1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. getScheduledAlertRule
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.21.2 published on Friday, Dec 8, 2023 by Pulumi

azure-native.securityinsights.getScheduledAlertRule

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.21.2 published on Friday, Dec 8, 2023 by Pulumi

    Gets the alert rule. Azure REST API version: 2023-02-01.

    Using getScheduledAlertRule

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getScheduledAlertRule(args: GetScheduledAlertRuleArgs, opts?: InvokeOptions): Promise<GetScheduledAlertRuleResult>
    function getScheduledAlertRuleOutput(args: GetScheduledAlertRuleOutputArgs, opts?: InvokeOptions): Output<GetScheduledAlertRuleResult>
    def get_scheduled_alert_rule(resource_group_name: Optional[str] = None,
                                 rule_id: Optional[str] = None,
                                 workspace_name: Optional[str] = None,
                                 opts: Optional[InvokeOptions] = None) -> GetScheduledAlertRuleResult
    def get_scheduled_alert_rule_output(resource_group_name: Optional[pulumi.Input[str]] = None,
                                 rule_id: Optional[pulumi.Input[str]] = None,
                                 workspace_name: Optional[pulumi.Input[str]] = None,
                                 opts: Optional[InvokeOptions] = None) -> Output[GetScheduledAlertRuleResult]
    func LookupScheduledAlertRule(ctx *Context, args *LookupScheduledAlertRuleArgs, opts ...InvokeOption) (*LookupScheduledAlertRuleResult, error)
    func LookupScheduledAlertRuleOutput(ctx *Context, args *LookupScheduledAlertRuleOutputArgs, opts ...InvokeOption) LookupScheduledAlertRuleResultOutput

    > Note: This function is named LookupScheduledAlertRule in the Go SDK.

    public static class GetScheduledAlertRule 
    {
        public static Task<GetScheduledAlertRuleResult> InvokeAsync(GetScheduledAlertRuleArgs args, InvokeOptions? opts = null)
        public static Output<GetScheduledAlertRuleResult> Invoke(GetScheduledAlertRuleInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetScheduledAlertRuleResult> getScheduledAlertRule(GetScheduledAlertRuleArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure-native:securityinsights:getScheduledAlertRule
      arguments:
        # arguments dictionary

    The following arguments are supported:

    ResourceGroupName string

    The name of the resource group. The name is case insensitive.

    RuleId string

    Alert rule ID

    WorkspaceName string

    The name of the workspace.

    ResourceGroupName string

    The name of the resource group. The name is case insensitive.

    RuleId string

    Alert rule ID

    WorkspaceName string

    The name of the workspace.

    resourceGroupName String

    The name of the resource group. The name is case insensitive.

    ruleId String

    Alert rule ID

    workspaceName String

    The name of the workspace.

    resourceGroupName string

    The name of the resource group. The name is case insensitive.

    ruleId string

    Alert rule ID

    workspaceName string

    The name of the workspace.

    resource_group_name str

    The name of the resource group. The name is case insensitive.

    rule_id str

    Alert rule ID

    workspace_name str

    The name of the workspace.

    resourceGroupName String

    The name of the resource group. The name is case insensitive.

    ruleId String

    Alert rule ID

    workspaceName String

    The name of the workspace.

    getScheduledAlertRule Result

    The following output properties are available:

    DisplayName string

    The display name for alerts created by this alert rule.

    Enabled bool

    Determines whether this alert rule is enabled or disabled.

    Id string

    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

    LastModifiedUtc string

    The last time that this alert rule has been modified.

    Name string

    The name of the resource

    Query string

    The query that creates alerts for this rule.

    QueryFrequency string

    The frequency (in ISO 8601 duration format) for this alert rule to run.

    QueryPeriod string

    The period (in ISO 8601 duration format) that this alert rule looks at.

    Severity string

    The severity for alerts created by this alert rule.

    SuppressionDuration string

    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.

    SuppressionEnabled bool

    Determines whether the suppression for this alert rule is enabled or disabled.

    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    TriggerOperator string

    The operation against the threshold that triggers alert rule.

    TriggerThreshold int

    The threshold triggers this alert rule.

    Type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    AlertDetailsOverride Pulumi.AzureNative.SecurityInsights.Outputs.AlertDetailsOverrideResponse

    The alert details override settings

    AlertRuleTemplateName string

    The Name of the alert rule template used to create this rule.

    CustomDetails Dictionary<string, string>

    Dictionary of string key-value pairs of columns to be attached to the alert

    Description string

    The description of the alert rule.

    EntityMappings List<Pulumi.AzureNative.SecurityInsights.Outputs.EntityMappingResponse>

    Array of the entity mappings of the alert rule

    Etag string

    Etag of the azure resource

    EventGroupingSettings Pulumi.AzureNative.SecurityInsights.Outputs.EventGroupingSettingsResponse

    The event grouping settings.

    IncidentConfiguration Pulumi.AzureNative.SecurityInsights.Outputs.IncidentConfigurationResponse

    The settings of the incidents that created from alerts triggered by this analytics rule

    Tactics List<string>

    The tactics of the alert rule

    Techniques List<string>

    The techniques of the alert rule

    TemplateVersion string

    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>

    DisplayName string

    The display name for alerts created by this alert rule.

    Enabled bool

    Determines whether this alert rule is enabled or disabled.

    Id string

    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

    LastModifiedUtc string

    The last time that this alert rule has been modified.

    Name string

    The name of the resource

    Query string

    The query that creates alerts for this rule.

    QueryFrequency string

    The frequency (in ISO 8601 duration format) for this alert rule to run.

    QueryPeriod string

    The period (in ISO 8601 duration format) that this alert rule looks at.

    Severity string

    The severity for alerts created by this alert rule.

    SuppressionDuration string

    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.

    SuppressionEnabled bool

    Determines whether the suppression for this alert rule is enabled or disabled.

    SystemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    TriggerOperator string

    The operation against the threshold that triggers alert rule.

    TriggerThreshold int

    The threshold triggers this alert rule.

    Type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    AlertDetailsOverride AlertDetailsOverrideResponse

    The alert details override settings

    AlertRuleTemplateName string

    The Name of the alert rule template used to create this rule.

    CustomDetails map[string]string

    Dictionary of string key-value pairs of columns to be attached to the alert

    Description string

    The description of the alert rule.

    EntityMappings []EntityMappingResponse

    Array of the entity mappings of the alert rule

    Etag string

    Etag of the azure resource

    EventGroupingSettings EventGroupingSettingsResponse

    The event grouping settings.

    IncidentConfiguration IncidentConfigurationResponse

    The settings of the incidents that created from alerts triggered by this analytics rule

    Tactics []string

    The tactics of the alert rule

    Techniques []string

    The techniques of the alert rule

    TemplateVersion string

    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>

    displayName String

    The display name for alerts created by this alert rule.

    enabled Boolean

    Determines whether this alert rule is enabled or disabled.

    id String

    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

    lastModifiedUtc String

    The last time that this alert rule has been modified.

    name String

    The name of the resource

    query String

    The query that creates alerts for this rule.

    queryFrequency String

    The frequency (in ISO 8601 duration format) for this alert rule to run.

    queryPeriod String

    The period (in ISO 8601 duration format) that this alert rule looks at.

    severity String

    The severity for alerts created by this alert rule.

    suppressionDuration String

    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.

    suppressionEnabled Boolean

    Determines whether the suppression for this alert rule is enabled or disabled.

    systemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    triggerOperator String

    The operation against the threshold that triggers alert rule.

    triggerThreshold Integer

    The threshold triggers this alert rule.

    type String

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    alertDetailsOverride AlertDetailsOverrideResponse

    The alert details override settings

    alertRuleTemplateName String

    The Name of the alert rule template used to create this rule.

    customDetails Map<String,String>

    Dictionary of string key-value pairs of columns to be attached to the alert

    description String

    The description of the alert rule.

    entityMappings List<EntityMappingResponse>

    Array of the entity mappings of the alert rule

    etag String

    Etag of the azure resource

    eventGroupingSettings EventGroupingSettingsResponse

    The event grouping settings.

    incidentConfiguration IncidentConfigurationResponse

    The settings of the incidents that created from alerts triggered by this analytics rule

    tactics List<String>

    The tactics of the alert rule

    techniques List<String>

    The techniques of the alert rule

    templateVersion String

    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>

    displayName string

    The display name for alerts created by this alert rule.

    enabled boolean

    Determines whether this alert rule is enabled or disabled.

    id string

    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

    lastModifiedUtc string

    The last time that this alert rule has been modified.

    name string

    The name of the resource

    query string

    The query that creates alerts for this rule.

    queryFrequency string

    The frequency (in ISO 8601 duration format) for this alert rule to run.

    queryPeriod string

    The period (in ISO 8601 duration format) that this alert rule looks at.

    severity string

    The severity for alerts created by this alert rule.

    suppressionDuration string

    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.

    suppressionEnabled boolean

    Determines whether the suppression for this alert rule is enabled or disabled.

    systemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    triggerOperator string

    The operation against the threshold that triggers alert rule.

    triggerThreshold number

    The threshold triggers this alert rule.

    type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    alertDetailsOverride AlertDetailsOverrideResponse

    The alert details override settings

    alertRuleTemplateName string

    The Name of the alert rule template used to create this rule.

    customDetails {[key: string]: string}

    Dictionary of string key-value pairs of columns to be attached to the alert

    description string

    The description of the alert rule.

    entityMappings EntityMappingResponse[]

    Array of the entity mappings of the alert rule

    etag string

    Etag of the azure resource

    eventGroupingSettings EventGroupingSettingsResponse

    The event grouping settings.

    incidentConfiguration IncidentConfigurationResponse

    The settings of the incidents that created from alerts triggered by this analytics rule

    tactics string[]

    The tactics of the alert rule

    techniques string[]

    The techniques of the alert rule

    templateVersion string

    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>

    display_name str

    The display name for alerts created by this alert rule.

    enabled bool

    Determines whether this alert rule is enabled or disabled.

    id str

    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

    last_modified_utc str

    The last time that this alert rule has been modified.

    name str

    The name of the resource

    query str

    The query that creates alerts for this rule.

    query_frequency str

    The frequency (in ISO 8601 duration format) for this alert rule to run.

    query_period str

    The period (in ISO 8601 duration format) that this alert rule looks at.

    severity str

    The severity for alerts created by this alert rule.

    suppression_duration str

    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.

    suppression_enabled bool

    Determines whether the suppression for this alert rule is enabled or disabled.

    system_data SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    trigger_operator str

    The operation against the threshold that triggers alert rule.

    trigger_threshold int

    The threshold triggers this alert rule.

    type str

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    alert_details_override AlertDetailsOverrideResponse

    The alert details override settings

    alert_rule_template_name str

    The Name of the alert rule template used to create this rule.

    custom_details Mapping[str, str]

    Dictionary of string key-value pairs of columns to be attached to the alert

    description str

    The description of the alert rule.

    entity_mappings Sequence[EntityMappingResponse]

    Array of the entity mappings of the alert rule

    etag str

    Etag of the azure resource

    event_grouping_settings EventGroupingSettingsResponse

    The event grouping settings.

    incident_configuration IncidentConfigurationResponse

    The settings of the incidents that created from alerts triggered by this analytics rule

    tactics Sequence[str]

    The tactics of the alert rule

    techniques Sequence[str]

    The techniques of the alert rule

    template_version str

    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>

    displayName String

    The display name for alerts created by this alert rule.

    enabled Boolean

    Determines whether this alert rule is enabled or disabled.

    id String

    Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

    lastModifiedUtc String

    The last time that this alert rule has been modified.

    name String

    The name of the resource

    query String

    The query that creates alerts for this rule.

    queryFrequency String

    The frequency (in ISO 8601 duration format) for this alert rule to run.

    queryPeriod String

    The period (in ISO 8601 duration format) that this alert rule looks at.

    severity String

    The severity for alerts created by this alert rule.

    suppressionDuration String

    The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.

    suppressionEnabled Boolean

    Determines whether the suppression for this alert rule is enabled or disabled.

    systemData Property Map

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    triggerOperator String

    The operation against the threshold that triggers alert rule.

    triggerThreshold Number

    The threshold triggers this alert rule.

    type String

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    alertDetailsOverride Property Map

    The alert details override settings

    alertRuleTemplateName String

    The Name of the alert rule template used to create this rule.

    customDetails Map<String>

    Dictionary of string key-value pairs of columns to be attached to the alert

    description String

    The description of the alert rule.

    entityMappings List<Property Map>

    Array of the entity mappings of the alert rule

    etag String

    Etag of the azure resource

    eventGroupingSettings Property Map

    The event grouping settings.

    incidentConfiguration Property Map

    The settings of the incidents that created from alerts triggered by this analytics rule

    tactics List<String>

    The tactics of the alert rule

    techniques List<String>

    The techniques of the alert rule

    templateVersion String

    The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>

    Supporting Types

    AlertDetailsOverrideResponse

    AlertDescriptionFormat string

    the format containing columns name(s) to override the alert description

    AlertDisplayNameFormat string

    the format containing columns name(s) to override the alert name

    AlertDynamicProperties List<Pulumi.AzureNative.SecurityInsights.Inputs.AlertPropertyMappingResponse>

    List of additional dynamic properties to override

    AlertSeverityColumnName string

    the column name to take the alert severity from

    AlertTacticsColumnName string

    the column name to take the alert tactics from

    AlertDescriptionFormat string

    the format containing columns name(s) to override the alert description

    AlertDisplayNameFormat string

    the format containing columns name(s) to override the alert name

    AlertDynamicProperties []AlertPropertyMappingResponse

    List of additional dynamic properties to override

    AlertSeverityColumnName string

    the column name to take the alert severity from

    AlertTacticsColumnName string

    the column name to take the alert tactics from

    alertDescriptionFormat String

    the format containing columns name(s) to override the alert description

    alertDisplayNameFormat String

    the format containing columns name(s) to override the alert name

    alertDynamicProperties List<AlertPropertyMappingResponse>

    List of additional dynamic properties to override

    alertSeverityColumnName String

    the column name to take the alert severity from

    alertTacticsColumnName String

    the column name to take the alert tactics from

    alertDescriptionFormat string

    the format containing columns name(s) to override the alert description

    alertDisplayNameFormat string

    the format containing columns name(s) to override the alert name

    alertDynamicProperties AlertPropertyMappingResponse[]

    List of additional dynamic properties to override

    alertSeverityColumnName string

    the column name to take the alert severity from

    alertTacticsColumnName string

    the column name to take the alert tactics from

    alert_description_format str

    the format containing columns name(s) to override the alert description

    alert_display_name_format str

    the format containing columns name(s) to override the alert name

    alert_dynamic_properties Sequence[AlertPropertyMappingResponse]

    List of additional dynamic properties to override

    alert_severity_column_name str

    the column name to take the alert severity from

    alert_tactics_column_name str

    the column name to take the alert tactics from

    alertDescriptionFormat String

    the format containing columns name(s) to override the alert description

    alertDisplayNameFormat String

    the format containing columns name(s) to override the alert name

    alertDynamicProperties List<Property Map>

    List of additional dynamic properties to override

    alertSeverityColumnName String

    the column name to take the alert severity from

    alertTacticsColumnName String

    the column name to take the alert tactics from

    AlertPropertyMappingResponse

    AlertProperty string

    The V3 alert property

    Value string

    the column name to use to override this property

    AlertProperty string

    The V3 alert property

    Value string

    the column name to use to override this property

    alertProperty String

    The V3 alert property

    value String

    the column name to use to override this property

    alertProperty string

    The V3 alert property

    value string

    the column name to use to override this property

    alert_property str

    The V3 alert property

    value str

    the column name to use to override this property

    alertProperty String

    The V3 alert property

    value String

    the column name to use to override this property

    EntityMappingResponse

    EntityType string

    The V3 type of the mapped entity

    FieldMappings List<Pulumi.AzureNative.SecurityInsights.Inputs.FieldMappingResponse>

    array of field mappings for the given entity mapping

    EntityType string

    The V3 type of the mapped entity

    FieldMappings []FieldMappingResponse

    array of field mappings for the given entity mapping

    entityType String

    The V3 type of the mapped entity

    fieldMappings List<FieldMappingResponse>

    array of field mappings for the given entity mapping

    entityType string

    The V3 type of the mapped entity

    fieldMappings FieldMappingResponse[]

    array of field mappings for the given entity mapping

    entity_type str

    The V3 type of the mapped entity

    field_mappings Sequence[FieldMappingResponse]

    array of field mappings for the given entity mapping

    entityType String

    The V3 type of the mapped entity

    fieldMappings List<Property Map>

    array of field mappings for the given entity mapping

    EventGroupingSettingsResponse

    AggregationKind string

    The event grouping aggregation kinds

    AggregationKind string

    The event grouping aggregation kinds

    aggregationKind String

    The event grouping aggregation kinds

    aggregationKind string

    The event grouping aggregation kinds

    aggregation_kind str

    The event grouping aggregation kinds

    aggregationKind String

    The event grouping aggregation kinds

    FieldMappingResponse

    ColumnName string

    the column name to be mapped to the identifier

    Identifier string

    the V3 identifier of the entity

    ColumnName string

    the column name to be mapped to the identifier

    Identifier string

    the V3 identifier of the entity

    columnName String

    the column name to be mapped to the identifier

    identifier String

    the V3 identifier of the entity

    columnName string

    the column name to be mapped to the identifier

    identifier string

    the V3 identifier of the entity

    column_name str

    the column name to be mapped to the identifier

    identifier str

    the V3 identifier of the entity

    columnName String

    the column name to be mapped to the identifier

    identifier String

    the V3 identifier of the entity

    GroupingConfigurationResponse

    Enabled bool

    Grouping enabled

    LookbackDuration string

    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)

    MatchingMethod string

    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.

    ReopenClosedIncident bool

    Re-open closed matching incidents

    GroupByAlertDetails List<string>

    A list of alert details to group by (when matchingMethod is Selected)

    GroupByCustomDetails List<string>

    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.

    GroupByEntities List<string>

    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    Enabled bool

    Grouping enabled

    LookbackDuration string

    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)

    MatchingMethod string

    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.

    ReopenClosedIncident bool

    Re-open closed matching incidents

    GroupByAlertDetails []string

    A list of alert details to group by (when matchingMethod is Selected)

    GroupByCustomDetails []string

    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.

    GroupByEntities []string

    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    enabled Boolean

    Grouping enabled

    lookbackDuration String

    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)

    matchingMethod String

    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.

    reopenClosedIncident Boolean

    Re-open closed matching incidents

    groupByAlertDetails List<String>

    A list of alert details to group by (when matchingMethod is Selected)

    groupByCustomDetails List<String>

    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.

    groupByEntities List<String>

    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    enabled boolean

    Grouping enabled

    lookbackDuration string

    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)

    matchingMethod string

    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.

    reopenClosedIncident boolean

    Re-open closed matching incidents

    groupByAlertDetails string[]

    A list of alert details to group by (when matchingMethod is Selected)

    groupByCustomDetails string[]

    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.

    groupByEntities string[]

    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    enabled bool

    Grouping enabled

    lookback_duration str

    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)

    matching_method str

    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.

    reopen_closed_incident bool

    Re-open closed matching incidents

    group_by_alert_details Sequence[str]

    A list of alert details to group by (when matchingMethod is Selected)

    group_by_custom_details Sequence[str]

    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.

    group_by_entities Sequence[str]

    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    enabled Boolean

    Grouping enabled

    lookbackDuration String

    Limit the group to alerts created within the lookback duration (in ISO 8601 duration format)

    matchingMethod String

    Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty.

    reopenClosedIncident Boolean

    Re-open closed matching incidents

    groupByAlertDetails List<String>

    A list of alert details to group by (when matchingMethod is Selected)

    groupByCustomDetails List<String>

    A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.

    groupByEntities List<String>

    A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

    IncidentConfigurationResponse

    CreateIncident bool

    Create incidents from alerts triggered by this analytics rule

    GroupingConfiguration Pulumi.AzureNative.SecurityInsights.Inputs.GroupingConfigurationResponse

    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    CreateIncident bool

    Create incidents from alerts triggered by this analytics rule

    GroupingConfiguration GroupingConfigurationResponse

    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    createIncident Boolean

    Create incidents from alerts triggered by this analytics rule

    groupingConfiguration GroupingConfigurationResponse

    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    createIncident boolean

    Create incidents from alerts triggered by this analytics rule

    groupingConfiguration GroupingConfigurationResponse

    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    create_incident bool

    Create incidents from alerts triggered by this analytics rule

    grouping_configuration GroupingConfigurationResponse

    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    createIncident Boolean

    Create incidents from alerts triggered by this analytics rule

    groupingConfiguration Property Map

    Set how the alerts that are triggered by this analytics rule, are grouped into incidents

    SystemDataResponse

    CreatedAt string

    The timestamp of resource creation (UTC).

    CreatedBy string

    The identity that created the resource.

    CreatedByType string

    The type of identity that created the resource.

    LastModifiedAt string

    The timestamp of resource last modification (UTC)

    LastModifiedBy string

    The identity that last modified the resource.

    LastModifiedByType string

    The type of identity that last modified the resource.

    CreatedAt string

    The timestamp of resource creation (UTC).

    CreatedBy string

    The identity that created the resource.

    CreatedByType string

    The type of identity that created the resource.

    LastModifiedAt string

    The timestamp of resource last modification (UTC)

    LastModifiedBy string

    The identity that last modified the resource.

    LastModifiedByType string

    The type of identity that last modified the resource.

    createdAt String

    The timestamp of resource creation (UTC).

    createdBy String

    The identity that created the resource.

    createdByType String

    The type of identity that created the resource.

    lastModifiedAt String

    The timestamp of resource last modification (UTC)

    lastModifiedBy String

    The identity that last modified the resource.

    lastModifiedByType String

    The type of identity that last modified the resource.

    createdAt string

    The timestamp of resource creation (UTC).

    createdBy string

    The identity that created the resource.

    createdByType string

    The type of identity that created the resource.

    lastModifiedAt string

    The timestamp of resource last modification (UTC)

    lastModifiedBy string

    The identity that last modified the resource.

    lastModifiedByType string

    The type of identity that last modified the resource.

    created_at str

    The timestamp of resource creation (UTC).

    created_by str

    The identity that created the resource.

    created_by_type str

    The type of identity that created the resource.

    last_modified_at str

    The timestamp of resource last modification (UTC)

    last_modified_by str

    The identity that last modified the resource.

    last_modified_by_type str

    The type of identity that last modified the resource.

    createdAt String

    The timestamp of resource creation (UTC).

    createdBy String

    The identity that created the resource.

    createdByType String

    The type of identity that created the resource.

    lastModifiedAt String

    The timestamp of resource last modification (UTC)

    lastModifiedBy String

    The identity that last modified the resource.

    lastModifiedByType String

    The type of identity that last modified the resource.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.21.2 published on Friday, Dec 8, 2023 by Pulumi