azure.sentinel.getAlertRuleTemplate
Use this data source to access information about an existing Sentinel Alert Rule Template.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.Sentinel.GetAlertRuleTemplate.Invoke(new()
{
LogAnalyticsWorkspaceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
DisplayName = "Create incidents based on Azure Security Center for IoT alerts",
});
return new Dictionary<string, object?>
{
["id"] = example.Apply(getAlertRuleTemplateResult => getAlertRuleTemplateResult.Id),
};
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
DisplayName: pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
}, nil)
if err != nil {
return err
}
ctx.Export("id", example.Id)
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.sentinel.SentinelFunctions;
import com.pulumi.azure.sentinel.inputs.GetAlertRuleTemplateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SentinelFunctions.getAlertRuleTemplate(GetAlertRuleTemplateArgs.builder()
.logAnalyticsWorkspaceId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1")
.displayName("Create incidents based on Azure Security Center for IoT alerts")
.build());
ctx.export("id", example.applyValue(getAlertRuleTemplateResult -> getAlertRuleTemplateResult.id()));
}
}
import pulumi
import pulumi_azure as azure
example = azure.sentinel.get_alert_rule_template(log_analytics_workspace_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
display_name="Create incidents based on Azure Security Center for IoT alerts")
pulumi.export("id", example.id)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.sentinel.getAlertRuleTemplate({
logAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
displayName: "Create incidents based on Azure Security Center for IoT alerts",
});
export const id = example.then(example => example.id);
variables:
example:
fn::invoke:
Function: azure:sentinel:getAlertRuleTemplate
Arguments:
logAnalyticsWorkspaceId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1
displayName: Create incidents based on Azure Security Center for IoT alerts
outputs:
id: ${example.id}
Using getAlertRuleTemplate
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAlertRuleTemplate(args: GetAlertRuleTemplateArgs, opts?: InvokeOptions): Promise<GetAlertRuleTemplateResult>
function getAlertRuleTemplateOutput(args: GetAlertRuleTemplateOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleTemplateResult>def get_alert_rule_template(display_name: Optional[str] = None,
log_analytics_workspace_id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAlertRuleTemplateResult
def get_alert_rule_template_output(display_name: Optional[pulumi.Input[str]] = None,
log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleTemplateResult]func GetAlertRuleTemplate(ctx *Context, args *GetAlertRuleTemplateArgs, opts ...InvokeOption) (*GetAlertRuleTemplateResult, error)
func GetAlertRuleTemplateOutput(ctx *Context, args *GetAlertRuleTemplateOutputArgs, opts ...InvokeOption) GetAlertRuleTemplateResultOutput> Note: This function is named GetAlertRuleTemplate in the Go SDK.
public static class GetAlertRuleTemplate
{
public static Task<GetAlertRuleTemplateResult> InvokeAsync(GetAlertRuleTemplateArgs args, InvokeOptions? opts = null)
public static Output<GetAlertRuleTemplateResult> Invoke(GetAlertRuleTemplateInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: azure:sentinel/getAlertRuleTemplate:getAlertRuleTemplate
arguments:
# arguments dictionaryThe following arguments are supported:
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace.
- Display
Name string The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.- Name string
The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace.
- Display
Name string The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.- Name string
The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace.
- display
Name String The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.- name String
The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace.
- display
Name string The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.- name string
The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log_
analytics_ strworkspace_ id The ID of the Log Analytics Workspace.
- display_
name str The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.- name str
The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace.
- display
Name String The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.- name String
The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
getAlertRuleTemplate Result
The following output properties are available:
- Display
Name string - Id string
The provider-assigned unique ID for this managed resource.
- Log
Analytics stringWorkspace Id - Name string
- Nrt
Templates List<GetAlert Rule Template Nrt Template> A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.- Scheduled
Templates List<GetAlert Rule Template Scheduled Template> A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.- Security
Incident List<GetTemplates Alert Rule Template Security Incident Template> A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- Display
Name string - Id string
The provider-assigned unique ID for this managed resource.
- Log
Analytics stringWorkspace Id - Name string
- Nrt
Templates []GetAlert Rule Template Nrt Template A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.- Scheduled
Templates []GetAlert Rule Template Scheduled Template A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.- Security
Incident []GetTemplates Alert Rule Template Security Incident Template A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name String - id String
The provider-assigned unique ID for this managed resource.
- log
Analytics StringWorkspace Id - name String
- nrt
Templates List<GetAlert Rule Template Nrt Template> A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.- scheduled
Templates List<GetAlert Rule Template Scheduled Template> A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.- security
Incident List<GetTemplates Alert Rule Template Security Incident Template> A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name string - id string
The provider-assigned unique ID for this managed resource.
- log
Analytics stringWorkspace Id - name string
- nrt
Templates GetAlert Rule Template Nrt Template[] A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.- scheduled
Templates GetAlert Rule Template Scheduled Template[] A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.- security
Incident GetTemplates Alert Rule Template Security Incident Template[] A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display_
name str - id str
The provider-assigned unique ID for this managed resource.
- log_
analytics_ strworkspace_ id - name str
- nrt_
templates Sequence[GetAlert Rule Template Nrt Template] A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.- scheduled_
templates Sequence[GetAlert Rule Template Scheduled Template] A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.- security_
incident_ Sequence[Gettemplates Alert Rule Template Security Incident Template] A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name String - id String
The provider-assigned unique ID for this managed resource.
- log
Analytics StringWorkspace Id - name String
- nrt
Templates List<Property Map> A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.- scheduled
Templates List<Property Map> A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.- security
Incident List<Property Map>Templates A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
Supporting Types
GetAlertRuleTemplateNrtTemplate
- Description string
The description of this Sentinel Scheduled Alert Rule Template.
- Query string
The query of this Sentinel Scheduled Alert Rule Template.
- Severity string
The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics List<string>
A list of categories of attacks by which to classify the rule.
- Description string
The description of this Sentinel Scheduled Alert Rule Template.
- Query string
The query of this Sentinel Scheduled Alert Rule Template.
- Severity string
The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics []string
A list of categories of attacks by which to classify the rule.
- description String
The description of this Sentinel Scheduled Alert Rule Template.
- query String
The query of this Sentinel Scheduled Alert Rule Template.
- severity String
The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
A list of categories of attacks by which to classify the rule.
- description string
The description of this Sentinel Scheduled Alert Rule Template.
- query string
The query of this Sentinel Scheduled Alert Rule Template.
- severity string
The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics string[]
A list of categories of attacks by which to classify the rule.
- description str
The description of this Sentinel Scheduled Alert Rule Template.
- query str
The query of this Sentinel Scheduled Alert Rule Template.
- severity str
The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics Sequence[str]
A list of categories of attacks by which to classify the rule.
- description String
The description of this Sentinel Scheduled Alert Rule Template.
- query String
The query of this Sentinel Scheduled Alert Rule Template.
- severity String
The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
A list of categories of attacks by which to classify the rule.
GetAlertRuleTemplateScheduledTemplate
- Description string
The description of this Sentinel Scheduled Alert Rule Template.
- Query string
The query of this Sentinel Scheduled Alert Rule Template.
- Query
Frequency string The ISO 8601 timespan duration between two consecutive queries.
- Query
Period string The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- Severity string
The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics List<string>
A list of categories of attacks by which to classify the rule.
- Trigger
Operator string The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.- Trigger
Threshold int The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- Description string
The description of this Sentinel Scheduled Alert Rule Template.
- Query string
The query of this Sentinel Scheduled Alert Rule Template.
- Query
Frequency string The ISO 8601 timespan duration between two consecutive queries.
- Query
Period string The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- Severity string
The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics []string
A list of categories of attacks by which to classify the rule.
- Trigger
Operator string The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.- Trigger
Threshold int The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description String
The description of this Sentinel Scheduled Alert Rule Template.
- query String
The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency String The ISO 8601 timespan duration between two consecutive queries.
- query
Period String The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity String
The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
A list of categories of attacks by which to classify the rule.
- trigger
Operator String The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.- trigger
Threshold Integer The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description string
The description of this Sentinel Scheduled Alert Rule Template.
- query string
The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency string The ISO 8601 timespan duration between two consecutive queries.
- query
Period string The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity string
The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics string[]
A list of categories of attacks by which to classify the rule.
- trigger
Operator string The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.- trigger
Threshold number The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description str
The description of this Sentinel Scheduled Alert Rule Template.
- query str
The query of this Sentinel Scheduled Alert Rule Template.
- query_
frequency str The ISO 8601 timespan duration between two consecutive queries.
- query_
period str The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity str
The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics Sequence[str]
A list of categories of attacks by which to classify the rule.
- trigger_
operator str The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.- trigger_
threshold int The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description String
The description of this Sentinel Scheduled Alert Rule Template.
- query String
The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency String The ISO 8601 timespan duration between two consecutive queries.
- query
Period String The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity String
The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
A list of categories of attacks by which to classify the rule.
- trigger
Operator String The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.- trigger
Threshold Number The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
GetAlertRuleTemplateSecurityIncidentTemplate
- Description string
The description of this Sentinel Scheduled Alert Rule Template.
- Product
Filter string The Microsoft Security Service from where the alert will be generated.
- Description string
The description of this Sentinel Scheduled Alert Rule Template.
- Product
Filter string The Microsoft Security Service from where the alert will be generated.
- description String
The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter String The Microsoft Security Service from where the alert will be generated.
- description string
The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter string The Microsoft Security Service from where the alert will be generated.
- description str
The description of this Sentinel Scheduled Alert Rule Template.
- product_
filter str The Microsoft Security Service from where the alert will be generated.
- description String
The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter String The Microsoft Security Service from where the alert will be generated.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurermTerraform Provider.