) that made some action
    lastModifiedTimeUtc String
    The last time the automation rule was updated.
    name String
    The name of the resource
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource
    createdBy ClientInfoResponse
    Information on the client (user or application) that made some action
    createdTimeUtc string
    The time the automation rule was created.
    id string
    The provider-assigned unique ID for this managed resource.
    lastModifiedBy ClientInfoResponse
    Information on the client (user or application) that made some action
    lastModifiedTimeUtc string
    The last time the automation rule was updated.
    name string
    The name of the resource
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag string
    Etag of the azure resource
    created_by ClientInfoResponse
    Information on the client (user or application) that made some action
    created_time_utc str
    The time the automation rule was created.
    id str
    The provider-assigned unique ID for this managed resource.
    last_modified_by ClientInfoResponse
    Information on the client (user or application) that made some action
    last_modified_time_utc str
    The last time the automation rule was updated.
    name str
    The name of the resource
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag str
    Etag of the azure resource
    createdBy Property Map
    Information on the client (user or application) that made some action
    createdTimeUtc String
    The time the automation rule was created.
    id String
    The provider-assigned unique ID for this managed resource.
    lastModifiedBy Property Map
    Information on the client (user or application) that made some action
    lastModifiedTimeUtc String
    The last time the automation rule was updated.
    name String
    The name of the resource
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    etag String
    Etag of the azure resource

    Supporting Types

    AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs

    AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs

    AutomationRulePropertyArrayChangedConditionSupportedArrayType, AutomationRulePropertyArrayChangedConditionSupportedArrayTypeArgs

    Alerts
    AlertsEvaluate the condition on the alerts
    Labels
    LabelsEvaluate the condition on the labels
    Tactics
    TacticsEvaluate the condition on the tactics
    Comments
    CommentsEvaluate the condition on the comments
    AutomationRulePropertyArrayChangedConditionSupportedArrayTypeAlerts
    AlertsEvaluate the condition on the alerts
    AutomationRulePropertyArrayChangedConditionSupportedArrayTypeLabels
    LabelsEvaluate the condition on the labels
    AutomationRulePropertyArrayChangedConditionSupportedArrayTypeTactics
    TacticsEvaluate the condition on the tactics
    AutomationRulePropertyArrayChangedConditionSupportedArrayTypeComments
    CommentsEvaluate the condition on the comments
    Alerts
    AlertsEvaluate the condition on the alerts
    Labels
    LabelsEvaluate the condition on the labels
    Tactics
    TacticsEvaluate the condition on the tactics
    Comments
    CommentsEvaluate the condition on the comments
    Alerts
    AlertsEvaluate the condition on the alerts
    Labels
    LabelsEvaluate the condition on the labels
    Tactics
    TacticsEvaluate the condition on the tactics
    Comments
    CommentsEvaluate the condition on the comments
    ALERTS
    AlertsEvaluate the condition on the alerts
    LABELS
    LabelsEvaluate the condition on the labels
    TACTICS
    TacticsEvaluate the condition on the tactics
    COMMENTS
    CommentsEvaluate the condition on the comments
    "Alerts"
    AlertsEvaluate the condition on the alerts
    "Labels"
    LabelsEvaluate the condition on the labels
    "Tactics"
    TacticsEvaluate the condition on the tactics
    "Comments"
    CommentsEvaluate the condition on the comments

    AutomationRulePropertyArrayChangedConditionSupportedChangeType, AutomationRulePropertyArrayChangedConditionSupportedChangeTypeArgs

    Added
    AddedEvaluate the condition on items added to the array
    AutomationRulePropertyArrayChangedConditionSupportedChangeTypeAdded
    AddedEvaluate the condition on items added to the array
    Added
    AddedEvaluate the condition on items added to the array
    Added
    AddedEvaluate the condition on items added to the array
    ADDED
    AddedEvaluate the condition on items added to the array
    "Added"
    AddedEvaluate the condition on items added to the array

    AutomationRulePropertyArrayChangedValuesCondition, AutomationRulePropertyArrayChangedValuesConditionArgs

    AutomationRulePropertyArrayChangedValuesConditionResponse, AutomationRulePropertyArrayChangedValuesConditionResponseArgs

    ArrayType string
    ChangeType string
    ArrayType string
    ChangeType string
    arrayType String
    changeType String
    arrayType string
    changeType string
    arrayType String
    changeType String

    AutomationRulePropertyChangedConditionSupportedChangedType, AutomationRulePropertyChangedConditionSupportedChangedTypeArgs

    ChangedFrom
    ChangedFromEvaluate the condition on the previous value of the property
    ChangedTo
    ChangedToEvaluate the condition on the updated value of the property
    AutomationRulePropertyChangedConditionSupportedChangedTypeChangedFrom
    ChangedFromEvaluate the condition on the previous value of the property
    AutomationRulePropertyChangedConditionSupportedChangedTypeChangedTo
    ChangedToEvaluate the condition on the updated value of the property
    ChangedFrom
    ChangedFromEvaluate the condition on the previous value of the property
    ChangedTo
    ChangedToEvaluate the condition on the updated value of the property
    ChangedFrom
    ChangedFromEvaluate the condition on the previous value of the property
    ChangedTo
    ChangedToEvaluate the condition on the updated value of the property
    CHANGED_FROM
    ChangedFromEvaluate the condition on the previous value of the property
    CHANGED_TO
    ChangedToEvaluate the condition on the updated value of the property
    "ChangedFrom"
    ChangedFromEvaluate the condition on the previous value of the property
    "ChangedTo"
    ChangedToEvaluate the condition on the updated value of the property

    AutomationRulePropertyChangedConditionSupportedPropertyType, AutomationRulePropertyChangedConditionSupportedPropertyTypeArgs

    IncidentSeverity
    IncidentSeverityEvaluate the condition on the incident severity
    IncidentStatus
    IncidentStatusEvaluate the condition on the incident status
    IncidentOwner
    IncidentOwnerEvaluate the condition on the incident owner
    AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentSeverity
    IncidentSeverityEvaluate the condition on the incident severity
    AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentStatus
    IncidentStatusEvaluate the condition on the incident status
    AutomationRulePropertyChangedConditionSupportedPropertyTypeIncidentOwner
    IncidentOwnerEvaluate the condition on the incident owner
    IncidentSeverity
    IncidentSeverityEvaluate the condition on the incident severity
    IncidentStatus
    IncidentStatusEvaluate the condition on the incident status
    IncidentOwner
    IncidentOwnerEvaluate the condition on the incident owner
    IncidentSeverity
    IncidentSeverityEvaluate the condition on the incident severity
    IncidentStatus
    IncidentStatusEvaluate the condition on the incident status
    IncidentOwner
    IncidentOwnerEvaluate the condition on the incident owner
    INCIDENT_SEVERITY
    IncidentSeverityEvaluate the condition on the incident severity
    INCIDENT_STATUS
    IncidentStatusEvaluate the condition on the incident status
    INCIDENT_OWNER
    IncidentOwnerEvaluate the condition on the incident owner
    "IncidentSeverity"
    IncidentSeverityEvaluate the condition on the incident severity
    "IncidentStatus"
    IncidentStatusEvaluate the condition on the incident status
    "IncidentOwner"
    IncidentOwnerEvaluate the condition on the incident owner

    AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs

    EqualsValue
    EqualsEvaluates if the property equals at least one of the condition values
    NotEquals
    NotEqualsEvaluates if the property does not equal any of the condition values
    Contains
    ContainsEvaluates if the property contains at least one of the condition values
    NotContains
    NotContainsEvaluates if the property does not contain any of the condition values
    StartsWith
    StartsWithEvaluates if the property starts with any of the condition values
    NotStartsWith
    NotStartsWithEvaluates if the property does not start with any of the condition values
    EndsWith
    EndsWithEvaluates if the property ends with any of the condition values
    NotEndsWith
    NotEndsWithEvaluates if the property does not end with any of the condition values
    AutomationRulePropertyConditionSupportedOperatorEquals
    EqualsEvaluates if the property equals at least one of the condition values
    AutomationRulePropertyConditionSupportedOperatorNotEquals
    NotEqualsEvaluates if the property does not equal any of the condition values
    AutomationRulePropertyConditionSupportedOperatorContains
    ContainsEvaluates if the property contains at least one of the condition values
    AutomationRulePropertyConditionSupportedOperatorNotContains
    NotContainsEvaluates if the property does not contain any of the condition values
    AutomationRulePropertyConditionSupportedOperatorStartsWith
    StartsWithEvaluates if the property starts with any of the condition values
    AutomationRulePropertyConditionSupportedOperatorNotStartsWith
    NotStartsWithEvaluates if the property does not start with any of the condition values
    AutomationRulePropertyConditionSupportedOperatorEndsWith
    EndsWithEvaluates if the property ends with any of the condition values
    AutomationRulePropertyConditionSupportedOperatorNotEndsWith
    NotEndsWithEvaluates if the property does not end with any of the condition values
    Equals
    EqualsEvaluates if the property equals at least one of the condition values
    NotEquals
    NotEqualsEvaluates if the property does not equal any of the condition values
    Contains
    ContainsEvaluates if the property contains at least one of the condition values
    NotContains
    NotContainsEvaluates if the property does not contain any of the condition values
    StartsWith
    StartsWithEvaluates if the property starts with any of the condition values
    NotStartsWith
    NotStartsWithEvaluates if the property does not start with any of the condition values
    EndsWith
    EndsWithEvaluates if the property ends with any of the condition values
    NotEndsWith
    NotEndsWithEvaluates if the property does not end with any of the condition values
    Equals
    EqualsEvaluates if the property equals at least one of the condition values
    NotEquals
    NotEqualsEvaluates if the property does not equal any of the condition values
    Contains
    ContainsEvaluates if the property contains at least one of the condition values
    NotContains
    NotContainsEvaluates if the property does not contain any of the condition values
    StartsWith
    StartsWithEvaluates if the property starts with any of the condition values
    NotStartsWith
    NotStartsWithEvaluates if the property does not start with any of the condition values
    EndsWith
    EndsWithEvaluates if the property ends with any of the condition values
    NotEndsWith
    NotEndsWithEvaluates if the property does not end with any of the condition values
    EQUALS
    EqualsEvaluates if the property equals at least one of the condition values
    NOT_EQUALS
    NotEqualsEvaluates if the property does not equal any of the condition values
    CONTAINS
    ContainsEvaluates if the property contains at least one of the condition values
    NOT_CONTAINS
    NotContainsEvaluates if the property does not contain any of the condition values
    STARTS_WITH
    StartsWithEvaluates if the property starts with any of the condition values
    NOT_STARTS_WITH
    NotStartsWithEvaluates if the property does not start with any of the condition values
    ENDS_WITH
    EndsWithEvaluates if the property ends with any of the condition values
    NOT_ENDS_WITH
    NotEndsWithEvaluates if the property does not end with any of the condition values
    "Equals"
    EqualsEvaluates if the property equals at least one of the condition values
    "NotEquals"
    NotEqualsEvaluates if the property does not equal any of the condition values
    "Contains"
    ContainsEvaluates if the property contains at least one of the condition values
    "NotContains"
    NotContainsEvaluates if the property does not contain any of the condition values
    "StartsWith"
    StartsWithEvaluates if the property starts with any of the condition values
    "NotStartsWith"
    NotStartsWithEvaluates if the property does not start with any of the condition values
    "EndsWith"
    EndsWithEvaluates if the property ends with any of the condition values
    "NotEndsWith"
    NotEndsWithEvaluates if the property does not end with any of the condition values

    AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs

    IncidentTitle
    IncidentTitleThe title of the incident
    IncidentDescription
    IncidentDescriptionThe description of the incident
    IncidentSeverity
    IncidentSeverityThe severity of the incident
    IncidentStatus
    IncidentStatusThe status of the incident
    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    IncidentTactics
    IncidentTacticsThe tactics of the incident
    IncidentLabel
    IncidentLabelThe labels of the incident
    IncidentProviderName
    IncidentProviderNameThe provider name of the incident
    IncidentUpdatedBySource
    IncidentUpdatedBySourceThe update source of the incident
    AccountAadTenantId
    AccountAadTenantIdThe account Azure Active Directory tenant id
    AccountAadUserId
    AccountAadUserIdThe account Azure Active Directory user id
    AccountName
    AccountNameThe account name
    AccountNTDomain
    AccountNTDomainThe account NetBIOS domain name
    AccountPUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    AccountSid
    AccountSidThe account security identifier
    AccountObjectGuid
    AccountObjectGuidThe account unique identifier
    AccountUPNSuffix
    AccountUPNSuffixThe account user principal name suffix
    AlertProductNames
    AlertProductNamesThe name of the product of the alert
    AlertAnalyticRuleIds
    AlertAnalyticRuleIdsThe analytic rule ids of the alert
    AzureResourceResourceId
    AzureResourceResourceIdThe Azure resource id
    AzureResourceSubscriptionId
    AzureResourceSubscriptionIdThe Azure resource subscription id
    CloudApplicationAppId
    CloudApplicationAppIdThe cloud application identifier
    CloudApplicationAppName
    CloudApplicationAppNameThe cloud application name
    DNSDomainName
    DNSDomainNameThe dns record domain name
    FileDirectory
    FileDirectoryThe file directory full path
    FileName
    FileNameThe file name without path
    FileHashValue
    FileHashValueThe file hash value
    HostAzureID
    HostAzureIDThe host Azure resource id
    HostName
    HostNameThe host name without domain
    HostNetBiosName
    HostNetBiosNameThe host NetBIOS name
    HostNTDomain
    HostNTDomainThe host NT domain
    HostOSVersion
    HostOSVersionThe host operating system
    IoTDeviceId
    IoTDeviceId"The IoT device id
    IoTDeviceName
    IoTDeviceNameThe IoT device name
    IoTDeviceType
    IoTDeviceTypeThe IoT device type
    IoTDeviceVendor
    IoTDeviceVendorThe IoT device vendor
    IoTDeviceModel
    IoTDeviceModelThe IoT device model
    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystemThe IoT device operating system
    IPAddress
    IPAddressThe IP address
    MailboxDisplayName
    MailboxDisplayNameThe mailbox display name
    MailboxPrimaryAddress
    MailboxPrimaryAddressThe mailbox primary address
    MailboxUPN
    MailboxUPNThe mailbox user principal name
    MailMessageDeliveryAction
    MailMessageDeliveryActionThe mail message delivery action
    MailMessageDeliveryLocation
    MailMessageDeliveryLocationThe mail message delivery location
    MailMessageRecipient
    MailMessageRecipientThe mail message recipient
    MailMessageSenderIP
    MailMessageSenderIPThe mail message sender IP address
    MailMessageSubject
    MailMessageSubjectThe mail message subject
    MailMessageP1Sender
    MailMessageP1SenderThe mail message P1 sender
    MailMessageP2Sender
    MailMessageP2SenderThe mail message P2 sender
    MalwareCategory
    MalwareCategoryThe malware category
    MalwareName
    MalwareNameThe malware name
    ProcessCommandLine
    ProcessCommandLineThe process execution command line
    ProcessId
    ProcessIdThe process id
    RegistryKey
    RegistryKeyThe registry key path
    RegistryValueData
    RegistryValueDataThe registry key value in string formatted representation
    Url
    UrlThe url
    AutomationRulePropertyConditionSupportedPropertyIncidentTitle
    IncidentTitleThe title of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentDescription
    IncidentDescriptionThe description of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentSeverity
    IncidentSeverityThe severity of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentStatus
    IncidentStatusThe status of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentTactics
    IncidentTacticsThe tactics of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentLabel
    IncidentLabelThe labels of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentProviderName
    IncidentProviderNameThe provider name of the incident
    AutomationRulePropertyConditionSupportedPropertyIncidentUpdatedBySource
    IncidentUpdatedBySourceThe update source of the incident
    AutomationRulePropertyConditionSupportedPropertyAccountAadTenantId
    AccountAadTenantIdThe account Azure Active Directory tenant id
    AutomationRulePropertyConditionSupportedPropertyAccountAadUserId
    AccountAadUserIdThe account Azure Active Directory user id
    AutomationRulePropertyConditionSupportedPropertyAccountName
    AccountNameThe account name
    AutomationRulePropertyConditionSupportedPropertyAccountNTDomain
    AccountNTDomainThe account NetBIOS domain name
    AutomationRulePropertyConditionSupportedPropertyAccountPUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    AutomationRulePropertyConditionSupportedPropertyAccountSid
    AccountSidThe account security identifier
    AutomationRulePropertyConditionSupportedPropertyAccountObjectGuid
    AccountObjectGuidThe account unique identifier
    AutomationRulePropertyConditionSupportedPropertyAccountUPNSuffix
    AccountUPNSuffixThe account user principal name suffix
    AutomationRulePropertyConditionSupportedPropertyAlertProductNames
    AlertProductNamesThe name of the product of the alert
    AutomationRulePropertyConditionSupportedPropertyAlertAnalyticRuleIds
    AlertAnalyticRuleIdsThe analytic rule ids of the alert
    AutomationRulePropertyConditionSupportedPropertyAzureResourceResourceId
    AzureResourceResourceIdThe Azure resource id
    AutomationRulePropertyConditionSupportedPropertyAzureResourceSubscriptionId
    AzureResourceSubscriptionIdThe Azure resource subscription id
    AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppId
    CloudApplicationAppIdThe cloud application identifier
    AutomationRulePropertyConditionSupportedPropertyCloudApplicationAppName
    CloudApplicationAppNameThe cloud application name
    AutomationRulePropertyConditionSupportedPropertyDNSDomainName
    DNSDomainNameThe dns record domain name
    AutomationRulePropertyConditionSupportedPropertyFileDirectory
    FileDirectoryThe file directory full path
    AutomationRulePropertyConditionSupportedPropertyFileName
    FileNameThe file name without path
    AutomationRulePropertyConditionSupportedPropertyFileHashValue
    FileHashValueThe file hash value
    AutomationRulePropertyConditionSupportedPropertyHostAzureID
    HostAzureIDThe host Azure resource id
    AutomationRulePropertyConditionSupportedPropertyHostName
    HostNameThe host name without domain
    AutomationRulePropertyConditionSupportedPropertyHostNetBiosName
    HostNetBiosNameThe host NetBIOS name
    AutomationRulePropertyConditionSupportedPropertyHostNTDomain
    HostNTDomainThe host NT domain
    AutomationRulePropertyConditionSupportedPropertyHostOSVersion
    HostOSVersionThe host operating system
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceId
    IoTDeviceId"The IoT device id
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceName
    IoTDeviceNameThe IoT device name
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceType
    IoTDeviceTypeThe IoT device type
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceVendor
    IoTDeviceVendorThe IoT device vendor
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceModel
    IoTDeviceModelThe IoT device model
    AutomationRulePropertyConditionSupportedPropertyIoTDeviceOperatingSystem
    IoTDeviceOperatingSystemThe IoT device operating system
    AutomationRulePropertyConditionSupportedPropertyIPAddress
    IPAddressThe IP address
    AutomationRulePropertyConditionSupportedPropertyMailboxDisplayName
    MailboxDisplayNameThe mailbox display name
    AutomationRulePropertyConditionSupportedPropertyMailboxPrimaryAddress
    MailboxPrimaryAddressThe mailbox primary address
    AutomationRulePropertyConditionSupportedPropertyMailboxUPN
    MailboxUPNThe mailbox user principal name
    AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryAction
    MailMessageDeliveryActionThe mail message delivery action
    AutomationRulePropertyConditionSupportedPropertyMailMessageDeliveryLocation
    MailMessageDeliveryLocationThe mail message delivery location
    AutomationRulePropertyConditionSupportedPropertyMailMessageRecipient
    MailMessageRecipientThe mail message recipient
    AutomationRulePropertyConditionSupportedPropertyMailMessageSenderIP
    MailMessageSenderIPThe mail message sender IP address
    AutomationRulePropertyConditionSupportedPropertyMailMessageSubject
    MailMessageSubjectThe mail message subject
    AutomationRulePropertyConditionSupportedPropertyMailMessageP1Sender
    MailMessageP1SenderThe mail message P1 sender
    AutomationRulePropertyConditionSupportedPropertyMailMessageP2Sender
    MailMessageP2SenderThe mail message P2 sender
    AutomationRulePropertyConditionSupportedPropertyMalwareCategory
    MalwareCategoryThe malware category
    AutomationRulePropertyConditionSupportedPropertyMalwareName
    MalwareNameThe malware name
    AutomationRulePropertyConditionSupportedPropertyProcessCommandLine
    ProcessCommandLineThe process execution command line
    AutomationRulePropertyConditionSupportedPropertyProcessId
    ProcessIdThe process id
    AutomationRulePropertyConditionSupportedPropertyRegistryKey
    RegistryKeyThe registry key path
    AutomationRulePropertyConditionSupportedPropertyRegistryValueData
    RegistryValueDataThe registry key value in string formatted representation
    AutomationRulePropertyConditionSupportedPropertyUrl
    UrlThe url
    IncidentTitle
    IncidentTitleThe title of the incident
    IncidentDescription
    IncidentDescriptionThe description of the incident
    IncidentSeverity
    IncidentSeverityThe severity of the incident
    IncidentStatus
    IncidentStatusThe status of the incident
    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    IncidentTactics
    IncidentTacticsThe tactics of the incident
    IncidentLabel
    IncidentLabelThe labels of the incident
    IncidentProviderName
    IncidentProviderNameThe provider name of the incident
    IncidentUpdatedBySource
    IncidentUpdatedBySourceThe update source of the incident
    AccountAadTenantId
    AccountAadTenantIdThe account Azure Active Directory tenant id
    AccountAadUserId
    AccountAadUserIdThe account Azure Active Directory user id
    AccountName
    AccountNameThe account name
    AccountNTDomain
    AccountNTDomainThe account NetBIOS domain name
    AccountPUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    AccountSid
    AccountSidThe account security identifier
    AccountObjectGuid
    AccountObjectGuidThe account unique identifier
    AccountUPNSuffix
    AccountUPNSuffixThe account user principal name suffix
    AlertProductNames
    AlertProductNamesThe name of the product of the alert
    AlertAnalyticRuleIds
    AlertAnalyticRuleIdsThe analytic rule ids of the alert
    AzureResourceResourceId
    AzureResourceResourceIdThe Azure resource id
    AzureResourceSubscriptionId
    AzureResourceSubscriptionIdThe Azure resource subscription id
    CloudApplicationAppId
    CloudApplicationAppIdThe cloud application identifier
    CloudApplicationAppName
    CloudApplicationAppNameThe cloud application name
    DNSDomainName
    DNSDomainNameThe dns record domain name
    FileDirectory
    FileDirectoryThe file directory full path
    FileName
    FileNameThe file name without path
    FileHashValue
    FileHashValueThe file hash value
    HostAzureID
    HostAzureIDThe host Azure resource id
    HostName
    HostNameThe host name without domain
    HostNetBiosName
    HostNetBiosNameThe host NetBIOS name
    HostNTDomain
    HostNTDomainThe host NT domain
    HostOSVersion
    HostOSVersionThe host operating system
    IoTDeviceId
    IoTDeviceId"The IoT device id
    IoTDeviceName
    IoTDeviceNameThe IoT device name
    IoTDeviceType
    IoTDeviceTypeThe IoT device type
    IoTDeviceVendor
    IoTDeviceVendorThe IoT device vendor
    IoTDeviceModel
    IoTDeviceModelThe IoT device model
    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystemThe IoT device operating system
    IPAddress
    IPAddressThe IP address
    MailboxDisplayName
    MailboxDisplayNameThe mailbox display name
    MailboxPrimaryAddress
    MailboxPrimaryAddressThe mailbox primary address
    MailboxUPN
    MailboxUPNThe mailbox user principal name
    MailMessageDeliveryAction
    MailMessageDeliveryActionThe mail message delivery action
    MailMessageDeliveryLocation
    MailMessageDeliveryLocationThe mail message delivery location
    MailMessageRecipient
    MailMessageRecipientThe mail message recipient
    MailMessageSenderIP
    MailMessageSenderIPThe mail message sender IP address
    MailMessageSubject
    MailMessageSubjectThe mail message subject
    MailMessageP1Sender
    MailMessageP1SenderThe mail message P1 sender
    MailMessageP2Sender
    MailMessageP2SenderThe mail message P2 sender
    MalwareCategory
    MalwareCategoryThe malware category
    MalwareName
    MalwareNameThe malware name
    ProcessCommandLine
    ProcessCommandLineThe process execution command line
    ProcessId
    ProcessIdThe process id
    RegistryKey
    RegistryKeyThe registry key path
    RegistryValueData
    RegistryValueDataThe registry key value in string formatted representation
    Url
    UrlThe url
    IncidentTitle
    IncidentTitleThe title of the incident
    IncidentDescription
    IncidentDescriptionThe description of the incident
    IncidentSeverity
    IncidentSeverityThe severity of the incident
    IncidentStatus
    IncidentStatusThe status of the incident
    IncidentRelatedAnalyticRuleIds
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    IncidentTactics
    IncidentTacticsThe tactics of the incident
    IncidentLabel
    IncidentLabelThe labels of the incident
    IncidentProviderName
    IncidentProviderNameThe provider name of the incident
    IncidentUpdatedBySource
    IncidentUpdatedBySourceThe update source of the incident
    AccountAadTenantId
    AccountAadTenantIdThe account Azure Active Directory tenant id
    AccountAadUserId
    AccountAadUserIdThe account Azure Active Directory user id
    AccountName
    AccountNameThe account name
    AccountNTDomain
    AccountNTDomainThe account NetBIOS domain name
    AccountPUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    AccountSid
    AccountSidThe account security identifier
    AccountObjectGuid
    AccountObjectGuidThe account unique identifier
    AccountUPNSuffix
    AccountUPNSuffixThe account user principal name suffix
    AlertProductNames
    AlertProductNamesThe name of the product of the alert
    AlertAnalyticRuleIds
    AlertAnalyticRuleIdsThe analytic rule ids of the alert
    AzureResourceResourceId
    AzureResourceResourceIdThe Azure resource id
    AzureResourceSubscriptionId
    AzureResourceSubscriptionIdThe Azure resource subscription id
    CloudApplicationAppId
    CloudApplicationAppIdThe cloud application identifier
    CloudApplicationAppName
    CloudApplicationAppNameThe cloud application name
    DNSDomainName
    DNSDomainNameThe dns record domain name
    FileDirectory
    FileDirectoryThe file directory full path
    FileName
    FileNameThe file name without path
    FileHashValue
    FileHashValueThe file hash value
    HostAzureID
    HostAzureIDThe host Azure resource id
    HostName
    HostNameThe host name without domain
    HostNetBiosName
    HostNetBiosNameThe host NetBIOS name
    HostNTDomain
    HostNTDomainThe host NT domain
    HostOSVersion
    HostOSVersionThe host operating system
    IoTDeviceId
    IoTDeviceId"The IoT device id
    IoTDeviceName
    IoTDeviceNameThe IoT device name
    IoTDeviceType
    IoTDeviceTypeThe IoT device type
    IoTDeviceVendor
    IoTDeviceVendorThe IoT device vendor
    IoTDeviceModel
    IoTDeviceModelThe IoT device model
    IoTDeviceOperatingSystem
    IoTDeviceOperatingSystemThe IoT device operating system
    IPAddress
    IPAddressThe IP address
    MailboxDisplayName
    MailboxDisplayNameThe mailbox display name
    MailboxPrimaryAddress
    MailboxPrimaryAddressThe mailbox primary address
    MailboxUPN
    MailboxUPNThe mailbox user principal name
    MailMessageDeliveryAction
    MailMessageDeliveryActionThe mail message delivery action
    MailMessageDeliveryLocation
    MailMessageDeliveryLocationThe mail message delivery location
    MailMessageRecipient
    MailMessageRecipientThe mail message recipient
    MailMessageSenderIP
    MailMessageSenderIPThe mail message sender IP address
    MailMessageSubject
    MailMessageSubjectThe mail message subject
    MailMessageP1Sender
    MailMessageP1SenderThe mail message P1 sender
    MailMessageP2Sender
    MailMessageP2SenderThe mail message P2 sender
    MalwareCategory
    MalwareCategoryThe malware category
    MalwareName
    MalwareNameThe malware name
    ProcessCommandLine
    ProcessCommandLineThe process execution command line
    ProcessId
    ProcessIdThe process id
    RegistryKey
    RegistryKeyThe registry key path
    RegistryValueData
    RegistryValueDataThe registry key value in string formatted representation
    Url
    UrlThe url
    INCIDENT_TITLE
    IncidentTitleThe title of the incident
    INCIDENT_DESCRIPTION
    IncidentDescriptionThe description of the incident
    INCIDENT_SEVERITY
    IncidentSeverityThe severity of the incident
    INCIDENT_STATUS
    IncidentStatusThe status of the incident
    INCIDENT_RELATED_ANALYTIC_RULE_IDS
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    INCIDENT_TACTICS
    IncidentTacticsThe tactics of the incident
    INCIDENT_LABEL
    IncidentLabelThe labels of the incident
    INCIDENT_PROVIDER_NAME
    IncidentProviderNameThe provider name of the incident
    INCIDENT_UPDATED_BY_SOURCE
    IncidentUpdatedBySourceThe update source of the incident
    ACCOUNT_AAD_TENANT_ID
    AccountAadTenantIdThe account Azure Active Directory tenant id
    ACCOUNT_AAD_USER_ID
    AccountAadUserIdThe account Azure Active Directory user id
    ACCOUNT_NAME
    AccountNameThe account name
    ACCOUNT_NT_DOMAIN
    AccountNTDomainThe account NetBIOS domain name
    ACCOUNT_PUID
    AccountPUIDThe account Azure Active Directory Passport User ID
    ACCOUNT_SID
    AccountSidThe account security identifier
    ACCOUNT_OBJECT_GUID
    AccountObjectGuidThe account unique identifier
    ACCOUNT_UPN_SUFFIX
    AccountUPNSuffixThe account user principal name suffix
    ALERT_PRODUCT_NAMES
    AlertProductNamesThe name of the product of the alert
    ALERT_ANALYTIC_RULE_IDS
    AlertAnalyticRuleIdsThe analytic rule ids of the alert
    AZURE_RESOURCE_RESOURCE_ID
    AzureResourceResourceIdThe Azure resource id
    AZURE_RESOURCE_SUBSCRIPTION_ID
    AzureResourceSubscriptionIdThe Azure resource subscription id
    CLOUD_APPLICATION_APP_ID
    CloudApplicationAppIdThe cloud application identifier
    CLOUD_APPLICATION_APP_NAME
    CloudApplicationAppNameThe cloud application name
    DNS_DOMAIN_NAME
    DNSDomainNameThe dns record domain name
    FILE_DIRECTORY
    FileDirectoryThe file directory full path
    FILE_NAME
    FileNameThe file name without path
    FILE_HASH_VALUE
    FileHashValueThe file hash value
    HOST_AZURE_ID
    HostAzureIDThe host Azure resource id
    HOST_NAME
    HostNameThe host name without domain
    HOST_NET_BIOS_NAME
    HostNetBiosNameThe host NetBIOS name
    HOST_NT_DOMAIN
    HostNTDomainThe host NT domain
    HOST_OS_VERSION
    HostOSVersionThe host operating system
    IO_T_DEVICE_ID
    IoTDeviceId"The IoT device id
    IO_T_DEVICE_NAME
    IoTDeviceNameThe IoT device name
    IO_T_DEVICE_TYPE
    IoTDeviceTypeThe IoT device type
    IO_T_DEVICE_VENDOR
    IoTDeviceVendorThe IoT device vendor
    IO_T_DEVICE_MODEL
    IoTDeviceModelThe IoT device model
    IO_T_DEVICE_OPERATING_SYSTEM
    IoTDeviceOperatingSystemThe IoT device operating system
    IP_ADDRESS
    IPAddressThe IP address
    MAILBOX_DISPLAY_NAME
    MailboxDisplayNameThe mailbox display name
    MAILBOX_PRIMARY_ADDRESS
    MailboxPrimaryAddressThe mailbox primary address
    MAILBOX_UPN
    MailboxUPNThe mailbox user principal name
    MAIL_MESSAGE_DELIVERY_ACTION
    MailMessageDeliveryActionThe mail message delivery action
    MAIL_MESSAGE_DELIVERY_LOCATION
    MailMessageDeliveryLocationThe mail message delivery location
    MAIL_MESSAGE_RECIPIENT
    MailMessageRecipientThe mail message recipient
    MAIL_MESSAGE_SENDER_IP
    MailMessageSenderIPThe mail message sender IP address
    MAIL_MESSAGE_SUBJECT
    MailMessageSubjectThe mail message subject
    MAIL_MESSAGE_P1_SENDER
    MailMessageP1SenderThe mail message P1 sender
    MAIL_MESSAGE_P2_SENDER
    MailMessageP2SenderThe mail message P2 sender
    MALWARE_CATEGORY
    MalwareCategoryThe malware category
    MALWARE_NAME
    MalwareNameThe malware name
    PROCESS_COMMAND_LINE
    ProcessCommandLineThe process execution command line
    PROCESS_ID
    ProcessIdThe process id
    REGISTRY_KEY
    RegistryKeyThe registry key path
    REGISTRY_VALUE_DATA
    RegistryValueDataThe registry key value in string formatted representation
    URL
    UrlThe url
    "IncidentTitle"
    IncidentTitleThe title of the incident
    "IncidentDescription"
    IncidentDescriptionThe description of the incident
    "IncidentSeverity"
    IncidentSeverityThe severity of the incident
    "IncidentStatus"
    IncidentStatusThe status of the incident
    "IncidentRelatedAnalyticRuleIds"
    IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
    "IncidentTactics"
    IncidentTacticsThe tactics of the incident
    "IncidentLabel"
    IncidentLabelThe labels of the incident
    "IncidentProviderName"
    IncidentProviderNameThe provider name of the incident
    "IncidentUpdatedBySource"
    IncidentUpdatedBySourceThe update source of the incident
    "AccountAadTenantId"
    AccountAadTenantIdThe account Azure Active Directory tenant id
    "AccountAadUserId"
    AccountAadUserIdThe account Azure Active Directory user id
    "AccountName"
    AccountNameThe account name
    "AccountNTDomain"
    AccountNTDomainThe account NetBIOS domain name
    "AccountPUID"
    AccountPUIDThe account Azure Active Directory Passport User ID
    "AccountSid"
    AccountSidThe account security identifier
    "AccountObjectGuid"
    AccountObjectGuidThe account unique identifier
    "AccountUPNSuffix"
    AccountUPNSuffixThe account user principal name suffix
    "AlertProductNames"
    AlertProductNamesThe name of the product of the alert
    "AlertAnalyticRuleIds"
    AlertAnalyticRuleIdsThe analytic rule ids of the alert
    "AzureResourceResourceId"
    AzureResourceResourceIdThe Azure resource id
    "AzureResourceSubscriptionId"
    AzureResourceSubscriptionIdThe Azure resource subscription id
    "CloudApplicationAppId"
    CloudApplicationAppIdThe cloud application identifier
    "CloudApplicationAppName"
    CloudApplicationAppNameThe cloud application name
    "DNSDomainName"
    DNSDomainNameThe dns record domain name
    "FileDirectory"
    FileDirectoryThe file directory full path
    "FileName"
    FileNameThe file name without path
    "FileHashValue"
    FileHashValueThe file hash value
    "HostAzureID"
    HostAzureIDThe host Azure resource id
    "HostName"
    HostNameThe host name without domain
    "HostNetBiosName"
    HostNetBiosNameThe host NetBIOS name
    "HostNTDomain"
    HostNTDomainThe host NT domain
    "HostOSVersion"
    HostOSVersionThe host operating system
    "IoTDeviceId"
    IoTDeviceId"The IoT device id
    "IoTDeviceName"
    IoTDeviceNameThe IoT device name
    "IoTDeviceType"
    IoTDeviceTypeThe IoT device type
    "IoTDeviceVendor"
    IoTDeviceVendorThe IoT device vendor
    "IoTDeviceModel"
    IoTDeviceModelThe IoT device model
    "IoTDeviceOperatingSystem"
    IoTDeviceOperatingSystemThe IoT device operating system
    "IPAddress"
    IPAddressThe IP address
    "MailboxDisplayName"
    MailboxDisplayNameThe mailbox display name
    "MailboxPrimaryAddress"
    MailboxPrimaryAddressThe mailbox primary address
    "MailboxUPN"
    MailboxUPNThe mailbox user principal name
    "MailMessageDeliveryAction"
    MailMessageDeliveryActionThe mail message delivery action
    "MailMessageDeliveryLocation"
    MailMessageDeliveryLocationThe mail message delivery location
    "MailMessageRecipient"
    MailMessageRecipientThe mail message recipient
    "MailMessageSenderIP"
    MailMessageSenderIPThe mail message sender IP address
    "MailMessageSubject"
    MailMessageSubjectThe mail message subject
    "MailMessageP1Sender"
    MailMessageP1SenderThe mail message P1 sender
    "MailMessageP2Sender"
    MailMessageP2SenderThe mail message P2 sender
    "MalwareCategory"
    MalwareCategoryThe malware category
    "MalwareName"
    MalwareNameThe malware name
    "ProcessCommandLine"
    ProcessCommandLineThe process execution command line
    "ProcessId"
    ProcessIdThe process id
    "RegistryKey"
    RegistryKeyThe registry key path
    "RegistryValueData"
    RegistryValueDataThe registry key value in string formatted representation
    "Url"
    UrlThe url

    AutomationRulePropertyValuesChangedCondition, AutomationRulePropertyValuesChangedConditionArgs

    AutomationRulePropertyValuesChangedConditionResponse, AutomationRulePropertyValuesChangedConditionResponseArgs

    ChangeType string
    Operator string
    PropertyName string
    PropertyValues List<string>
    ChangeType string
    Operator string
    PropertyName string
    PropertyValues []string
    changeType String
    operator String
    propertyName String
    propertyValues List<String>
    changeType string
    operator string
    propertyName string
    propertyValues string[]
    changeType String
    operator String
    propertyName String
    propertyValues List<String>

    AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs

    Operator string | AutomationRulePropertyConditionSupportedOperator
    PropertyName string | AutomationRulePropertyConditionSupportedProperty
    The property to evaluate in an automation rule property condition.
    PropertyValues []string
    operator String | AutomationRulePropertyConditionSupportedOperator
    propertyName String | AutomationRulePropertyConditionSupportedProperty
    The property to evaluate in an automation rule property condition.
    propertyValues List<String>
    operator string | AutomationRulePropertyConditionSupportedOperator
    propertyName string | AutomationRulePropertyConditionSupportedProperty
    The property to evaluate in an automation rule property condition.
    propertyValues string[]
    operator str | AutomationRulePropertyConditionSupportedOperator
    property_name str | AutomationRulePropertyConditionSupportedProperty
    The property to evaluate in an automation rule property condition.
    property_values Sequence[str]
    operator String | "Equals" | "NotEquals" | "Contains" | "NotContains" | "StartsWith" | "NotStartsWith" | "EndsWith" | "NotEndsWith"
    propertyName String | "IncidentTitle" | "IncidentDescription" | "IncidentSeverity" | "IncidentStatus" | "IncidentRelatedAnalyticRuleIds" | "IncidentTactics" | "IncidentLabel" | "IncidentProviderName" | "IncidentUpdatedBySource" | "AccountAadTenantId" | "AccountAadUserId" | "AccountName" | "AccountNTDomain" | "AccountPUID" | "AccountSid" | "AccountObjectGuid" | "AccountUPNSuffix" | "AlertProductNames" | "AlertAnalyticRuleIds" | "AzureResourceResourceId" | "AzureResourceSubscriptionId" | "CloudApplicationAppId" | "CloudApplicationAppName" | "DNSDomainName" | "FileDirectory" | "FileName" | "FileHashValue" | "HostAzureID" | "HostName" | "HostNetBiosName" | "HostNTDomain" | "HostOSVersion" | "IoTDeviceId" | "IoTDeviceName" | "IoTDeviceType" | "IoTDeviceVendor" | "IoTDeviceModel" | "IoTDeviceOperatingSystem" | "IPAddress" | "MailboxDisplayName" | "MailboxPrimaryAddress" | "MailboxUPN" | "MailMessageDeliveryAction" | "MailMessageDeliveryLocation" | "MailMessageRecipient" | "MailMessageSenderIP" | "MailMessageSubject" | "MailMessageP1Sender" | "MailMessageP2Sender" | "MalwareCategory" | "MalwareName" | "ProcessCommandLine" | "ProcessId" | "RegistryKey" | "RegistryValueData" | "Url"
    The property to evaluate in an automation rule property condition.
    propertyValues List<String>

    AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs

    Operator string
    PropertyName string
    The property to evaluate in an automation rule property condition.
    PropertyValues List<string>
    Operator string
    PropertyName string
    The property to evaluate in an automation rule property condition.
    PropertyValues []string
    operator String
    propertyName String
    The property to evaluate in an automation rule property condition.
    propertyValues List<String>
    operator string
    propertyName string
    The property to evaluate in an automation rule property condition.
    propertyValues string[]
    operator str
    property_name str
    The property to evaluate in an automation rule property condition.
    property_values Sequence[str]
    operator String
    propertyName String
    The property to evaluate in an automation rule property condition.
    propertyValues List<String>

    AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs

    AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs

    AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs

    IsEnabled bool
    Determines whether the automation rule is enabled or disabled.
    TriggersOn string | Pulumi.AzureNative.SecurityInsights.TriggersOn
    TriggersWhen string | Pulumi.AzureNative.SecurityInsights.TriggersWhen
    Conditions List<object>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    ExpirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    IsEnabled bool
    Determines whether the automation rule is enabled or disabled.
    TriggersOn string | TriggersOn
    TriggersWhen string | TriggersWhen
    Conditions []interface{}
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    ExpirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled Boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn String | TriggersOn
    triggersWhen String | TriggersWhen
    conditions List<Object>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    expirationTimeUtc String
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn string | TriggersOn
    triggersWhen string | TriggersWhen
    conditions (PropertyArrayChangedConditionProperties | PropertyChangedConditionProperties | PropertyConditionProperties)[]
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    expirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    is_enabled bool
    Determines whether the automation rule is enabled or disabled.
    triggers_on str | TriggersOn
    triggers_when str | TriggersWhen
    conditions Sequence[Union[PropertyArrayChangedConditionProperties, PropertyChangedConditionProperties, PropertyConditionProperties]]
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    expiration_time_utc str
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled Boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn String | "Incidents" | "Alerts"
    triggersWhen String | "Created" | "Updated"
    conditions List<Property Map | Property Map | Property Map>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    expirationTimeUtc String
    Determines when the automation rule should automatically expire and be disabled.

    AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs

    IsEnabled bool
    Determines whether the automation rule is enabled or disabled.
    TriggersOn string
    TriggersWhen string
    Conditions List<object>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    ExpirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    IsEnabled bool
    Determines whether the automation rule is enabled or disabled.
    TriggersOn string
    TriggersWhen string
    Conditions []interface{}
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    ExpirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled Boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn String
    triggersWhen String
    conditions List<Object>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    expirationTimeUtc String
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn string
    triggersWhen string
    conditions (PropertyArrayChangedConditionPropertiesResponse | PropertyChangedConditionPropertiesResponse | PropertyConditionPropertiesResponse)[]
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    expirationTimeUtc string
    Determines when the automation rule should automatically expire and be disabled.
    is_enabled bool
    Determines whether the automation rule is enabled or disabled.
    triggers_on str
    triggers_when str
    conditions Sequence[Union[PropertyArrayChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponse, PropertyConditionPropertiesResponse]]
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    expiration_time_utc str
    Determines when the automation rule should automatically expire and be disabled.
    isEnabled Boolean
    Determines whether the automation rule is enabled or disabled.
    triggersOn String
    triggersWhen String
    conditions List<Property Map | Property Map | Property Map>
    The conditions to evaluate to determine if the automation rule should be triggered on a given object.
    expirationTimeUtc String
    Determines when the automation rule should automatically expire and be disabled.

    ClientInfoResponse, ClientInfoResponseArgs

    Email string
    The email of the client.
    Name string
    The name of the client.
    ObjectId string
    The object id of the client.
    UserPrincipalName string
    The user principal name of the client.
    Email string
    The email of the client.
    Name string
    The name of the client.
    ObjectId string
    The object id of the client.
    UserPrincipalName string
    The user principal name of the client.
    email String
    The email of the client.
    name String
    The name of the client.
    objectId String
    The object id of the client.
    userPrincipalName String
    The user principal name of the client.
    email string
    The email of the client.
    name string
    The name of the client.
    objectId string
    The object id of the client.
    userPrincipalName string
    The user principal name of the client.
    email str
    The email of the client.
    name str
    The name of the client.
    object_id str
    The object id of the client.
    user_principal_name str
    The user principal name of the client.
    email String
    The email of the client.
    name String
    The name of the client.
    objectId String
    The object id of the client.
    userPrincipalName String
    The user principal name of the client.

    IncidentClassification, IncidentClassificationArgs

    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    IncidentClassificationUndetermined
    UndeterminedIncident classification was undetermined
    IncidentClassificationTruePositive
    TruePositiveIncident was true positive
    IncidentClassificationBenignPositive
    BenignPositiveIncident was benign positive
    IncidentClassificationFalsePositive
    FalsePositiveIncident was false positive
    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    Undetermined
    UndeterminedIncident classification was undetermined
    TruePositive
    TruePositiveIncident was true positive
    BenignPositive
    BenignPositiveIncident was benign positive
    FalsePositive
    FalsePositiveIncident was false positive
    UNDETERMINED
    UndeterminedIncident classification was undetermined
    TRUE_POSITIVE
    TruePositiveIncident was true positive
    BENIGN_POSITIVE
    BenignPositiveIncident was benign positive
    FALSE_POSITIVE
    FalsePositiveIncident was false positive
    "Undetermined"
    UndeterminedIncident classification was undetermined
    "TruePositive"
    TruePositiveIncident was true positive
    "BenignPositive"
    BenignPositiveIncident was benign positive
    "FalsePositive"
    FalsePositiveIncident was false positive

    IncidentClassificationReason, IncidentClassificationReasonArgs

    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    IncidentClassificationReasonSuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    IncidentClassificationReasonSuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncidentClassificationReasonIncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    IncidentClassificationReasonInaccurateData
    InaccurateDataClassification reason was inaccurate data
    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    SuspiciousActivity
    SuspiciousActivityClassification reason was suspicious activity
    SuspiciousButExpected
    SuspiciousButExpectedClassification reason was suspicious but expected
    IncorrectAlertLogic
    IncorrectAlertLogicClassification reason was incorrect alert logic
    InaccurateData
    InaccurateDataClassification reason was inaccurate data
    SUSPICIOUS_ACTIVITY
    SuspiciousActivityClassification reason was suspicious activity
    SUSPICIOUS_BUT_EXPECTED
    SuspiciousButExpectedClassification reason was suspicious but expected
    INCORRECT_ALERT_LOGIC
    IncorrectAlertLogicClassification reason was incorrect alert logic
    INACCURATE_DATA
    InaccurateDataClassification reason was inaccurate data
    "SuspiciousActivity"
    SuspiciousActivityClassification reason was suspicious activity
    "SuspiciousButExpected"
    SuspiciousButExpectedClassification reason was suspicious but expected
    "IncorrectAlertLogic"
    IncorrectAlertLogicClassification reason was incorrect alert logic
    "InaccurateData"
    InaccurateDataClassification reason was inaccurate data

    IncidentLabel, IncidentLabelArgs

    LabelName string
    The name of the label
    LabelName string
    The name of the label
    labelName String
    The name of the label
    labelName string
    The name of the label
    label_name str
    The name of the label
    labelName String
    The name of the label

    IncidentLabelResponse, IncidentLabelResponseArgs

    LabelName string
    The name of the label
    LabelType string
    The type of the label
    LabelName string
    The name of the label
    LabelType string
    The type of the label
    labelName String
    The name of the label
    labelType String
    The type of the label
    labelName string
    The name of the label
    labelType string
    The type of the label
    label_name str
    The name of the label
    label_type str
    The type of the label
    labelName String
    The name of the label
    labelType String
    The type of the label

    IncidentOwnerInfo, IncidentOwnerInfoArgs

    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string | Pulumi.AzureNative.SecurityInsights.OwnerType
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string | OwnerType
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String | OwnerType
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.
    assignedTo string
    The name of the user the incident is assigned to.
    email string
    The email of the user the incident is assigned to.
    objectId string
    The object id of the user the incident is assigned to.
    ownerType string | OwnerType
    The type of the owner the incident is assigned to.
    userPrincipalName string
    The user principal name of the user the incident is assigned to.
    assigned_to str
    The name of the user the incident is assigned to.
    email str
    The email of the user the incident is assigned to.
    object_id str
    The object id of the user the incident is assigned to.
    owner_type str | OwnerType
    The type of the owner the incident is assigned to.
    user_principal_name str
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String | "Unknown" | "User" | "Group"
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.

    IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs

    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    AssignedTo string
    The name of the user the incident is assigned to.
    Email string
    The email of the user the incident is assigned to.
    ObjectId string
    The object id of the user the incident is assigned to.
    OwnerType string
    The type of the owner the incident is assigned to.
    UserPrincipalName string
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.
    assignedTo string
    The name of the user the incident is assigned to.
    email string
    The email of the user the incident is assigned to.
    objectId string
    The object id of the user the incident is assigned to.
    ownerType string
    The type of the owner the incident is assigned to.
    userPrincipalName string
    The user principal name of the user the incident is assigned to.
    assigned_to str
    The name of the user the incident is assigned to.
    email str
    The email of the user the incident is assigned to.
    object_id str
    The object id of the user the incident is assigned to.
    owner_type str
    The type of the owner the incident is assigned to.
    user_principal_name str
    The user principal name of the user the incident is assigned to.
    assignedTo String
    The name of the user the incident is assigned to.
    email String
    The email of the user the incident is assigned to.
    objectId String
    The object id of the user the incident is assigned to.
    ownerType String
    The type of the owner the incident is assigned to.
    userPrincipalName String
    The user principal name of the user the incident is assigned to.

    IncidentPropertiesAction, IncidentPropertiesActionArgs

    Classification string | Pulumi.AzureNative.SecurityInsights.IncidentClassification
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed.
    ClassificationReason string | Pulumi.AzureNative.SecurityInsights.IncidentClassificationReason
    The classification reason the incident was closed with
    Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabel>
    List of labels to add to the incident.
    Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfo
    Information on the user an incident is assigned to
    Severity string | Pulumi.AzureNative.SecurityInsights.IncidentSeverity
    The severity of the incident
    Status string | Pulumi.AzureNative.SecurityInsights.IncidentStatus
    The status of the incident
    Classification string | IncidentClassification
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed.
    ClassificationReason string | IncidentClassificationReason
    The classification reason the incident was closed with
    Labels []IncidentLabel
    List of labels to add to the incident.
    Owner IncidentOwnerInfo
    Information on the user an incident is assigned to
    Severity string | IncidentSeverity
    The severity of the incident
    Status string | IncidentStatus
    The status of the incident
    classification String | IncidentClassification
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed.
    classificationReason String | IncidentClassificationReason
    The classification reason the incident was closed with
    labels List<IncidentLabel>
    List of labels to add to the incident.
    owner IncidentOwnerInfo
    Information on the user an incident is assigned to
    severity String | IncidentSeverity
    The severity of the incident
    status String | IncidentStatus
    The status of the incident
    classification string | IncidentClassification
    The reason the incident was closed
    classificationComment string
    Describes the reason the incident was closed.
    classificationReason string | IncidentClassificationReason
    The classification reason the incident was closed with
    labels IncidentLabel[]
    List of labels to add to the incident.
    owner IncidentOwnerInfo
    Information on the user an incident is assigned to
    severity string | IncidentSeverity
    The severity of the incident
    status string | IncidentStatus
    The status of the incident
    classification str | IncidentClassification
    The reason the incident was closed
    classification_comment str
    Describes the reason the incident was closed.
    classification_reason str | IncidentClassificationReason
    The classification reason the incident was closed with
    labels Sequence[IncidentLabel]
    List of labels to add to the incident.
    owner IncidentOwnerInfo
    Information on the user an incident is assigned to
    severity str | IncidentSeverity
    The severity of the incident
    status str | IncidentStatus
    The status of the incident
    classification String | "Undetermined" | "TruePositive" | "BenignPositive" | "FalsePositive"
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed.
    classificationReason String | "SuspiciousActivity" | "SuspiciousButExpected" | "IncorrectAlertLogic" | "InaccurateData"
    The classification reason the incident was closed with
    labels List<Property Map>
    List of labels to add to the incident.
    owner Property Map
    Information on the user an incident is assigned to
    severity String | "High" | "Medium" | "Low" | "Informational"
    The severity of the incident
    status String | "New" | "Active" | "Closed"
    The status of the incident

    IncidentPropertiesActionResponse, IncidentPropertiesActionResponseArgs

    Classification string
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed.
    ClassificationReason string
    The classification reason the incident was closed with
    Labels List<Pulumi.AzureNative.SecurityInsights.Inputs.IncidentLabelResponse>
    List of labels to add to the incident.
    Owner Pulumi.AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoResponse
    Information on the user an incident is assigned to
    Severity string
    The severity of the incident
    Status string
    The status of the incident
    Classification string
    The reason the incident was closed
    ClassificationComment string
    Describes the reason the incident was closed.
    ClassificationReason string
    The classification reason the incident was closed with
    Labels []IncidentLabelResponse
    List of labels to add to the incident.
    Owner IncidentOwnerInfoResponse
    Information on the user an incident is assigned to
    Severity string
    The severity of the incident
    Status string
    The status of the incident
    classification String
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed.
    classificationReason String
    The classification reason the incident was closed with
    labels List<IncidentLabelResponse>
    List of labels to add to the incident.
    owner IncidentOwnerInfoResponse
    Information on the user an incident is assigned to
    severity String
    The severity of the incident
    status String
    The status of the incident
    classification string
    The reason the incident was closed
    classificationComment string
    Describes the reason the incident was closed.
    classificationReason string
    The classification reason the incident was closed with
    labels IncidentLabelResponse[]
    List of labels to add to the incident.
    owner IncidentOwnerInfoResponse
    Information on the user an incident is assigned to
    severity string
    The severity of the incident
    status string
    The status of the incident
    classification str
    The reason the incident was closed
    classification_comment str
    Describes the reason the incident was closed.
    classification_reason str
    The classification reason the incident was closed with
    labels Sequence[IncidentLabelResponse]
    List of labels to add to the incident.
    owner IncidentOwnerInfoResponse
    Information on the user an incident is assigned to
    severity str
    The severity of the incident
    status str
    The status of the incident
    classification String
    The reason the incident was closed
    classificationComment String
    Describes the reason the incident was closed.
    classificationReason String
    The classification reason the incident was closed with
    labels List<Property Map>
    List of labels to add to the incident.
    owner Property Map
    Information on the user an incident is assigned to
    severity String
    The severity of the incident
    status String
    The status of the incident

    IncidentSeverity, IncidentSeverityArgs

    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    IncidentSeverityHigh
    HighHigh severity
    IncidentSeverityMedium
    MediumMedium severity
    IncidentSeverityLow
    LowLow severity
    IncidentSeverityInformational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    High
    HighHigh severity
    Medium
    MediumMedium severity
    Low
    LowLow severity
    Informational
    InformationalInformational severity
    HIGH
    HighHigh severity
    MEDIUM
    MediumMedium severity
    LOW
    LowLow severity
    INFORMATIONAL
    InformationalInformational severity
    "High"
    HighHigh severity
    "Medium"
    MediumMedium severity
    "Low"
    LowLow severity
    "Informational"
    InformationalInformational severity

    IncidentStatus, IncidentStatusArgs

    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    IncidentStatusNew
    NewAn active incident which isn't being handled currently
    IncidentStatusActive
    ActiveAn active incident which is being handled
    IncidentStatusClosed
    ClosedA non-active incident
    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    New
    NewAn active incident which isn't being handled currently
    Active
    ActiveAn active incident which is being handled
    Closed
    ClosedA non-active incident
    NEW
    NewAn active incident which isn't being handled currently
    ACTIVE
    ActiveAn active incident which is being handled
    CLOSED
    ClosedA non-active incident
    "New"
    NewAn active incident which isn't being handled currently
    "Active"
    ActiveAn active incident which is being handled
    "Closed"
    ClosedA non-active incident

    OwnerType, OwnerTypeArgs

    Unknown
    UnknownThe incident owner type is unknown
    User
    UserThe incident owner type is an AAD user
    Group
    GroupThe incident owner type is an AAD group
    OwnerTypeUnknown
    UnknownThe incident owner type is unknown
    OwnerTypeUser
    UserThe incident owner type is an AAD user
    OwnerTypeGroup
    GroupThe incident owner type is an AAD group
    Unknown
    UnknownThe incident owner type is unknown
    User
    UserThe incident owner type is an AAD user
    Group
    GroupThe incident owner type is an AAD group
    Unknown
    UnknownThe incident owner type is unknown
    User
    UserThe incident owner type is an AAD user
    Group
    GroupThe incident owner type is an AAD group
    UNKNOWN
    UnknownThe incident owner type is unknown
    USER
    UserThe incident owner type is an AAD user
    GROUP
    GroupThe incident owner type is an AAD group
    "Unknown"
    UnknownThe incident owner type is unknown
    "User"
    UserThe incident owner type is an AAD user
    "Group"
    GroupThe incident owner type is an AAD group

    PlaybookActionProperties, PlaybookActionPropertiesArgs

    LogicAppResourceId string
    The resource id of the playbook resource.
    TenantId string
    The tenant id of the playbook resource.
    LogicAppResourceId string
    The resource id of the playbook resource.
    TenantId string
    The tenant id of the playbook resource.
    logicAppResourceId String
    The resource id of the playbook resource.
    tenantId String
    The tenant id of the playbook resource.
    logicAppResourceId string
    The resource id of the playbook resource.
    tenantId string
    The tenant id of the playbook resource.
    logic_app_resource_id str
    The resource id of the playbook resource.
    tenant_id str
    The tenant id of the playbook resource.
    logicAppResourceId String
    The resource id of the playbook resource.
    tenantId String
    The tenant id of the playbook resource.

    PlaybookActionPropertiesResponse, PlaybookActionPropertiesResponseArgs

    LogicAppResourceId string
    The resource id of the playbook resource.
    TenantId string
    The tenant id of the playbook resource.
    LogicAppResourceId string
    The resource id of the playbook resource.
    TenantId string
    The tenant id of the playbook resource.
    logicAppResourceId String
    The resource id of the playbook resource.
    tenantId String
    The tenant id of the playbook resource.
    logicAppResourceId string
    The resource id of the playbook resource.
    tenantId string
    The tenant id of the playbook resource.
    logic_app_resource_id str
    The resource id of the playbook resource.
    tenant_id str
    The tenant id of the playbook resource.
    logicAppResourceId String
    The resource id of the playbook resource.
    tenantId String
    The tenant id of the playbook resource.

    PropertyArrayChangedConditionProperties, PropertyArrayChangedConditionPropertiesArgs

    PropertyArrayChangedConditionPropertiesResponse, PropertyArrayChangedConditionPropertiesResponseArgs

    PropertyChangedConditionProperties, PropertyChangedConditionPropertiesArgs

    PropertyChangedConditionPropertiesResponse, PropertyChangedConditionPropertiesResponseArgs

    PropertyConditionProperties, PropertyConditionPropertiesArgs

    PropertyConditionPropertiesResponse, PropertyConditionPropertiesResponseArgs

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    TriggersOn, TriggersOnArgs

    Incidents
    IncidentsTrigger on Incidents
    Alerts
    AlertsTrigger on Alerts
    TriggersOnIncidents
    IncidentsTrigger on Incidents
    TriggersOnAlerts
    AlertsTrigger on Alerts
    Incidents
    IncidentsTrigger on Incidents
    Alerts
    AlertsTrigger on Alerts
    Incidents
    IncidentsTrigger on Incidents
    Alerts
    AlertsTrigger on Alerts
    INCIDENTS
    IncidentsTrigger on Incidents
    ALERTS
    AlertsTrigger on Alerts
    "Incidents"
    IncidentsTrigger on Incidents
    "Alerts"
    AlertsTrigger on Alerts

    TriggersWhen, TriggersWhenArgs

    Created
    CreatedTrigger on created objects
    Updated
    UpdatedTrigger on updated objects
    TriggersWhenCreated
    CreatedTrigger on created objects
    TriggersWhenUpdated
    UpdatedTrigger on updated objects
    Created
    CreatedTrigger on created objects
    Updated
    UpdatedTrigger on updated objects
    Created
    CreatedTrigger on created objects
    Updated
    UpdatedTrigger on updated objects
    CREATED
    CreatedTrigger on created objects
    UPDATED
    UpdatedTrigger on updated objects
    "Created"
    CreatedTrigger on created objects
    "Updated"
    UpdatedTrigger on updated objects

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId} 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.50.1 published on Tuesday, Jul 16, 2024 by Pulumi