getAlertRuleTemplate

Use this data source to access information about an existing Sentinel Alert Rule Template.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = Azure.Sentinel.GetAlertRuleTemplate.Invoke(new()
    {
        LogAnalyticsWorkspaceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
        DisplayName = "Create incidents based on Azure Security Center for IoT alerts",
    });

    return new Dictionary<string, object?>
    {
        ["id"] = example.Apply(getAlertRuleTemplateResult => getAlertRuleTemplateResult.Id),
    };
});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
			LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
			DisplayName:             pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", example.Id)
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.sentinel.SentinelFunctions;
import com.pulumi.azure.sentinel.inputs.GetAlertRuleTemplateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = SentinelFunctions.getAlertRuleTemplate(GetAlertRuleTemplateArgs.builder()
            .logAnalyticsWorkspaceId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1")
            .displayName("Create incidents based on Azure Security Center for IoT alerts")
            .build());

        ctx.export("id", example.applyValue(getAlertRuleTemplateResult -> getAlertRuleTemplateResult.id()));
    }
}
import pulumi
import pulumi_azure as azure

example = azure.sentinel.get_alert_rule_template(log_analytics_workspace_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
    display_name="Create incidents based on Azure Security Center for IoT alerts")
pulumi.export("id", example.id)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = azure.sentinel.getAlertRuleTemplate({
    logAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
    displayName: "Create incidents based on Azure Security Center for IoT alerts",
});
export const id = example.then(example => example.id);
variables:
  example:
    Fn::Invoke:
      Function: azure:sentinel:getAlertRuleTemplate
      Arguments:
        logAnalyticsWorkspaceId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1
        displayName: Create incidents based on Azure Security Center for IoT alerts
outputs:
  id: ${example.id}

Using getAlertRuleTemplate

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAlertRuleTemplate(args: GetAlertRuleTemplateArgs, opts?: InvokeOptions): Promise<GetAlertRuleTemplateResult>
function getAlertRuleTemplateOutput(args: GetAlertRuleTemplateOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleTemplateResult>
def get_alert_rule_template(display_name: Optional[str] = None,
                            log_analytics_workspace_id: Optional[str] = None,
                            name: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetAlertRuleTemplateResult
def get_alert_rule_template_output(display_name: Optional[pulumi.Input[str]] = None,
                            log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
                            name: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleTemplateResult]
func GetAlertRuleTemplate(ctx *Context, args *GetAlertRuleTemplateArgs, opts ...InvokeOption) (*GetAlertRuleTemplateResult, error)
func GetAlertRuleTemplateOutput(ctx *Context, args *GetAlertRuleTemplateOutputArgs, opts ...InvokeOption) GetAlertRuleTemplateResultOutput

> Note: This function is named GetAlertRuleTemplate in the Go SDK.

public static class GetAlertRuleTemplate 
{
    public static Task<GetAlertRuleTemplateResult> InvokeAsync(GetAlertRuleTemplateArgs args, InvokeOptions? opts = null)
    public static Output<GetAlertRuleTemplateResult> Invoke(GetAlertRuleTemplateInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: azure:sentinel/getAlertRuleTemplate:getAlertRuleTemplate
  arguments:
    # arguments dictionary

The following arguments are supported:

LogAnalyticsWorkspaceId string

The ID of the Log Analytics Workspace.

DisplayName string

The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

Name string

The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

LogAnalyticsWorkspaceId string

The ID of the Log Analytics Workspace.

DisplayName string

The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

Name string

The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId String

The ID of the Log Analytics Workspace.

displayName String

The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

name String

The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId string

The ID of the Log Analytics Workspace.

displayName string

The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

name string

The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

log_analytics_workspace_id str

The ID of the Log Analytics Workspace.

display_name str

The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

name str

The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId String

The ID of the Log Analytics Workspace.

displayName String

The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

name String

The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

getAlertRuleTemplate Result

The following output properties are available:

DisplayName string
Id string

The provider-assigned unique ID for this managed resource.

LogAnalyticsWorkspaceId string
Name string
NrtTemplates List<GetAlertRuleTemplateNrtTemplate>

A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.

ScheduledTemplates List<GetAlertRuleTemplateScheduledTemplate>

A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

SecurityIncidentTemplates List<GetAlertRuleTemplateSecurityIncidentTemplate>

A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

DisplayName string
Id string

The provider-assigned unique ID for this managed resource.

LogAnalyticsWorkspaceId string
Name string
NrtTemplates []GetAlertRuleTemplateNrtTemplate

A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.

ScheduledTemplates []GetAlertRuleTemplateScheduledTemplate

A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

SecurityIncidentTemplates []GetAlertRuleTemplateSecurityIncidentTemplate

A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

displayName String
id String

The provider-assigned unique ID for this managed resource.

logAnalyticsWorkspaceId String
name String
nrtTemplates List<GetAlertRuleTemplateNrtTemplate>

A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.

scheduledTemplates List<GetAlertRuleTemplateScheduledTemplate>

A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

securityIncidentTemplates List<GetAlertRuleTemplateSecurityIncidentTemplate>

A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

displayName string
id string

The provider-assigned unique ID for this managed resource.

logAnalyticsWorkspaceId string
name string
nrtTemplates GetAlertRuleTemplateNrtTemplate[]

A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.

scheduledTemplates GetAlertRuleTemplateScheduledTemplate[]

A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

securityIncidentTemplates GetAlertRuleTemplateSecurityIncidentTemplate[]

A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

display_name str
id str

The provider-assigned unique ID for this managed resource.

log_analytics_workspace_id str
name str
nrt_templates Sequence[GetAlertRuleTemplateNrtTemplate]

A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.

scheduled_templates Sequence[GetAlertRuleTemplateScheduledTemplate]

A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

security_incident_templates Sequence[GetAlertRuleTemplateSecurityIncidentTemplate]

A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

displayName String
id String

The provider-assigned unique ID for this managed resource.

logAnalyticsWorkspaceId String
name String
nrtTemplates List<Property Map>

A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.

scheduledTemplates List<Property Map>

A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

securityIncidentTemplates List<Property Map>

A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

Supporting Types

GetAlertRuleTemplateNrtTemplate

Description string

The description of this Sentinel Scheduled Alert Rule Template.

Query string

The query of this Sentinel Scheduled Alert Rule Template.

Severity string

The alert severity of this Sentinel Scheduled Alert Rule Template.

Tactics List<string>

A list of categories of attacks by which to classify the rule.

Description string

The description of this Sentinel Scheduled Alert Rule Template.

Query string

The query of this Sentinel Scheduled Alert Rule Template.

Severity string

The alert severity of this Sentinel Scheduled Alert Rule Template.

Tactics []string

A list of categories of attacks by which to classify the rule.

description String

The description of this Sentinel Scheduled Alert Rule Template.

query String

The query of this Sentinel Scheduled Alert Rule Template.

severity String

The alert severity of this Sentinel Scheduled Alert Rule Template.

tactics List<String>

A list of categories of attacks by which to classify the rule.

description string

The description of this Sentinel Scheduled Alert Rule Template.

query string

The query of this Sentinel Scheduled Alert Rule Template.

severity string

The alert severity of this Sentinel Scheduled Alert Rule Template.

tactics string[]

A list of categories of attacks by which to classify the rule.

description str

The description of this Sentinel Scheduled Alert Rule Template.

query str

The query of this Sentinel Scheduled Alert Rule Template.

severity str

The alert severity of this Sentinel Scheduled Alert Rule Template.

tactics Sequence[str]

A list of categories of attacks by which to classify the rule.

description String

The description of this Sentinel Scheduled Alert Rule Template.

query String

The query of this Sentinel Scheduled Alert Rule Template.

severity String

The alert severity of this Sentinel Scheduled Alert Rule Template.

tactics List<String>

A list of categories of attacks by which to classify the rule.

GetAlertRuleTemplateScheduledTemplate

Description string

The description of this Sentinel Scheduled Alert Rule Template.

Query string

The query of this Sentinel Scheduled Alert Rule Template.

QueryFrequency string

The ISO 8601 timespan duration between two consecutive queries.

QueryPeriod string

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

Severity string

The alert severity of this Sentinel Scheduled Alert Rule Template.

Tactics List<string>

A list of categories of attacks by which to classify the rule.

TriggerOperator string

The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

TriggerThreshold int

The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

Description string

The description of this Sentinel Scheduled Alert Rule Template.

Query string

The query of this Sentinel Scheduled Alert Rule Template.

QueryFrequency string

The ISO 8601 timespan duration between two consecutive queries.

QueryPeriod string

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

Severity string

The alert severity of this Sentinel Scheduled Alert Rule Template.

Tactics []string

A list of categories of attacks by which to classify the rule.

TriggerOperator string

The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

TriggerThreshold int

The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

description String

The description of this Sentinel Scheduled Alert Rule Template.

query String

The query of this Sentinel Scheduled Alert Rule Template.

queryFrequency String

The ISO 8601 timespan duration between two consecutive queries.

queryPeriod String

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

severity String

The alert severity of this Sentinel Scheduled Alert Rule Template.

tactics List<String>

A list of categories of attacks by which to classify the rule.

triggerOperator String

The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

triggerThreshold Integer

The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

description string

The description of this Sentinel Scheduled Alert Rule Template.

query string

The query of this Sentinel Scheduled Alert Rule Template.

queryFrequency string

The ISO 8601 timespan duration between two consecutive queries.

queryPeriod string

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

severity string

The alert severity of this Sentinel Scheduled Alert Rule Template.

tactics string[]

A list of categories of attacks by which to classify the rule.

triggerOperator string

The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

triggerThreshold number

The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

description str

The description of this Sentinel Scheduled Alert Rule Template.

query str

The query of this Sentinel Scheduled Alert Rule Template.

query_frequency str

The ISO 8601 timespan duration between two consecutive queries.

query_period str

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

severity str

The alert severity of this Sentinel Scheduled Alert Rule Template.

tactics Sequence[str]

A list of categories of attacks by which to classify the rule.

trigger_operator str

The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

trigger_threshold int

The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

description String

The description of this Sentinel Scheduled Alert Rule Template.

query String

The query of this Sentinel Scheduled Alert Rule Template.

queryFrequency String

The ISO 8601 timespan duration between two consecutive queries.

queryPeriod String

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

severity String

The alert severity of this Sentinel Scheduled Alert Rule Template.

tactics List<String>

A list of categories of attacks by which to classify the rule.

triggerOperator String

The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

triggerThreshold Number

The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

GetAlertRuleTemplateSecurityIncidentTemplate

Description string

The description of this Sentinel Scheduled Alert Rule Template.

ProductFilter string

The Microsoft Security Service from where the alert will be generated.

Description string

The description of this Sentinel Scheduled Alert Rule Template.

ProductFilter string

The Microsoft Security Service from where the alert will be generated.

description String

The description of this Sentinel Scheduled Alert Rule Template.

productFilter String

The Microsoft Security Service from where the alert will be generated.

description string

The description of this Sentinel Scheduled Alert Rule Template.

productFilter string

The Microsoft Security Service from where the alert will be generated.

description str

The description of this Sentinel Scheduled Alert Rule Template.

product_filter str

The Microsoft Security Service from where the alert will be generated.

description String

The description of this Sentinel Scheduled Alert Rule Template.

productFilter String

The Microsoft Security Service from where the alert will be generated.

Package Details

Repository
https://github.com/pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.