Docs
Packages
Azure Native v1.102.0, May 2 23
Azure Native v1.102.0, May 2 23
azure-native.securityinsights.Incident
Explore with Pulumi AI
Represents an incident in Azure Security Insights. API Version: 2020-01-01.
Example Usage
Creates or updates an incident.
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var incident = new AzureNative.SecurityInsights.Incident("incident", new()
{
Classification = "FalsePositive",
ClassificationComment = "Not a malicious activity",
ClassificationReason = "IncorrectAlertLogic",
Description = "This is a demo incident",
FirstActivityTimeUtc = "2019-01-01T13:00:30Z",
IncidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
LastActivityTimeUtc = "2019-01-01T13:05:30Z",
Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
{
ObjectId = "2046feea-040d-4a46-9e2b-91c2941bfa70",
},
ResourceGroupName = "myRg",
Severity = "High",
Status = "Closed",
Title = "My incident",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native/sdk/go/azure/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewIncident(ctx, "incident", &securityinsights.IncidentArgs{
Classification: pulumi.String("FalsePositive"),
ClassificationComment: pulumi.String("Not a malicious activity"),
ClassificationReason: pulumi.String("IncorrectAlertLogic"),
Description: pulumi.String("This is a demo incident"),
FirstActivityTimeUtc: pulumi.String("2019-01-01T13:00:30Z"),
IncidentId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
LastActivityTimeUtc: pulumi.String("2019-01-01T13:05:30Z"),
Owner: &securityinsights.IncidentOwnerInfoArgs{
ObjectId: pulumi.String("2046feea-040d-4a46-9e2b-91c2941bfa70"),
},
ResourceGroupName: pulumi.String("myRg"),
Severity: pulumi.String("High"),
Status: pulumi.String("Closed"),
Title: pulumi.String("My incident"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.Incident;
import com.pulumi.azurenative.securityinsights.IncidentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var incident = new Incident("incident", IncidentArgs.builder()
.classification("FalsePositive")
.classificationComment("Not a malicious activity")
.classificationReason("IncorrectAlertLogic")
.description("This is a demo incident")
.firstActivityTimeUtc("2019-01-01T13:00:30Z")
.incidentId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.lastActivityTimeUtc("2019-01-01T13:05:30Z")
.owner(Map.of("objectId", "2046feea-040d-4a46-9e2b-91c2941bfa70"))
.resourceGroupName("myRg")
.severity("High")
.status("Closed")
.title("My incident")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
incident = azure_native.securityinsights.Incident("incident",
classification="FalsePositive",
classification_comment="Not a malicious activity",
classification_reason="IncorrectAlertLogic",
description="This is a demo incident",
first_activity_time_utc="2019-01-01T13:00:30Z",
incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
last_activity_time_utc="2019-01-01T13:05:30Z",
owner=azure_native.securityinsights.IncidentOwnerInfoArgs(
object_id="2046feea-040d-4a46-9e2b-91c2941bfa70",
),
resource_group_name="myRg",
severity="High",
status="Closed",
title="My incident",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const incident = new azure_native.securityinsights.Incident("incident", {
classification: "FalsePositive",
classificationComment: "Not a malicious activity",
classificationReason: "IncorrectAlertLogic",
description: "This is a demo incident",
firstActivityTimeUtc: "2019-01-01T13:00:30Z",
incidentId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
lastActivityTimeUtc: "2019-01-01T13:05:30Z",
owner: {
objectId: "2046feea-040d-4a46-9e2b-91c2941bfa70",
},
resourceGroupName: "myRg",
severity: "High",
status: "Closed",
title: "My incident",
workspaceName: "myWorkspace",
});
resources:
incident:
type: azure-native:securityinsights:Incident
properties:
classification: FalsePositive
classificationComment: Not a malicious activity
classificationReason: IncorrectAlertLogic
description: This is a demo incident
firstActivityTimeUtc: 2019-01-01T13:00:30Z
incidentId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
lastActivityTimeUtc: 2019-01-01T13:05:30Z
owner:
objectId: 2046feea-040d-4a46-9e2b-91c2941bfa70
resourceGroupName: myRg
severity: High
status: Closed
title: My incident
workspaceName: myWorkspace
Create Incident Resource
new Incident(name: string, args: IncidentArgs, opts?: CustomResourceOptions);@overload
def Incident(resource_name: str,
opts: Optional[ResourceOptions] = None,
classification: Optional[Union[str, IncidentClassification]] = None,
classification_comment: Optional[str] = None,
classification_reason: Optional[Union[str, IncidentClassificationReason]] = None,
description: Optional[str] = None,
first_activity_time_utc: Optional[str] = None,
incident_id: Optional[str] = None,
labels: Optional[Sequence[IncidentLabelArgs]] = None,
last_activity_time_utc: Optional[str] = None,
owner: Optional[IncidentOwnerInfoArgs] = None,
resource_group_name: Optional[str] = None,
severity: Optional[Union[str, IncidentSeverity]] = None,
status: Optional[Union[str, IncidentStatus]] = None,
title: Optional[str] = None,
workspace_name: Optional[str] = None)
@overload
def Incident(resource_name: str,
args: IncidentArgs,
opts: Optional[ResourceOptions] = None)func NewIncident(ctx *Context, name string, args IncidentArgs, opts ...ResourceOption) (*Incident, error)public Incident(string name, IncidentArgs args, CustomResourceOptions? opts = null)
public Incident(String name, IncidentArgs args)
public Incident(String name, IncidentArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:Incident
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Incident Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Incident resource accepts the following input properties:
- Resource
Group stringName The name of the resource group within the user's subscription. The name is case insensitive.
- Severity
string | Pulumi.
Azure Native. Security Insights. Incident Severity The severity of the incident
- Status
string | Pulumi.
Azure Native. Security Insights. Incident Status The status of the incident
- Title string
The title of the incident
- Workspace
Name string The name of the workspace.
- Classification
string | Pulumi.
Azure Native. Security Insights. Incident Classification The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed
- Classification
Reason string | Pulumi.Azure Native. Security Insights. Incident Classification Reason The classification reason the incident was closed with
- Description string
The description of the incident
- First
Activity stringTime Utc The time of the first activity in the incident
- Incident
Id string Incident ID
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label Args> List of labels relevant to this incident
- Last
Activity stringTime Utc The time of the last activity in the incident
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info Args Describes a user that the incident is assigned to
- Resource
Group stringName The name of the resource group within the user's subscription. The name is case insensitive.
- Severity
string | Incident
Severity The severity of the incident
- Status
string | Incident
Status The status of the incident
- Title string
The title of the incident
- Workspace
Name string The name of the workspace.
- Classification
string | Incident
Classification The reason the incident was closed
- Classification
Comment string Describes the reason the incident was closed
- Classification
Reason string | IncidentClassification Reason The classification reason the incident was closed with
- Description string
The description of the incident
- First
Activity stringTime Utc The time of the first activity in the incident
- Incident
Id string Incident ID
- Labels
[]Incident
Label Args List of labels relevant to this incident
- Last
Activity stringTime Utc The time of the last activity in the incident
- Owner
Incident
Owner Info Args Describes a user that the incident is assigned to
- resource
Group StringName The name of the resource group within the user's subscription. The name is case insensitive.
- severity
String | Incident
Severity The severity of the incident
- status
String | Incident
Status The status of the incident
- title String
The title of the incident
- workspace
Name String The name of the workspace.
- classification
String | Incident
Classification The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed
- classification
Reason String | IncidentClassification Reason The classification reason the incident was closed with
- description String
The description of the incident
- first
Activity StringTime Utc The time of the first activity in the incident
- incident
Id String Incident ID
- labels
List<Incident
Label Args> List of labels relevant to this incident
- last
Activity StringTime Utc The time of the last activity in the incident
- owner
Incident
Owner Info Args Describes a user that the incident is assigned to
- resource
Group stringName The name of the resource group within the user's subscription. The name is case insensitive.
- severity
string | Incident
Severity The severity of the incident
- status
string | Incident
Status The status of the incident
- title string
The title of the incident
- workspace
Name string The name of the workspace.
- classification
string | Incident
Classification The reason the incident was closed
- classification
Comment string Describes the reason the incident was closed
- classification
Reason string | IncidentClassification Reason The classification reason the incident was closed with
- description string
The description of the incident
- first
Activity stringTime Utc The time of the first activity in the incident
- incident
Id string Incident ID
- labels
Incident
Label Args[] List of labels relevant to this incident
- last
Activity stringTime Utc The time of the last activity in the incident
- owner
Incident
Owner Info Args Describes a user that the incident is assigned to
- resource_
group_ strname The name of the resource group within the user's subscription. The name is case insensitive.
- severity
str | Incident
Severity The severity of the incident
- status
str | Incident
Status The status of the incident
- title str
The title of the incident
- workspace_
name str The name of the workspace.
- classification
str | Incident
Classification The reason the incident was closed
- classification_
comment str Describes the reason the incident was closed
- classification_
reason str | IncidentClassification Reason The classification reason the incident was closed with
- description str
The description of the incident
- first_
activity_ strtime_ utc The time of the first activity in the incident
- incident_
id str Incident ID
- labels
Sequence[Incident
Label Args] List of labels relevant to this incident
- last_
activity_ strtime_ utc The time of the last activity in the incident
- owner
Incident
Owner Info Args Describes a user that the incident is assigned to
- resource
Group StringName The name of the resource group within the user's subscription. The name is case insensitive.
- severity String | "High" | "Medium" | "Low" | "Informational"
The severity of the incident
- status String | "New" | "Active" | "Closed"
The status of the incident
- title String
The title of the incident
- workspace
Name String The name of the workspace.
- classification
String | "Undetermined" | "True
Positive" | "Benign Positive" | "False Positive" The reason the incident was closed
- classification
Comment String Describes the reason the incident was closed
- classification
Reason String | "SuspiciousActivity" | "Suspicious But Expected" | "Incorrect Alert Logic" | "Inaccurate Data" The classification reason the incident was closed with
- description String
The description of the incident
- first
Activity StringTime Utc The time of the first activity in the incident
- incident
Id String Incident ID
- labels List<Property Map>
List of labels relevant to this incident
- last
Activity StringTime Utc The time of the last activity in the incident
- owner Property Map
Describes a user that the incident is assigned to
Outputs
All input properties are implicitly available as output properties. Additionally, the Incident resource produces the following output properties:
- Additional
Data Pulumi.Azure Native. Security Insights. Outputs. Incident Additional Data Response Additional data on the incident
- Created
Time stringUtc The time the incident was created
- Id string
The provider-assigned unique ID for this managed resource.
- Incident
Number int A sequential number
- Incident
Url string The deep-link url to the incident in Azure portal
- Last
Modified stringTime Utc The last time the incident was updated
- Name string
Azure resource name
- List<string>
List of resource ids of Analytic rules related to the incident
- Type string
Azure resource type
- Etag string
Etag of the azure resource
- Additional
Data IncidentAdditional Data Response Additional data on the incident
- Created
Time stringUtc The time the incident was created
- Id string
The provider-assigned unique ID for this managed resource.
- Incident
Number int A sequential number
- Incident
Url string The deep-link url to the incident in Azure portal
- Last
Modified stringTime Utc The last time the incident was updated
- Name string
Azure resource name
- []string
List of resource ids of Analytic rules related to the incident
- Type string
Azure resource type
- Etag string
Etag of the azure resource
- additional
Data IncidentAdditional Data Response Additional data on the incident
- created
Time StringUtc The time the incident was created
- id String
The provider-assigned unique ID for this managed resource.
- incident
Number Integer A sequential number
- incident
Url String The deep-link url to the incident in Azure portal
- last
Modified StringTime Utc The last time the incident was updated
- name String
Azure resource name
- List<String>
List of resource ids of Analytic rules related to the incident
- type String
Azure resource type
- etag String
Etag of the azure resource
- additional
Data IncidentAdditional Data Response Additional data on the incident
- created
Time stringUtc The time the incident was created
- id string
The provider-assigned unique ID for this managed resource.
- incident
Number number A sequential number
- incident
Url string The deep-link url to the incident in Azure portal
- last
Modified stringTime Utc The last time the incident was updated
- name string
Azure resource name
- string[]
List of resource ids of Analytic rules related to the incident
- type string
Azure resource type
- etag string
Etag of the azure resource
- additional_
data IncidentAdditional Data Response Additional data on the incident
- created_
time_ strutc The time the incident was created
- id str
The provider-assigned unique ID for this managed resource.
- incident_
number int A sequential number
- incident_
url str The deep-link url to the incident in Azure portal
- last_
modified_ strtime_ utc The last time the incident was updated
- name str
Azure resource name
- Sequence[str]
List of resource ids of Analytic rules related to the incident
- type str
Azure resource type
- etag str
Etag of the azure resource
- additional
Data Property Map Additional data on the incident
- created
Time StringUtc The time the incident was created
- id String
The provider-assigned unique ID for this managed resource.
- incident
Number Number A sequential number
- incident
Url String The deep-link url to the incident in Azure portal
- last
Modified StringTime Utc The last time the incident was updated
- name String
Azure resource name
- List<String>
List of resource ids of Analytic rules related to the incident
- type String
Azure resource type
- etag String
Etag of the azure resource
Supporting Types
IncidentAdditionalDataResponse
- Alert
Product List<string>Names List of product names of alerts in the incident
- Alerts
Count int The number of alerts in the incident
- Bookmarks
Count int The number of bookmarks in the incident
- Comments
Count int The number of comments in the incident
- Tactics List<string>
The tactics associated with incident
- Alert
Product []stringNames List of product names of alerts in the incident
- Alerts
Count int The number of alerts in the incident
- Bookmarks
Count int The number of bookmarks in the incident
- Comments
Count int The number of comments in the incident
- Tactics []string
The tactics associated with incident
- alert
Product List<String>Names List of product names of alerts in the incident
- alerts
Count Integer The number of alerts in the incident
- bookmarks
Count Integer The number of bookmarks in the incident
- comments
Count Integer The number of comments in the incident
- tactics List<String>
The tactics associated with incident
- alert
Product string[]Names List of product names of alerts in the incident
- alerts
Count number The number of alerts in the incident
- bookmarks
Count number The number of bookmarks in the incident
- comments
Count number The number of comments in the incident
- tactics string[]
The tactics associated with incident
- alert_
product_ Sequence[str]names List of product names of alerts in the incident
- alerts_
count int The number of alerts in the incident
- bookmarks_
count int The number of bookmarks in the incident
- comments_
count int The number of comments in the incident
- tactics Sequence[str]
The tactics associated with incident
- alert
Product List<String>Names List of product names of alerts in the incident
- alerts
Count Number The number of alerts in the incident
- bookmarks
Count Number The number of bookmarks in the incident
- comments
Count Number The number of comments in the incident
- tactics List<String>
The tactics associated with incident
IncidentClassification
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- Incident
Classification Undetermined - Undetermined
Incident classification was undetermined
- Incident
Classification True Positive - TruePositive
Incident was true positive
- Incident
Classification Benign Positive - BenignPositive
Incident was benign positive
- Incident
Classification False Positive - FalsePositive
Incident was false positive
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- Undetermined
- Undetermined
Incident classification was undetermined
- True
Positive - TruePositive
Incident was true positive
- Benign
Positive - BenignPositive
Incident was benign positive
- False
Positive - FalsePositive
Incident was false positive
- UNDETERMINED
- Undetermined
Incident classification was undetermined
- TRUE_POSITIVE
- TruePositive
Incident was true positive
- BENIGN_POSITIVE
- BenignPositive
Incident was benign positive
- FALSE_POSITIVE
- FalsePositive
Incident was false positive
- "Undetermined"
- Undetermined
Incident classification was undetermined
- "True
Positive" - TruePositive
Incident was true positive
- "Benign
Positive" - BenignPositive
Incident was benign positive
- "False
Positive" - FalsePositive
Incident was false positive
IncidentClassificationReason
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- Incident
Classification Reason Suspicious Activity - SuspiciousActivity
Classification reason was suspicious activity
- Incident
Classification Reason Suspicious But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incident
Classification Reason Incorrect Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Incident
Classification Reason Inaccurate Data - InaccurateData
Classification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivity
Classification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpected
Classification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogic
Classification reason was incorrect alert logic
- Inaccurate
Data - InaccurateData
Classification reason was inaccurate data
- SUSPICIOUS_ACTIVITY
- SuspiciousActivity
Classification reason was suspicious activity
- SUSPICIOUS_BUT_EXPECTED
- SuspiciousButExpected
Classification reason was suspicious but expected
- INCORRECT_ALERT_LOGIC
- IncorrectAlertLogic
Classification reason was incorrect alert logic
- INACCURATE_DATA
- InaccurateData
Classification reason was inaccurate data
- "Suspicious
Activity" - SuspiciousActivity
Classification reason was suspicious activity
- "Suspicious
But Expected" - SuspiciousButExpected
Classification reason was suspicious but expected
- "Incorrect
Alert Logic" - IncorrectAlertLogic
Classification reason was incorrect alert logic
- "Inaccurate
Data" - InaccurateData
Classification reason was inaccurate data
IncidentLabel
- Label
Name string The name of the label
- Label
Name string The name of the label
- label
Name String The name of the label
- label
Name string The name of the label
- label_
name str The name of the label
- label
Name String The name of the label
IncidentLabelResponse
- label_
name str The name of the label
- label_
type str The type of the label
IncidentOwnerInfo
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
- assigned
To string The name of the user the incident is assigned to.
- email string
The email of the user the incident is assigned to.
- object
Id string The object id of the user the incident is assigned to.
- user
Principal stringName The user principal name of the user the incident is assigned to.
- assigned_
to str The name of the user the incident is assigned to.
- email str
The email of the user the incident is assigned to.
- object_
id str The object id of the user the incident is assigned to.
- user_
principal_ strname The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
IncidentOwnerInfoResponse
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- Assigned
To string The name of the user the incident is assigned to.
- Email string
The email of the user the incident is assigned to.
- Object
Id string The object id of the user the incident is assigned to.
- User
Principal stringName The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
- assigned
To string The name of the user the incident is assigned to.
- email string
The email of the user the incident is assigned to.
- object
Id string The object id of the user the incident is assigned to.
- user
Principal stringName The user principal name of the user the incident is assigned to.
- assigned_
to str The name of the user the incident is assigned to.
- email str
The email of the user the incident is assigned to.
- object_
id str The object id of the user the incident is assigned to.
- user_
principal_ strname The user principal name of the user the incident is assigned to.
- assigned
To String The name of the user the incident is assigned to.
- email String
The email of the user the incident is assigned to.
- object
Id String The object id of the user the incident is assigned to.
- user
Principal StringName The user principal name of the user the incident is assigned to.
IncidentSeverity
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- Incident
Severity High - High
High severity
- Incident
Severity Medium - Medium
Medium severity
- Incident
Severity Low - Low
Low severity
- Incident
Severity Informational - Informational
Informational severity
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- High
- High
High severity
- Medium
- Medium
Medium severity
- Low
- Low
Low severity
- Informational
- Informational
Informational severity
- HIGH
- High
High severity
- MEDIUM
- Medium
Medium severity
- LOW
- Low
Low severity
- INFORMATIONAL
- Informational
Informational severity
- "High"
- High
High severity
- "Medium"
- Medium
Medium severity
- "Low"
- Low
Low severity
- "Informational"
- Informational
Informational severity
IncidentStatus
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- Incident
Status New - New
An active incident which isn't being handled currently
- Incident
Status Active - Active
An active incident which is being handled
- Incident
Status Closed - Closed
A non-active incident
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- New
- New
An active incident which isn't being handled currently
- Active
- Active
An active incident which is being handled
- Closed
- Closed
A non-active incident
- NEW
- New
An active incident which isn't being handled currently
- ACTIVE
- Active
An active incident which is being handled
- CLOSED
- Closed
A non-active incident
- "New"
- New
An active incident which isn't being handled currently
- "Active"
- Active
An active incident which is being handled
- "Closed"
- Closed
A non-active incident
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:Incident 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0