Azure Classic v5.58.0, Dec 2 23

We recommend using Azure Native.

Azure Classic v5.58.0 published on Saturday, Dec 2, 2023 by Pulumi

pulumi/pulumi-azure

azure.securitycenter.Automation

Explore with Pulumi AI

We recommend using Azure Native.

Azure Classic v5.58.0 published on Saturday, Dec 2, 2023 by Pulumi

pulumi/pulumi-azure

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var current = Azure.Core.GetClientConfig.Invoke();

    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleEventHubNamespace = new Azure.EventHub.EventHubNamespace("exampleEventHubNamespace", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        Sku = "Standard",
        Capacity = 2,
    });

    var exampleEventHub = new Azure.EventHub.EventHub("exampleEventHub", new()
    {
        NamespaceName = exampleEventHubNamespace.Name,
        ResourceGroupName = exampleResourceGroup.Name,
        PartitionCount = 2,
        MessageRetention = 2,
    });

    var exampleAuthorizationRule = new Azure.EventHub.AuthorizationRule("exampleAuthorizationRule", new()
    {
        NamespaceName = exampleEventHubNamespace.Name,
        EventhubName = exampleEventHub.Name,
        ResourceGroupName = exampleResourceGroup.Name,
        Listen = true,
        Send = false,
        Manage = false,
    });

    var exampleAutomation = new Azure.SecurityCenter.Automation("exampleAutomation", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        Actions = new[]
        {
            new Azure.SecurityCenter.Inputs.AutomationActionArgs
            {
                Type = "EventHub",
                ResourceId = exampleEventHub.Id,
                ConnectionString = exampleAuthorizationRule.PrimaryConnectionString,
            },
        },
        Sources = new[]
        {
            new Azure.SecurityCenter.Inputs.AutomationSourceArgs
            {
                EventSource = "Alerts",
                RuleSets = new[]
                {
                    new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetArgs
                    {
                        Rules = new[]
                        {
                            new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetRuleArgs
                            {
                                PropertyPath = "properties.metadata.severity",
                                Operator = "Equals",
                                ExpectedValue = "High",
                                PropertyType = "String",
                            },
                        },
                    },
                },
            },
        },
        Scopes = new[]
        {
            $"/subscriptions/{current.Apply(getClientConfigResult => getClientConfigResult.SubscriptionId)}",
        },
    });

});

package main

import (
	"fmt"

	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/eventhub"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/securitycenter"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := core.GetClientConfig(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleEventHubNamespace, err := eventhub.NewEventHubNamespace(ctx, "exampleEventHubNamespace", &eventhub.EventHubNamespaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("Standard"),
			Capacity:          pulumi.Int(2),
		})
		if err != nil {
			return err
		}
		exampleEventHub, err := eventhub.NewEventHub(ctx, "exampleEventHub", &eventhub.EventHubArgs{
			NamespaceName:     exampleEventHubNamespace.Name,
			ResourceGroupName: exampleResourceGroup.Name,
			PartitionCount:    pulumi.Int(2),
			MessageRetention:  pulumi.Int(2),
		})
		if err != nil {
			return err
		}
		exampleAuthorizationRule, err := eventhub.NewAuthorizationRule(ctx, "exampleAuthorizationRule", &eventhub.AuthorizationRuleArgs{
			NamespaceName:     exampleEventHubNamespace.Name,
			EventhubName:      exampleEventHub.Name,
			ResourceGroupName: exampleResourceGroup.Name,
			Listen:            pulumi.Bool(true),
			Send:              pulumi.Bool(false),
			Manage:            pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		_, err = securitycenter.NewAutomation(ctx, "exampleAutomation", &securitycenter.AutomationArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Actions: securitycenter.AutomationActionArray{
				&securitycenter.AutomationActionArgs{
					Type:             pulumi.String("EventHub"),
					ResourceId:       exampleEventHub.ID(),
					ConnectionString: exampleAuthorizationRule.PrimaryConnectionString,
				},
			},
			Sources: securitycenter.AutomationSourceArray{
				&securitycenter.AutomationSourceArgs{
					EventSource: pulumi.String("Alerts"),
					RuleSets: securitycenter.AutomationSourceRuleSetArray{
						&securitycenter.AutomationSourceRuleSetArgs{
							Rules: securitycenter.AutomationSourceRuleSetRuleArray{
								&securitycenter.AutomationSourceRuleSetRuleArgs{
									PropertyPath:  pulumi.String("properties.metadata.severity"),
									Operator:      pulumi.String("Equals"),
									ExpectedValue: pulumi.String("High"),
									PropertyType:  pulumi.String("String"),
								},
							},
						},
					},
				},
			},
			Scopes: pulumi.StringArray{
				pulumi.String(fmt.Sprintf("/subscriptions/%v", current.SubscriptionId)),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.eventhub.EventHubNamespace;
import com.pulumi.azure.eventhub.EventHubNamespaceArgs;
import com.pulumi.azure.eventhub.EventHub;
import com.pulumi.azure.eventhub.EventHubArgs;
import com.pulumi.azure.eventhub.AuthorizationRule;
import com.pulumi.azure.eventhub.AuthorizationRuleArgs;
import com.pulumi.azure.securitycenter.Automation;
import com.pulumi.azure.securitycenter.AutomationArgs;
import com.pulumi.azure.securitycenter.inputs.AutomationActionArgs;
import com.pulumi.azure.securitycenter.inputs.AutomationSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();

        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleEventHubNamespace = new EventHubNamespace("exampleEventHubNamespace", EventHubNamespaceArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .sku("Standard")
            .capacity(2)
            .build());

        var exampleEventHub = new EventHub("exampleEventHub", EventHubArgs.builder()        
            .namespaceName(exampleEventHubNamespace.name())
            .resourceGroupName(exampleResourceGroup.name())
            .partitionCount(2)
            .messageRetention(2)
            .build());

        var exampleAuthorizationRule = new AuthorizationRule("exampleAuthorizationRule", AuthorizationRuleArgs.builder()        
            .namespaceName(exampleEventHubNamespace.name())
            .eventhubName(exampleEventHub.name())
            .resourceGroupName(exampleResourceGroup.name())
            .listen(true)
            .send(false)
            .manage(false)
            .build());

        var exampleAutomation = new Automation("exampleAutomation", AutomationArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .actions(AutomationActionArgs.builder()
                .type("EventHub")
                .resourceId(exampleEventHub.id())
                .connectionString(exampleAuthorizationRule.primaryConnectionString())
                .build())
            .sources(AutomationSourceArgs.builder()
                .eventSource("Alerts")
                .ruleSets(AutomationSourceRuleSetArgs.builder()
                    .rules(AutomationSourceRuleSetRuleArgs.builder()
                        .propertyPath("properties.metadata.severity")
                        .operator("Equals")
                        .expectedValue("High")
                        .propertyType("String")
                        .build())
                    .build())
                .build())
            .scopes(String.format("/subscriptions/%s", current.applyValue(getClientConfigResult -> getClientConfigResult.subscriptionId())))
            .build());

    }
}

import pulumi
import pulumi_azure as azure

current = azure.core.get_client_config()
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_event_hub_namespace = azure.eventhub.EventHubNamespace("exampleEventHubNamespace",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    sku="Standard",
    capacity=2)
example_event_hub = azure.eventhub.EventHub("exampleEventHub",
    namespace_name=example_event_hub_namespace.name,
    resource_group_name=example_resource_group.name,
    partition_count=2,
    message_retention=2)
example_authorization_rule = azure.eventhub.AuthorizationRule("exampleAuthorizationRule",
    namespace_name=example_event_hub_namespace.name,
    eventhub_name=example_event_hub.name,
    resource_group_name=example_resource_group.name,
    listen=True,
    send=False,
    manage=False)
example_automation = azure.securitycenter.Automation("exampleAutomation",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    actions=[azure.securitycenter.AutomationActionArgs(
        type="EventHub",
        resource_id=example_event_hub.id,
        connection_string=example_authorization_rule.primary_connection_string,
    )],
    sources=[azure.securitycenter.AutomationSourceArgs(
        event_source="Alerts",
        rule_sets=[azure.securitycenter.AutomationSourceRuleSetArgs(
            rules=[azure.securitycenter.AutomationSourceRuleSetRuleArgs(
                property_path="properties.metadata.severity",
                operator="Equals",
                expected_value="High",
                property_type="String",
            )],
        )],
    )],
    scopes=[f"/subscriptions/{current.subscription_id}"])

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const current = azure.core.getClientConfig({});
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleEventHubNamespace = new azure.eventhub.EventHubNamespace("exampleEventHubNamespace", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    sku: "Standard",
    capacity: 2,
});
const exampleEventHub = new azure.eventhub.EventHub("exampleEventHub", {
    namespaceName: exampleEventHubNamespace.name,
    resourceGroupName: exampleResourceGroup.name,
    partitionCount: 2,
    messageRetention: 2,
});
const exampleAuthorizationRule = new azure.eventhub.AuthorizationRule("exampleAuthorizationRule", {
    namespaceName: exampleEventHubNamespace.name,
    eventhubName: exampleEventHub.name,
    resourceGroupName: exampleResourceGroup.name,
    listen: true,
    send: false,
    manage: false,
});
const exampleAutomation = new azure.securitycenter.Automation("exampleAutomation", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    actions: [{
        type: "EventHub",
        resourceId: exampleEventHub.id,
        connectionString: exampleAuthorizationRule.primaryConnectionString,
    }],
    sources: [{
        eventSource: "Alerts",
        ruleSets: [{
            rules: [{
                propertyPath: "properties.metadata.severity",
                operator: "Equals",
                expectedValue: "High",
                propertyType: "String",
            }],
        }],
    }],
    scopes: [current.then(current => `/subscriptions/${current.subscriptionId}`)],
});

resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleEventHubNamespace:
    type: azure:eventhub:EventHubNamespace
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      sku: Standard
      capacity: 2
  exampleEventHub:
    type: azure:eventhub:EventHub
    properties:
      namespaceName: ${exampleEventHubNamespace.name}
      resourceGroupName: ${exampleResourceGroup.name}
      partitionCount: 2
      messageRetention: 2
  exampleAuthorizationRule:
    type: azure:eventhub:AuthorizationRule
    properties:
      namespaceName: ${exampleEventHubNamespace.name}
      eventhubName: ${exampleEventHub.name}
      resourceGroupName: ${exampleResourceGroup.name}
      listen: true
      send: false
      manage: false
  exampleAutomation:
    type: azure:securitycenter:Automation
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      actions:
        - type: EventHub
          resourceId: ${exampleEventHub.id}
          connectionString: ${exampleAuthorizationRule.primaryConnectionString}
      sources:
        - eventSource: Alerts
          ruleSets:
            - rules:
                - propertyPath: properties.metadata.severity
                  operator: Equals
                  expectedValue: High
                  propertyType: String
      scopes:
        - /subscriptions/${current.subscriptionId}
variables:
  current:
    fn::invoke:
      Function: azure:core:getClientConfig
      Arguments: {}

Create Automation Resource

new Automation(name: string, args: AutomationArgs, opts?: CustomResourceOptions);

@overload
def Automation(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               actions: Optional[Sequence[AutomationActionArgs]] = None,
               description: Optional[str] = None,
               enabled: Optional[bool] = None,
               location: Optional[str] = None,
               name: Optional[str] = None,
               resource_group_name: Optional[str] = None,
               scopes: Optional[Sequence[str]] = None,
               sources: Optional[Sequence[AutomationSourceArgs]] = None,
               tags: Optional[Mapping[str, str]] = None)
@overload
def Automation(resource_name: str,
               args: AutomationArgs,
               opts: Optional[ResourceOptions] = None)

func NewAutomation(ctx *Context, name string, args AutomationArgs, opts ...ResourceOption) (*Automation, error)

public Automation(string name, AutomationArgs args, CustomResourceOptions? opts = null)

public Automation(String name, AutomationArgs args)
public Automation(String name, AutomationArgs args, CustomResourceOptions options)

type: azure:securitycenter:Automation
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AutomationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AutomationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AutomationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AutomationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Automation Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Automation resource accepts the following input properties:

Actions List<AutomationAction>: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
ResourceGroupName string: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
Scopes List<string>: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
Sources List<AutomationSource>: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
Description string: Specifies the description for the Security Center Automation.
Enabled bool: Boolean to enable or disable this Security Center Automation. Defaults to true.
Location string: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
Name string: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
Tags Dictionary<string, string>: A mapping of tags assigned to the resource.

Actions []AutomationActionArgs: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
ResourceGroupName string: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
Scopes []string: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
Sources []AutomationSourceArgs: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
Description string: Specifies the description for the Security Center Automation.
Enabled bool: Boolean to enable or disable this Security Center Automation. Defaults to true.
Location string: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
Name string: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
Tags map[string]string: A mapping of tags assigned to the resource.

actions List<AutomationAction>: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
resourceGroupName String: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
scopes List<String>: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
sources List<AutomationSource>: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
description String: Specifies the description for the Security Center Automation.
enabled Boolean: Boolean to enable or disable this Security Center Automation. Defaults to true.
location String: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
name String: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
tags Map<String,String>: A mapping of tags assigned to the resource.

actions AutomationAction[]: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
resourceGroupName string: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
scopes string[]: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
sources AutomationSource[]: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
description string: Specifies the description for the Security Center Automation.
enabled boolean: Boolean to enable or disable this Security Center Automation. Defaults to true.
location string: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
name string: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
tags {[key: string]: string}: A mapping of tags assigned to the resource.

actions Sequence[AutomationActionArgs]: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
resource_group_name str: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
scopes Sequence[str]: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
sources Sequence[AutomationSourceArgs]: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
description str: Specifies the description for the Security Center Automation.
enabled bool: Boolean to enable or disable this Security Center Automation. Defaults to true.
location str: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
name str: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
tags Mapping[str, str]: A mapping of tags assigned to the resource.

actions List<Property Map>: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
resourceGroupName String: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
scopes List<String>: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
sources List<Property Map>: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
description String: Specifies the description for the Security Center Automation.
enabled Boolean: Boolean to enable or disable this Security Center Automation. Defaults to true.
location String: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
name String: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
tags Map<String>: A mapping of tags assigned to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the Automation resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing Automation Resource

Get an existing Automation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AutomationState, opts?: CustomResourceOptions): Automation

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        actions: Optional[Sequence[AutomationActionArgs]] = None,
        description: Optional[str] = None,
        enabled: Optional[bool] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        resource_group_name: Optional[str] = None,
        scopes: Optional[Sequence[str]] = None,
        sources: Optional[Sequence[AutomationSourceArgs]] = None,
        tags: Optional[Mapping[str, str]] = None) -> Automation

func GetAutomation(ctx *Context, name string, id IDInput, state *AutomationState, opts ...ResourceOption) (*Automation, error)

public static Automation Get(string name, Input<string> id, AutomationState? state, CustomResourceOptions? opts = null)

public static Automation get(String name, Output<String> id, AutomationState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Actions List<AutomationAction>: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
Description string: Specifies the description for the Security Center Automation.
Enabled bool: Boolean to enable or disable this Security Center Automation. Defaults to true.
Location string: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
Name string: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
ResourceGroupName string: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
Scopes List<string>: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
Sources List<AutomationSource>: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
Tags Dictionary<string, string>: A mapping of tags assigned to the resource.

Actions []AutomationActionArgs: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
Description string: Specifies the description for the Security Center Automation.
Enabled bool: Boolean to enable or disable this Security Center Automation. Defaults to true.
Location string: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
Name string: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
ResourceGroupName string: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
Scopes []string: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
Sources []AutomationSourceArgs: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
Tags map[string]string: A mapping of tags assigned to the resource.

actions List<AutomationAction>: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
description String: Specifies the description for the Security Center Automation.
enabled Boolean: Boolean to enable or disable this Security Center Automation. Defaults to true.
location String: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
name String: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
resourceGroupName String: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
scopes List<String>: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
sources List<AutomationSource>: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
tags Map<String,String>: A mapping of tags assigned to the resource.

actions AutomationAction[]: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
description string: Specifies the description for the Security Center Automation.
enabled boolean: Boolean to enable or disable this Security Center Automation. Defaults to true.
location string: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
name string: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
resourceGroupName string: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
scopes string[]: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
sources AutomationSource[]: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
tags {[key: string]: string}: A mapping of tags assigned to the resource.

actions Sequence[AutomationActionArgs]: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
description str: Specifies the description for the Security Center Automation.
enabled bool: Boolean to enable or disable this Security Center Automation. Defaults to true.
location str: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
name str: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
resource_group_name str: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
scopes Sequence[str]: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
sources Sequence[AutomationSourceArgs]: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
tags Mapping[str, str]: A mapping of tags assigned to the resource.

actions List<Property Map>: One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
description String: Specifies the description for the Security Center Automation.
enabled Boolean: Boolean to enable or disable this Security Center Automation. Defaults to true.
location String: The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
name String: The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
resourceGroupName String: The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
scopes List<String>: A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
sources List<Property Map>: One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
tags Map<String>: A mapping of tags assigned to the resource.

Supporting Types

AutomationAction, AutomationActionArgs

ResourceId string: The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
Type string: Type of Azure resource to send data to. Must be set to one of: LogicApp, EventHub or LogAnalytics.
ConnectionString string: (Optional, but required when type is EventHub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
TriggerUrl string: (Optional, but required when type is LogicApp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"

ResourceId string: The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
Type string: Type of Azure resource to send data to. Must be set to one of: LogicApp, EventHub or LogAnalytics.
ConnectionString string: (Optional, but required when type is EventHub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
TriggerUrl string: (Optional, but required when type is LogicApp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"

resourceId String: The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
type String: Type of Azure resource to send data to. Must be set to one of: LogicApp, EventHub or LogAnalytics.
connectionString String: (Optional, but required when type is EventHub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
triggerUrl String: (Optional, but required when type is LogicApp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"

resourceId string: The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
type string: Type of Azure resource to send data to. Must be set to one of: LogicApp, EventHub or LogAnalytics.
connectionString string: (Optional, but required when type is EventHub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
triggerUrl string: (Optional, but required when type is LogicApp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"

resource_id str: The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
type str: Type of Azure resource to send data to. Must be set to one of: LogicApp, EventHub or LogAnalytics.
connection_string str: (Optional, but required when type is EventHub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
trigger_url str: (Optional, but required when type is LogicApp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"

resourceId String: The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
type String: Type of Azure resource to send data to. Must be set to one of: LogicApp, EventHub or LogAnalytics.
connectionString String: (Optional, but required when type is EventHub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
triggerUrl String: (Optional, but required when type is LogicApp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"

AutomationSource, AutomationSourceArgs

EventSource string: Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
RuleSets List<AutomationSourceRuleSet>: A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.
NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

EventSource string: Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
RuleSets []AutomationSourceRuleSet: A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.
NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

eventSource String: Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
ruleSets List<AutomationSourceRuleSet>: A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.
NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

eventSource string: Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
ruleSets AutomationSourceRuleSet[]: A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.
NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

event_source str: Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
rule_sets Sequence[AutomationSourceRuleSet]: A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.
NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

eventSource String: Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
ruleSets List<Property Map>: A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.
NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

AutomationSourceRuleSet, AutomationSourceRuleSetArgs

Rules List<AutomationSourceRuleSetRule>: One or more rule blocks as defined below.
NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

Rules []AutomationSourceRuleSetRule: One or more rule blocks as defined below.
NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

rules List<AutomationSourceRuleSetRule>: One or more rule blocks as defined below.
NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

rules AutomationSourceRuleSetRule[]: One or more rule blocks as defined below.
NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

rules Sequence[AutomationSourceRuleSetRule]: One or more rule blocks as defined below.
NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

rules List<Property Map>: One or more rule blocks as defined below.
NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

AutomationSourceRuleSetRule, AutomationSourceRuleSetRuleArgs

ExpectedValue string: A value that will be compared with the value in property_path.
Operator string: The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
PropertyPath string: The JPath of the entity model property that should be checked.
PropertyType string: The data type of the compared operands, must be one of: Integer, String, Boolean or Number.
NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

ExpectedValue string: A value that will be compared with the value in property_path.
Operator string: The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
PropertyPath string: The JPath of the entity model property that should be checked.
PropertyType string: The data type of the compared operands, must be one of: Integer, String, Boolean or Number.
NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

expectedValue String: A value that will be compared with the value in property_path.
operator String: The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
propertyPath String: The JPath of the entity model property that should be checked.
propertyType String: The data type of the compared operands, must be one of: Integer, String, Boolean or Number.
NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

expectedValue string: A value that will be compared with the value in property_path.
operator string: The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
propertyPath string: The JPath of the entity model property that should be checked.
propertyType string: The data type of the compared operands, must be one of: Integer, String, Boolean or Number.
NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

expected_value str: A value that will be compared with the value in property_path.
operator str: The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
property_path str: The JPath of the entity model property that should be checked.
property_type str: The data type of the compared operands, must be one of: Integer, String, Boolean or Number.
NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

expectedValue String: A value that will be compared with the value in property_path.
operator String: The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
propertyPath String: The JPath of the entity model property that should be checked.
propertyType String: The data type of the compared operands, must be one of: Integer, String, Boolean or Number.
NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

Import

Security Center Automations can be imported using the resource id, e.g.

 $ pulumi import azure:securitycenter/automation:Automation example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Security/automations/automation1

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure Classic v5.58.0 published on Saturday, Dec 2, 2023 by Pulumi

pulumi/pulumi-azure

azure.securitycenter.Automation

On this page

On this page

Example Usage

Create Automation Resource

Automation Resource Properties

Inputs

Outputs

Look up Existing Automation Resource

Supporting Types

AutomationAction, AutomationActionArgs

AutomationSource, AutomationSourceArgs

AutomationSourceRuleSet, AutomationSourceRuleSetArgs

AutomationSourceRuleSetRule, AutomationSourceRuleSetRuleArgs

Import

Package Details

On this page

On this page