1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. getScheduledAlertRule
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.33.0 published on Friday, Mar 22, 2024 by Pulumi

azure-native.securityinsights.getScheduledAlertRule

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.33.0 published on Friday, Mar 22, 2024 by Pulumi

    Gets the alert rule. Azure REST API version: 2023-02-01.

    Using getScheduledAlertRule

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getScheduledAlertRule(args: GetScheduledAlertRuleArgs, opts?: InvokeOptions): Promise<GetScheduledAlertRuleResult>
    function getScheduledAlertRuleOutput(args: GetScheduledAlertRuleOutputArgs, opts?: InvokeOptions): Output<GetScheduledAlertRuleResult>
    def get_scheduled_alert_rule(resource_group_name: Optional[str] = None,
                                 rule_id: Optional[str] = None,
                                 workspace_name: Optional[str] = None,
                                 opts: Optional[InvokeOptions] = None) -> GetScheduledAlertRuleResult
    def get_scheduled_alert_rule_output(resource_group_name: Optional[pulumi.Input[str]] = None,
                                 rule_id: Optional[pulumi.Input[str]] = None,
                                 workspace_name: Optional[pulumi.Input[str]] = None,
                                 opts: Optional[InvokeOptions] = None) -> Output[GetScheduledAlertRuleResult]
    func LookupScheduledAlertRule(ctx *Context, args *LookupScheduledAlertRuleArgs, opts ...InvokeOption) (*LookupScheduledAlertRuleResult, error)
    func LookupScheduledAlertRuleOutput(ctx *Context, args *LookupScheduledAlertRuleOutputArgs, opts ...InvokeOption) LookupScheduledAlertRuleResultOutput

    > Note: This function is named LookupScheduledAlertRule in the Go SDK.

    public static class GetScheduledAlertRule 
    {
        public static Task<GetScheduledAlertRuleResult> InvokeAsync(GetScheduledAlertRuleArgs args, InvokeOptions? opts = null)
        public static Output<GetScheduledAlertRuleResult> Invoke(GetScheduledAlertRuleInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetScheduledAlertRuleResult> getScheduledAlertRule(GetScheduledAlertRuleArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure-native:securityinsights:getScheduledAlertRule
      arguments:
        # arguments dictionary

    The following arguments are supported:

    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    RuleId string
    Alert rule ID
    WorkspaceName string
    The name of the workspace.
    ResourceGroupName string
    The name of the resource group. The name is case insensitive.
    RuleId string
    Alert rule ID
    WorkspaceName string
    The name of the workspace.
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    ruleId String
    Alert rule ID
    workspaceName String
    The name of the workspace.
    resourceGroupName string
    The name of the resource group. The name is case insensitive.
    ruleId string
    Alert rule ID
    workspaceName string
    The name of the workspace.
    resource_group_name str
    The name of the resource group. The name is case insensitive.
    rule_id str
    Alert rule ID
    workspace_name str
    The name of the workspace.
    resourceGroupName String
    The name of the resource group. The name is case insensitive.
    ruleId String
    Alert rule ID
    workspaceName String
    The name of the workspace.

    getScheduledAlertRule Result

    The following output properties are available:

    DisplayName string
    The display name for alerts created by this alert rule.
    Enabled bool
    Determines whether this alert rule is enabled or disabled.
    Id string
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    LastModifiedUtc string
    The last time that this alert rule has been modified.
    Name string
    The name of the resource
    Query string
    The query that creates alerts for this rule.
    QueryFrequency string
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    QueryPeriod string
    The period (in ISO 8601 duration format) that this alert rule looks at.
    Severity string
    The severity for alerts created by this alert rule.
    SuppressionDuration string
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    SuppressionEnabled bool
    Determines whether the suppression for this alert rule is enabled or disabled.
    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    TriggerOperator string
    The operation against the threshold that triggers alert rule.
    TriggerThreshold int
    The threshold triggers this alert rule.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    AlertDetailsOverride Pulumi.AzureNative.SecurityInsights.Outputs.AlertDetailsOverrideResponse
    The alert details override settings
    AlertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    CustomDetails Dictionary<string, string>
    Dictionary of string key-value pairs of columns to be attached to the alert
    Description string
    The description of the alert rule.
    EntityMappings List<Pulumi.AzureNative.SecurityInsights.Outputs.EntityMappingResponse>
    Array of the entity mappings of the alert rule
    Etag string
    Etag of the azure resource
    EventGroupingSettings Pulumi.AzureNative.SecurityInsights.Outputs.EventGroupingSettingsResponse
    The event grouping settings.
    IncidentConfiguration Pulumi.AzureNative.SecurityInsights.Outputs.IncidentConfigurationResponse
    The settings of the incidents that created from alerts triggered by this analytics rule
    Tactics List<string>
    The tactics of the alert rule
    Techniques List<string>
    The techniques of the alert rule
    TemplateVersion string
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    DisplayName string
    The display name for alerts created by this alert rule.
    Enabled bool
    Determines whether this alert rule is enabled or disabled.
    Id string
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    LastModifiedUtc string
    The last time that this alert rule has been modified.
    Name string
    The name of the resource
    Query string
    The query that creates alerts for this rule.
    QueryFrequency string
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    QueryPeriod string
    The period (in ISO 8601 duration format) that this alert rule looks at.
    Severity string
    The severity for alerts created by this alert rule.
    SuppressionDuration string
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    SuppressionEnabled bool
    Determines whether the suppression for this alert rule is enabled or disabled.
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    TriggerOperator string
    The operation against the threshold that triggers alert rule.
    TriggerThreshold int
    The threshold triggers this alert rule.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    AlertDetailsOverride AlertDetailsOverrideResponse
    The alert details override settings
    AlertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    CustomDetails map[string]string
    Dictionary of string key-value pairs of columns to be attached to the alert
    Description string
    The description of the alert rule.
    EntityMappings []EntityMappingResponse
    Array of the entity mappings of the alert rule
    Etag string
    Etag of the azure resource
    EventGroupingSettings EventGroupingSettingsResponse
    The event grouping settings.
    IncidentConfiguration IncidentConfigurationResponse
    The settings of the incidents that created from alerts triggered by this analytics rule
    Tactics []string
    The tactics of the alert rule
    Techniques []string
    The techniques of the alert rule
    TemplateVersion string
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    displayName String
    The display name for alerts created by this alert rule.
    enabled Boolean
    Determines whether this alert rule is enabled or disabled.
    id String
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    lastModifiedUtc String
    The last time that this alert rule has been modified.
    name String
    The name of the resource
    query String
    The query that creates alerts for this rule.
    queryFrequency String
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    queryPeriod String
    The period (in ISO 8601 duration format) that this alert rule looks at.
    severity String
    The severity for alerts created by this alert rule.
    suppressionDuration String
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    suppressionEnabled Boolean
    Determines whether the suppression for this alert rule is enabled or disabled.
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    triggerOperator String
    The operation against the threshold that triggers alert rule.
    triggerThreshold Integer
    The threshold triggers this alert rule.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    alertDetailsOverride AlertDetailsOverrideResponse
    The alert details override settings
    alertRuleTemplateName String
    The Name of the alert rule template used to create this rule.
    customDetails Map<String,String>
    Dictionary of string key-value pairs of columns to be attached to the alert
    description String
    The description of the alert rule.
    entityMappings List<EntityMappingResponse>
    Array of the entity mappings of the alert rule
    etag String
    Etag of the azure resource
    eventGroupingSettings EventGroupingSettingsResponse
    The event grouping settings.
    incidentConfiguration IncidentConfigurationResponse
    The settings of the incidents that created from alerts triggered by this analytics rule
    tactics List<String>
    The tactics of the alert rule
    techniques List<String>
    The techniques of the alert rule
    templateVersion String
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    displayName string
    The display name for alerts created by this alert rule.
    enabled boolean
    Determines whether this alert rule is enabled or disabled.
    id string
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    lastModifiedUtc string
    The last time that this alert rule has been modified.
    name string
    The name of the resource
    query string
    The query that creates alerts for this rule.
    queryFrequency string
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    queryPeriod string
    The period (in ISO 8601 duration format) that this alert rule looks at.
    severity string
    The severity for alerts created by this alert rule.
    suppressionDuration string
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    suppressionEnabled boolean
    Determines whether the suppression for this alert rule is enabled or disabled.
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    triggerOperator string
    The operation against the threshold that triggers alert rule.
    triggerThreshold number
    The threshold triggers this alert rule.
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    alertDetailsOverride AlertDetailsOverrideResponse
    The alert details override settings
    alertRuleTemplateName string
    The Name of the alert rule template used to create this rule.
    customDetails {[key: string]: string}
    Dictionary of string key-value pairs of columns to be attached to the alert
    description string
    The description of the alert rule.
    entityMappings EntityMappingResponse[]
    Array of the entity mappings of the alert rule
    etag string
    Etag of the azure resource
    eventGroupingSettings EventGroupingSettingsResponse
    The event grouping settings.
    incidentConfiguration IncidentConfigurationResponse
    The settings of the incidents that created from alerts triggered by this analytics rule
    tactics string[]
    The tactics of the alert rule
    techniques string[]
    The techniques of the alert rule
    templateVersion string
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    display_name str
    The display name for alerts created by this alert rule.
    enabled bool
    Determines whether this alert rule is enabled or disabled.
    id str
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    last_modified_utc str
    The last time that this alert rule has been modified.
    name str
    The name of the resource
    query str
    The query that creates alerts for this rule.
    query_frequency str
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    query_period str
    The period (in ISO 8601 duration format) that this alert rule looks at.
    severity str
    The severity for alerts created by this alert rule.
    suppression_duration str
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    suppression_enabled bool
    Determines whether the suppression for this alert rule is enabled or disabled.
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    trigger_operator str
    The operation against the threshold that triggers alert rule.
    trigger_threshold int
    The threshold triggers this alert rule.
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    alert_details_override AlertDetailsOverrideResponse
    The alert details override settings
    alert_rule_template_name str
    The Name of the alert rule template used to create this rule.
    custom_details Mapping[str, str]
    Dictionary of string key-value pairs of columns to be attached to the alert
    description str
    The description of the alert rule.
    entity_mappings Sequence[EntityMappingResponse]
    Array of the entity mappings of the alert rule
    etag str
    Etag of the azure resource
    event_grouping_settings EventGroupingSettingsResponse
    The event grouping settings.
    incident_configuration IncidentConfigurationResponse
    The settings of the incidents that created from alerts triggered by this analytics rule
    tactics Sequence[str]
    The tactics of the alert rule
    techniques Sequence[str]
    The techniques of the alert rule
    template_version str
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
    displayName String
    The display name for alerts created by this alert rule.
    enabled Boolean
    Determines whether this alert rule is enabled or disabled.
    id String
    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
    lastModifiedUtc String
    The last time that this alert rule has been modified.
    name String
    The name of the resource
    query String
    The query that creates alerts for this rule.
    queryFrequency String
    The frequency (in ISO 8601 duration format) for this alert rule to run.
    queryPeriod String
    The period (in ISO 8601 duration format) that this alert rule looks at.
    severity String
    The severity for alerts created by this alert rule.
    suppressionDuration String
    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
    suppressionEnabled Boolean
    Determines whether the suppression for this alert rule is enabled or disabled.
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    triggerOperator String
    The operation against the threshold that triggers alert rule.
    triggerThreshold Number
    The threshold triggers this alert rule.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    alertDetailsOverride Property Map
    The alert details override settings
    alertRuleTemplateName String
    The Name of the alert rule template used to create this rule.
    customDetails Map<String>
    Dictionary of string key-value pairs of columns to be attached to the alert
    description String
    The description of the alert rule.
    entityMappings List<Property Map>
    Array of the entity mappings of the alert rule
    etag String
    Etag of the azure resource
    eventGroupingSettings Property Map
    The event grouping settings.
    incidentConfiguration Property Map
    The settings of the incidents that created from alerts triggered by this analytics rule
    tactics List<String>
    The tactics of the alert rule
    techniques List<String>
    The techniques of the alert rule
    templateVersion String
    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>

    Supporting Types

    AlertDetailsOverrideResponse

    AlertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    AlertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    AlertDynamicProperties List<Pulumi.AzureNative.SecurityInsights.Inputs.AlertPropertyMappingResponse>
    List of additional dynamic properties to override
    AlertSeverityColumnName string
    the column name to take the alert severity from
    AlertTacticsColumnName string
    the column name to take the alert tactics from
    AlertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    AlertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    AlertDynamicProperties []AlertPropertyMappingResponse
    List of additional dynamic properties to override
    AlertSeverityColumnName string
    the column name to take the alert severity from
    AlertTacticsColumnName string
    the column name to take the alert tactics from
    alertDescriptionFormat String
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat String
    the format containing columns name(s) to override the alert name
    alertDynamicProperties List<AlertPropertyMappingResponse>
    List of additional dynamic properties to override
    alertSeverityColumnName String
    the column name to take the alert severity from
    alertTacticsColumnName String
    the column name to take the alert tactics from
    alertDescriptionFormat string
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat string
    the format containing columns name(s) to override the alert name
    alertDynamicProperties AlertPropertyMappingResponse[]
    List of additional dynamic properties to override
    alertSeverityColumnName string
    the column name to take the alert severity from
    alertTacticsColumnName string
    the column name to take the alert tactics from
    alert_description_format str
    the format containing columns name(s) to override the alert description
    alert_display_name_format str
    the format containing columns name(s) to override the alert name
    alert_dynamic_properties Sequence[AlertPropertyMappingResponse]
    List of additional dynamic properties to override
    alert_severity_column_name str
    the column name to take the alert severity from
    alert_tactics_column_name str
    the column name to take the alert tactics from
    alertDescriptionFormat String
    the format containing columns name(s) to override the alert description
    alertDisplayNameFormat String
    the format containing columns name(s) to override the alert name
    alertDynamicProperties List<Property Map>
    List of additional dynamic properties to override
    alertSeverityColumnName String
    the column name to take the alert severity from
    alertTacticsColumnName String
    the column name to take the alert tactics from

    AlertPropertyMappingResponse

    AlertProperty string
    The V3 alert property
    Value string
    the column name to use to override this property
    AlertProperty string
    The V3 alert property
    Value string
    the column name to use to override this property
    alertProperty String
    The V3 alert property
    value String
    the column name to use to override this property
    alertProperty string
    The V3 alert property
    value string
    the column name to use to override this property
    alert_property str
    The V3 alert property
    value str
    the column name to use to override this property
    alertProperty String
    The V3 alert property
    value String
    the column name to use to override this property

    EntityMappingResponse

    EntityType string
    The V3 type of the mapped entity
    FieldMappings List<Pulumi.AzureNative.SecurityInsights.Inputs.FieldMappingResponse>
    array of field mappings for the given entity mapping
    EntityType string
    The V3 type of the mapped entity
    FieldMappings []FieldMappingResponse
    array of field mappings for the given entity mapping
    entityType String
    The V3 type of the mapped entity
    fieldMappings List<FieldMappingResponse>
    array of field mappings for the given entity mapping
    entityType string
    The V3 type of the mapped entity
    fieldMappings FieldMappingResponse[]
    array of field mappings for the given entity mapping
    entity_type str
    The V3 type of the mapped entity
    field_mappings Sequence[FieldMappingResponse]
    array of field mappings for the given entity mapping
    entityType String
    The V3 type of the mapped entity
    fieldMappings List<Property Map>
    array of field mappings for the given entity mapping

    EventGroupingSettingsResponse

    AggregationKind string
    The event grouping aggregation kinds
    AggregationKind string
    The event grouping aggregation kinds
    aggregationKind String
    The event grouping aggregation kinds
    aggregationKind string
    The event grouping aggregation kinds
    aggregation_kind str
    The event grouping aggregation kinds
    aggregationKind String
    The event grouping aggregation kinds

    FieldMappingResponse

    ColumnName string
    the column name to be mapped to the identifier
    Identifier string
    the V3 identifier of the entity
    ColumnName string
    the column name to be mapped to the identifier
    Identifier string
    the V3 identifier of the entity
    columnName String
    the column name to be mapped to the identifier
    identifier String
    the V3 identifier of the entity
    columnName string
    the column name to be mapped to the identifier
    identifier string
    the V3 identifier of the entity
    column_name str
    the column name to be mapped to the identifier
    identifier str
    the V3 identifier of the entity
    columnName String
    the column name to be mapped to the identifier
    identifier String
    the V3 identifier of the entity

    GroupingConfigurationResponse

    Enabled bool
    Grouping enabled
    LookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    MatchingMethod string
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    ReopenClosedIncident bool
    Re-open closed matching incidents
    GroupByAlertDetails List<string>
    A list of alert details to group by (when matchingMethod is Selected)
    GroupByCustomDetails List<string>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    GroupByEntities List<string>
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    Enabled bool
    Grouping enabled
    LookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    MatchingMethod string
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    ReopenClosedIncident bool
    Re-open closed matching incidents
    GroupByAlertDetails []string
    A list of alert details to group by (when matchingMethod is Selected)
    GroupByCustomDetails []string
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    GroupByEntities []string
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled Boolean
    Grouping enabled
    lookbackDuration String
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod String
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident Boolean
    Re-open closed matching incidents
    groupByAlertDetails List<String>
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails List<String>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities List<String>
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled boolean
    Grouping enabled
    lookbackDuration string
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod string
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident boolean
    Re-open closed matching incidents
    groupByAlertDetails string[]
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails string[]
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities string[]
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled bool
    Grouping enabled
    lookback_duration str
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matching_method str
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopen_closed_incident bool
    Re-open closed matching incidents
    group_by_alert_details Sequence[str]
    A list of alert details to group by (when matchingMethod is Selected)
    group_by_custom_details Sequence[str]
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    group_by_entities Sequence[str]
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.
    enabled Boolean
    Grouping enabled
    lookbackDuration String
    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)
    matchingMethod String
    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.
    reopenClosedIncident Boolean
    Re-open closed matching incidents
    groupByAlertDetails List<String>
    A list of alert details to group by (when matchingMethod is Selected)
    groupByCustomDetails List<String>
    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.
    groupByEntities List<String>
    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    IncidentConfigurationResponse

    CreateIncident bool
    Create incidents from alerts triggered by this analytics rule
    GroupingConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    CreateIncident bool
    Create incidents from alerts triggered by this analytics rule
    GroupingConfiguration GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident Boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    create_incident bool
    Create incidents from alerts triggered by this analytics rule
    grouping_configuration GroupingConfigurationResponse
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents
    createIncident Boolean
    Create incidents from alerts triggered by this analytics rule
    groupingConfiguration Property Map
    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    SystemDataResponse

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.33.0 published on Friday, Mar 22, 2024 by Pulumi