Azure Classic v5.49.0, Aug 29 23

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

pulumi/pulumi-azure

azure.sentinel.getAlertRuleTemplate

Explore with Pulumi AI

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

pulumi/pulumi-azure

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = Azure.Sentinel.GetAlertRuleTemplate.Invoke(new()
    {
        LogAnalyticsWorkspaceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
        DisplayName = "Create incidents based on Azure Security Center for IoT alerts",
    });

    return new Dictionary<string, object?>
    {
        ["id"] = example.Apply(getAlertRuleTemplateResult => getAlertRuleTemplateResult.Id),
    };
});

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
			LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
			DisplayName:             pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", example.Id)
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.sentinel.SentinelFunctions;
import com.pulumi.azure.sentinel.inputs.GetAlertRuleTemplateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = SentinelFunctions.getAlertRuleTemplate(GetAlertRuleTemplateArgs.builder()
            .logAnalyticsWorkspaceId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1")
            .displayName("Create incidents based on Azure Security Center for IoT alerts")
            .build());

        ctx.export("id", example.applyValue(getAlertRuleTemplateResult -> getAlertRuleTemplateResult.id()));
    }
}

import pulumi
import pulumi_azure as azure

example = azure.sentinel.get_alert_rule_template(log_analytics_workspace_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
    display_name="Create incidents based on Azure Security Center for IoT alerts")
pulumi.export("id", example.id)

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = azure.sentinel.getAlertRuleTemplate({
    logAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
    displayName: "Create incidents based on Azure Security Center for IoT alerts",
});
export const id = example.then(example => example.id);

variables:
  example:
    fn::invoke:
      Function: azure:sentinel:getAlertRuleTemplate
      Arguments:
        logAnalyticsWorkspaceId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1
        displayName: Create incidents based on Azure Security Center for IoT alerts
outputs:
  id: ${example.id}

Using getAlertRuleTemplate

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAlertRuleTemplate(args: GetAlertRuleTemplateArgs, opts?: InvokeOptions): Promise<GetAlertRuleTemplateResult>
function getAlertRuleTemplateOutput(args: GetAlertRuleTemplateOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleTemplateResult>

def get_alert_rule_template(display_name: Optional[str] = None,
                            log_analytics_workspace_id: Optional[str] = None,
                            name: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetAlertRuleTemplateResult
def get_alert_rule_template_output(display_name: Optional[pulumi.Input[str]] = None,
                            log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
                            name: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleTemplateResult]

func GetAlertRuleTemplate(ctx *Context, args *GetAlertRuleTemplateArgs, opts ...InvokeOption) (*GetAlertRuleTemplateResult, error)
func GetAlertRuleTemplateOutput(ctx *Context, args *GetAlertRuleTemplateOutputArgs, opts ...InvokeOption) GetAlertRuleTemplateResultOutput

> Note: This function is named GetAlertRuleTemplate in the Go SDK.

public static class GetAlertRuleTemplate 
{
    public static Task<GetAlertRuleTemplateResult> InvokeAsync(GetAlertRuleTemplateArgs args, InvokeOptions? opts = null)
    public static Output<GetAlertRuleTemplateResult> Invoke(GetAlertRuleTemplateInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: azure:sentinel/getAlertRuleTemplate:getAlertRuleTemplate
  arguments:
    # arguments dictionary

The following arguments are supported:

LogAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace.
DisplayName string: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.
Name string: The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

LogAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace.
DisplayName string: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.
Name string: The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId String: The ID of the Log Analytics Workspace.
displayName String: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.
name String: The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace.
displayName string: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.
name string: The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

log_analytics_workspace_id str: The ID of the Log Analytics Workspace.
display_name str: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.
name str: The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId String: The ID of the Log Analytics Workspace.
displayName String: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.
name String: The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

getAlertRuleTemplate Result

The following output properties are available:

DisplayName string
Id string: The provider-assigned unique ID for this managed resource.
LogAnalyticsWorkspaceId string
Name string
NrtTemplates List<GetAlertRuleTemplateNrtTemplate>: A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
ScheduledTemplates List<GetAlertRuleTemplateScheduledTemplate>: A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
SecurityIncidentTemplates List<GetAlertRuleTemplateSecurityIncidentTemplate>: A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

DisplayName string
Id string: The provider-assigned unique ID for this managed resource.
LogAnalyticsWorkspaceId string
Name string
NrtTemplates []GetAlertRuleTemplateNrtTemplate: A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
ScheduledTemplates []GetAlertRuleTemplateScheduledTemplate: A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
SecurityIncidentTemplates []GetAlertRuleTemplateSecurityIncidentTemplate: A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

displayName String
id String: The provider-assigned unique ID for this managed resource.
logAnalyticsWorkspaceId String
name String
nrtTemplates List<GetAlertRuleTemplateNrtTemplate>: A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
scheduledTemplates List<GetAlertRuleTemplateScheduledTemplate>: A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
securityIncidentTemplates List<GetAlertRuleTemplateSecurityIncidentTemplate>: A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

displayName string
id string: The provider-assigned unique ID for this managed resource.
logAnalyticsWorkspaceId string
name string
nrtTemplates GetAlertRuleTemplateNrtTemplate[]: A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
scheduledTemplates GetAlertRuleTemplateScheduledTemplate[]: A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
securityIncidentTemplates GetAlertRuleTemplateSecurityIncidentTemplate[]: A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

display_name str
id str: The provider-assigned unique ID for this managed resource.
log_analytics_workspace_id str
name str
nrt_templates Sequence[GetAlertRuleTemplateNrtTemplate]: A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
scheduled_templates Sequence[GetAlertRuleTemplateScheduledTemplate]: A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
security_incident_templates Sequence[GetAlertRuleTemplateSecurityIncidentTemplate]: A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

displayName String
id String: The provider-assigned unique ID for this managed resource.
logAnalyticsWorkspaceId String
name String
nrtTemplates List<Property Map>: A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
scheduledTemplates List<Property Map>: A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
securityIncidentTemplates List<Property Map>: A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

Supporting Types

GetAlertRuleTemplateNrtTemplate

Description string: The description of this Sentinel Scheduled Alert Rule Template.
Query string: The query of this Sentinel Scheduled Alert Rule Template.
Severity string: The alert severity of this Sentinel Scheduled Alert Rule Template.
Tactics List<string>: A list of categories of attacks by which to classify the rule.

Description string: The description of this Sentinel Scheduled Alert Rule Template.
Query string: The query of this Sentinel Scheduled Alert Rule Template.
Severity string: The alert severity of this Sentinel Scheduled Alert Rule Template.
Tactics []string: A list of categories of attacks by which to classify the rule.

description String: The description of this Sentinel Scheduled Alert Rule Template.
query String: The query of this Sentinel Scheduled Alert Rule Template.
severity String: The alert severity of this Sentinel Scheduled Alert Rule Template.
tactics List<String>: A list of categories of attacks by which to classify the rule.

description string: The description of this Sentinel Scheduled Alert Rule Template.
query string: The query of this Sentinel Scheduled Alert Rule Template.
severity string: The alert severity of this Sentinel Scheduled Alert Rule Template.
tactics string[]: A list of categories of attacks by which to classify the rule.

description str: The description of this Sentinel Scheduled Alert Rule Template.
query str: The query of this Sentinel Scheduled Alert Rule Template.
severity str: The alert severity of this Sentinel Scheduled Alert Rule Template.
tactics Sequence[str]: A list of categories of attacks by which to classify the rule.

description String: The description of this Sentinel Scheduled Alert Rule Template.
query String: The query of this Sentinel Scheduled Alert Rule Template.
severity String: The alert severity of this Sentinel Scheduled Alert Rule Template.
tactics List<String>: A list of categories of attacks by which to classify the rule.

GetAlertRuleTemplateScheduledTemplate

Description string: The description of this Sentinel Scheduled Alert Rule Template.
Query string: The query of this Sentinel Scheduled Alert Rule Template.
QueryFrequency string: The ISO 8601 timespan duration between two consecutive queries.
QueryPeriod string: The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
Severity string: The alert severity of this Sentinel Scheduled Alert Rule Template.
Tactics List<string>: A list of categories of attacks by which to classify the rule.
TriggerOperator string: The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
TriggerThreshold int: The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

Description string: The description of this Sentinel Scheduled Alert Rule Template.
Query string: The query of this Sentinel Scheduled Alert Rule Template.
QueryFrequency string: The ISO 8601 timespan duration between two consecutive queries.
QueryPeriod string: The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
Severity string: The alert severity of this Sentinel Scheduled Alert Rule Template.
Tactics []string: A list of categories of attacks by which to classify the rule.
TriggerOperator string: The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
TriggerThreshold int: The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

description String: The description of this Sentinel Scheduled Alert Rule Template.
query String: The query of this Sentinel Scheduled Alert Rule Template.
queryFrequency String: The ISO 8601 timespan duration between two consecutive queries.
queryPeriod String: The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
severity String: The alert severity of this Sentinel Scheduled Alert Rule Template.
tactics List<String>: A list of categories of attacks by which to classify the rule.
triggerOperator String: The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
triggerThreshold Integer: The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

description string: The description of this Sentinel Scheduled Alert Rule Template.
query string: The query of this Sentinel Scheduled Alert Rule Template.
queryFrequency string: The ISO 8601 timespan duration between two consecutive queries.
queryPeriod string: The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
severity string: The alert severity of this Sentinel Scheduled Alert Rule Template.
tactics string[]: A list of categories of attacks by which to classify the rule.
triggerOperator string: The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
triggerThreshold number: The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

description str: The description of this Sentinel Scheduled Alert Rule Template.
query str: The query of this Sentinel Scheduled Alert Rule Template.
query_frequency str: The ISO 8601 timespan duration between two consecutive queries.
query_period str: The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
severity str: The alert severity of this Sentinel Scheduled Alert Rule Template.
tactics Sequence[str]: A list of categories of attacks by which to classify the rule.
trigger_operator str: The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
trigger_threshold int: The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

description String: The description of this Sentinel Scheduled Alert Rule Template.
query String: The query of this Sentinel Scheduled Alert Rule Template.
queryFrequency String: The ISO 8601 timespan duration between two consecutive queries.
queryPeriod String: The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
severity String: The alert severity of this Sentinel Scheduled Alert Rule Template.
tactics List<String>: A list of categories of attacks by which to classify the rule.
triggerOperator String: The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
triggerThreshold Number: The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

GetAlertRuleTemplateSecurityIncidentTemplate

Description string: The description of this Sentinel Scheduled Alert Rule Template.
ProductFilter string: The Microsoft Security Service from where the alert will be generated.

Description string: The description of this Sentinel Scheduled Alert Rule Template.
ProductFilter string: The Microsoft Security Service from where the alert will be generated.

description String: The description of this Sentinel Scheduled Alert Rule Template.
productFilter String: The Microsoft Security Service from where the alert will be generated.

description string: The description of this Sentinel Scheduled Alert Rule Template.
productFilter string: The Microsoft Security Service from where the alert will be generated.

description str: The description of this Sentinel Scheduled Alert Rule Template.
product_filter str: The Microsoft Security Service from where the alert will be generated.

description String: The description of this Sentinel Scheduled Alert Rule Template.
productFilter String: The Microsoft Security Service from where the alert will be generated.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure Classic v5.49.0 published on Tuesday, Aug 29, 2023 by Pulumi

pulumi/pulumi-azure

azure.sentinel.getAlertRuleTemplate

On this page

On this page

Example Usage

Using getAlertRuleTemplate

getAlertRuleTemplate Result

Supporting Types

GetAlertRuleTemplateNrtTemplate

GetAlertRuleTemplateScheduledTemplate

GetAlertRuleTemplateSecurityIncidentTemplate

Package Details

On this page

On this page