Azure Native v3.5.1, Jun 6 25

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.5.1 published on Friday, Jun 6, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.securityinsights.getIncident

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.5.1 published on Friday, Jun 6, 2025 by Pulumi

pulumi/pulumi-azure-native

Other available API versions: 2023-02-01, 2023-03-01-preview, 2023-04-01-preview, 2023-05-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview, 2024-10-01-preview, 2025-01-01-preview, 2025-03-01, 2025-04-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native securityinsights [ApiVersion]. See the version guide for details.

Using getIncident

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getIncident(args: GetIncidentArgs, opts?: InvokeOptions): Promise<GetIncidentResult>
function getIncidentOutput(args: GetIncidentOutputArgs, opts?: InvokeOptions): Output<GetIncidentResult>

def get_incident(incident_id: Optional[str] = None,
                 resource_group_name: Optional[str] = None,
                 workspace_name: Optional[str] = None,
                 opts: Optional[InvokeOptions] = None) -> GetIncidentResult
def get_incident_output(incident_id: Optional[pulumi.Input[str]] = None,
                 resource_group_name: Optional[pulumi.Input[str]] = None,
                 workspace_name: Optional[pulumi.Input[str]] = None,
                 opts: Optional[InvokeOptions] = None) -> Output[GetIncidentResult]

func LookupIncident(ctx *Context, args *LookupIncidentArgs, opts ...InvokeOption) (*LookupIncidentResult, error)
func LookupIncidentOutput(ctx *Context, args *LookupIncidentOutputArgs, opts ...InvokeOption) LookupIncidentResultOutput

> Note: This function is named LookupIncident in the Go SDK.

public static class GetIncident 
{
    public static Task<GetIncidentResult> InvokeAsync(GetIncidentArgs args, InvokeOptions? opts = null)
    public static Output<GetIncidentResult> Invoke(GetIncidentInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetIncidentResult> getIncident(GetIncidentArgs args, InvokeOptions options)
public static Output<GetIncidentResult> getIncident(GetIncidentArgs args, InvokeOptions options)

fn::invoke:
  function: azure-native:securityinsights:getIncident
  arguments:
    # arguments dictionary

The following arguments are supported:

IncidentId string: Incident ID
ResourceGroupName string: The name of the resource group. The name is case insensitive.
WorkspaceName string: The name of the workspace.

IncidentId string: Incident ID
ResourceGroupName string: The name of the resource group. The name is case insensitive.
WorkspaceName string: The name of the workspace.

incidentId String: Incident ID
resourceGroupName String: The name of the resource group. The name is case insensitive.
workspaceName String: The name of the workspace.

incidentId string: Incident ID
resourceGroupName string: The name of the resource group. The name is case insensitive.
workspaceName string: The name of the workspace.

incident_id str: Incident ID
resource_group_name str: The name of the resource group. The name is case insensitive.
workspace_name str: The name of the workspace.

incidentId String: Incident ID
resourceGroupName String: The name of the resource group. The name is case insensitive.
workspaceName String: The name of the workspace.

getIncident Result

The following output properties are available:

AdditionalData Pulumi.AzureNative.SecurityInsights.Outputs.IncidentAdditionalDataResponse: Additional data on the incident
AzureApiVersion string: The Azure API version of the resource.
CreatedTimeUtc string: The time the incident was created
Id string: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
IncidentNumber int: A sequential number
IncidentUrl string: The deep-link url to the incident in Azure portal
LastModifiedTimeUtc string: The last time the incident was updated
Name string: The name of the resource
ProviderIncidentId string: The incident ID assigned by the incident provider
ProviderName string: The name of the source provider that generated the incident
RelatedAnalyticRuleIds List<string>: List of resource ids of Analytic rules related to the incident
Severity string: The severity of the incident
Status string: The status of the incident
SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Title string: The title of the incident
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed
ClassificationReason string: The classification reason the incident was closed with
Description string: The description of the incident
Etag string: Etag of the azure resource
FirstActivityTimeUtc string: The time of the first activity in the incident
Labels List<Pulumi.AzureNative.SecurityInsights.Outputs.IncidentLabelResponse>: List of labels relevant to this incident
LastActivityTimeUtc string: The time of the last activity in the incident
Owner Pulumi.AzureNative.SecurityInsights.Outputs.IncidentOwnerInfoResponse: Describes a user that the incident is assigned to

AdditionalData IncidentAdditionalDataResponse: Additional data on the incident
AzureApiVersion string: The Azure API version of the resource.
CreatedTimeUtc string: The time the incident was created
Id string: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
IncidentNumber int: A sequential number
IncidentUrl string: The deep-link url to the incident in Azure portal
LastModifiedTimeUtc string: The last time the incident was updated
Name string: The name of the resource
ProviderIncidentId string: The incident ID assigned by the incident provider
ProviderName string: The name of the source provider that generated the incident
RelatedAnalyticRuleIds []string: List of resource ids of Analytic rules related to the incident
Severity string: The severity of the incident
Status string: The status of the incident
SystemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Title string: The title of the incident
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Classification string: The reason the incident was closed
ClassificationComment string: Describes the reason the incident was closed
ClassificationReason string: The classification reason the incident was closed with
Description string: The description of the incident
Etag string: Etag of the azure resource
FirstActivityTimeUtc string: The time of the first activity in the incident
Labels []IncidentLabelResponse: List of labels relevant to this incident
LastActivityTimeUtc string: The time of the last activity in the incident
Owner IncidentOwnerInfoResponse: Describes a user that the incident is assigned to

additionalData IncidentAdditionalDataResponse: Additional data on the incident
azureApiVersion String: The Azure API version of the resource.
createdTimeUtc String: The time the incident was created
id String: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
incidentNumber Integer: A sequential number
incidentUrl String: The deep-link url to the incident in Azure portal
lastModifiedTimeUtc String: The last time the incident was updated
name String: The name of the resource
providerIncidentId String: The incident ID assigned by the incident provider
providerName String: The name of the source provider that generated the incident
relatedAnalyticRuleIds List<String>: List of resource ids of Analytic rules related to the incident
severity String: The severity of the incident
status String: The status of the incident
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
title String: The title of the incident
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed
classificationReason String: The classification reason the incident was closed with
description String: The description of the incident
etag String: Etag of the azure resource
firstActivityTimeUtc String: The time of the first activity in the incident
labels List<IncidentLabelResponse>: List of labels relevant to this incident
lastActivityTimeUtc String: The time of the last activity in the incident
owner IncidentOwnerInfoResponse: Describes a user that the incident is assigned to

additionalData IncidentAdditionalDataResponse: Additional data on the incident
azureApiVersion string: The Azure API version of the resource.
createdTimeUtc string: The time the incident was created
id string: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
incidentNumber number: A sequential number
incidentUrl string: The deep-link url to the incident in Azure portal
lastModifiedTimeUtc string: The last time the incident was updated
name string: The name of the resource
providerIncidentId string: The incident ID assigned by the incident provider
providerName string: The name of the source provider that generated the incident
relatedAnalyticRuleIds string[]: List of resource ids of Analytic rules related to the incident
severity string: The severity of the incident
status string: The status of the incident
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
title string: The title of the incident
type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
classification string: The reason the incident was closed
classificationComment string: Describes the reason the incident was closed
classificationReason string: The classification reason the incident was closed with
description string: The description of the incident
etag string: Etag of the azure resource
firstActivityTimeUtc string: The time of the first activity in the incident
labels IncidentLabelResponse[]: List of labels relevant to this incident
lastActivityTimeUtc string: The time of the last activity in the incident
owner IncidentOwnerInfoResponse: Describes a user that the incident is assigned to

additional_data IncidentAdditionalDataResponse: Additional data on the incident
azure_api_version str: The Azure API version of the resource.
created_time_utc str: The time the incident was created
id str: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
incident_number int: A sequential number
incident_url str: The deep-link url to the incident in Azure portal
last_modified_time_utc str: The last time the incident was updated
name str: The name of the resource
provider_incident_id str: The incident ID assigned by the incident provider
provider_name str: The name of the source provider that generated the incident
related_analytic_rule_ids Sequence[str]: List of resource ids of Analytic rules related to the incident
severity str: The severity of the incident
status str: The status of the incident
system_data SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
title str: The title of the incident
type str: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
classification str: The reason the incident was closed
classification_comment str: Describes the reason the incident was closed
classification_reason str: The classification reason the incident was closed with
description str: The description of the incident
etag str: Etag of the azure resource
first_activity_time_utc str: The time of the first activity in the incident
labels Sequence[IncidentLabelResponse]: List of labels relevant to this incident
last_activity_time_utc str: The time of the last activity in the incident
owner IncidentOwnerInfoResponse: Describes a user that the incident is assigned to

additionalData Property Map: Additional data on the incident
azureApiVersion String: The Azure API version of the resource.
createdTimeUtc String: The time the incident was created
id String: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
incidentNumber Number: A sequential number
incidentUrl String: The deep-link url to the incident in Azure portal
lastModifiedTimeUtc String: The last time the incident was updated
name String: The name of the resource
providerIncidentId String: The incident ID assigned by the incident provider
providerName String: The name of the source provider that generated the incident
relatedAnalyticRuleIds List<String>: List of resource ids of Analytic rules related to the incident
severity String: The severity of the incident
status String: The status of the incident
systemData Property Map: Azure Resource Manager metadata containing createdBy and modifiedBy information.
title String: The title of the incident
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
classification String: The reason the incident was closed
classificationComment String: Describes the reason the incident was closed
classificationReason String: The classification reason the incident was closed with
description String: The description of the incident
etag String: Etag of the azure resource
firstActivityTimeUtc String: The time of the first activity in the incident
labels List<Property Map>: List of labels relevant to this incident
lastActivityTimeUtc String: The time of the last activity in the incident
owner Property Map: Describes a user that the incident is assigned to

Supporting Types

IncidentAdditionalDataResponse

AlertProductNames List<string>: List of product names of alerts in the incident
AlertsCount int: The number of alerts in the incident
BookmarksCount int: The number of bookmarks in the incident
CommentsCount int: The number of comments in the incident
ProviderIncidentUrl string: The provider incident url to the incident in Microsoft 365 Defender portal
Tactics List<string>: The tactics associated with incident

AlertProductNames []string: List of product names of alerts in the incident
AlertsCount int: The number of alerts in the incident
BookmarksCount int: The number of bookmarks in the incident
CommentsCount int: The number of comments in the incident
ProviderIncidentUrl string: The provider incident url to the incident in Microsoft 365 Defender portal
Tactics []string: The tactics associated with incident

alertProductNames List<String>: List of product names of alerts in the incident
alertsCount Integer: The number of alerts in the incident
bookmarksCount Integer: The number of bookmarks in the incident
commentsCount Integer: The number of comments in the incident
providerIncidentUrl String: The provider incident url to the incident in Microsoft 365 Defender portal
tactics List<String>: The tactics associated with incident

alertProductNames string[]: List of product names of alerts in the incident
alertsCount number: The number of alerts in the incident
bookmarksCount number: The number of bookmarks in the incident
commentsCount number: The number of comments in the incident
providerIncidentUrl string: The provider incident url to the incident in Microsoft 365 Defender portal
tactics string[]: The tactics associated with incident

alert_product_names Sequence[str]: List of product names of alerts in the incident
alerts_count int: The number of alerts in the incident
bookmarks_count int: The number of bookmarks in the incident
comments_count int: The number of comments in the incident
provider_incident_url str: The provider incident url to the incident in Microsoft 365 Defender portal
tactics Sequence[str]: The tactics associated with incident

alertProductNames List<String>: List of product names of alerts in the incident
alertsCount Number: The number of alerts in the incident
bookmarksCount Number: The number of bookmarks in the incident
commentsCount Number: The number of comments in the incident
providerIncidentUrl String: The provider incident url to the incident in Microsoft 365 Defender portal
tactics List<String>: The tactics associated with incident

IncidentLabelResponse

LabelName string: The name of the label
LabelType string: The type of the label

LabelName string: The name of the label
LabelType string: The type of the label

labelName String: The name of the label
labelType String: The type of the label

labelName string: The name of the label
labelType string: The type of the label

label_name str: The name of the label
label_type str: The type of the label

labelName String: The name of the label
labelType String: The type of the label

IncidentOwnerInfoResponse

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

AssignedTo string: The name of the user the incident is assigned to.
Email string: The email of the user the incident is assigned to.
ObjectId string: The object id of the user the incident is assigned to.
OwnerType string: The type of the owner the incident is assigned to.
UserPrincipalName string: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

assignedTo string: The name of the user the incident is assigned to.
email string: The email of the user the incident is assigned to.
objectId string: The object id of the user the incident is assigned to.
ownerType string: The type of the owner the incident is assigned to.
userPrincipalName string: The user principal name of the user the incident is assigned to.

assigned_to str: The name of the user the incident is assigned to.
email str: The email of the user the incident is assigned to.
object_id str: The object id of the user the incident is assigned to.
owner_type str: The type of the owner the incident is assigned to.
user_principal_name str: The user principal name of the user the incident is assigned to.

assignedTo String: The name of the user the incident is assigned to.
email String: The email of the user the incident is assigned to.
objectId String: The object id of the user the incident is assigned to.
ownerType String: The type of the owner the incident is assigned to.
userPrincipalName String: The user principal name of the user the incident is assigned to.

SystemDataResponse

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.5.1 published on Friday, Jun 6, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.securityinsights.getIncident

On this page

On this page

Using getIncident

getIncident Result

Supporting Types

IncidentAdditionalDataResponse

IncidentLabelResponse

IncidentOwnerInfoResponse

SystemDataResponse

Package Details

On this page

On this page