1. Packages
  2. Azure Classic
  3. API Docs
  4. sentinel
  5. getAlertRuleTemplate

We recommend using Azure Native.

Azure Classic v5.71.0 published on Tuesday, Apr 9, 2024 by Pulumi

azure.sentinel.getAlertRuleTemplate

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.71.0 published on Tuesday, Apr 9, 2024 by Pulumi

    Use this data source to access information about an existing Sentinel Alert Rule Template.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = azure.sentinel.getAlertRuleTemplate({
        logAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
        displayName: "Create incidents based on Azure Security Center for IoT alerts",
    });
    export const id = example.then(example => example.id);
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.sentinel.get_alert_rule_template(log_analytics_workspace_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
        display_name="Create incidents based on Azure Security Center for IoT alerts")
    pulumi.export("id", example.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
    			LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
    			DisplayName:             pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		ctx.Export("id", example.Id)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = Azure.Sentinel.GetAlertRuleTemplate.Invoke(new()
        {
            LogAnalyticsWorkspaceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
            DisplayName = "Create incidents based on Azure Security Center for IoT alerts",
        });
    
        return new Dictionary<string, object?>
        {
            ["id"] = example.Apply(getAlertRuleTemplateResult => getAlertRuleTemplateResult.Id),
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.sentinel.SentinelFunctions;
    import com.pulumi.azure.sentinel.inputs.GetAlertRuleTemplateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var example = SentinelFunctions.getAlertRuleTemplate(GetAlertRuleTemplateArgs.builder()
                .logAnalyticsWorkspaceId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1")
                .displayName("Create incidents based on Azure Security Center for IoT alerts")
                .build());
    
            ctx.export("id", example.applyValue(getAlertRuleTemplateResult -> getAlertRuleTemplateResult.id()));
        }
    }
    
    variables:
      example:
        fn::invoke:
          Function: azure:sentinel:getAlertRuleTemplate
          Arguments:
            logAnalyticsWorkspaceId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1
            displayName: Create incidents based on Azure Security Center for IoT alerts
    outputs:
      id: ${example.id}
    

    Using getAlertRuleTemplate

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAlertRuleTemplate(args: GetAlertRuleTemplateArgs, opts?: InvokeOptions): Promise<GetAlertRuleTemplateResult>
    function getAlertRuleTemplateOutput(args: GetAlertRuleTemplateOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleTemplateResult>
    def get_alert_rule_template(display_name: Optional[str] = None,
                                log_analytics_workspace_id: Optional[str] = None,
                                name: Optional[str] = None,
                                opts: Optional[InvokeOptions] = None) -> GetAlertRuleTemplateResult
    def get_alert_rule_template_output(display_name: Optional[pulumi.Input[str]] = None,
                                log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
                                name: Optional[pulumi.Input[str]] = None,
                                opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleTemplateResult]
    func GetAlertRuleTemplate(ctx *Context, args *GetAlertRuleTemplateArgs, opts ...InvokeOption) (*GetAlertRuleTemplateResult, error)
    func GetAlertRuleTemplateOutput(ctx *Context, args *GetAlertRuleTemplateOutputArgs, opts ...InvokeOption) GetAlertRuleTemplateResultOutput

    > Note: This function is named GetAlertRuleTemplate in the Go SDK.

    public static class GetAlertRuleTemplate 
    {
        public static Task<GetAlertRuleTemplateResult> InvokeAsync(GetAlertRuleTemplateArgs args, InvokeOptions? opts = null)
        public static Output<GetAlertRuleTemplateResult> Invoke(GetAlertRuleTemplateInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: azure:sentinel/getAlertRuleTemplate:getAlertRuleTemplate
      arguments:
        # arguments dictionary

    The following arguments are supported:

    LogAnalyticsWorkspaceId string
    The ID of the Log Analytics Workspace.
    DisplayName string

    The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

    NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.

    Name string
    The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
    LogAnalyticsWorkspaceId string
    The ID of the Log Analytics Workspace.
    DisplayName string

    The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

    NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.

    Name string
    The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
    logAnalyticsWorkspaceId String
    The ID of the Log Analytics Workspace.
    displayName String

    The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

    NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.

    name String
    The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
    logAnalyticsWorkspaceId string
    The ID of the Log Analytics Workspace.
    displayName string

    The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

    NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.

    name string
    The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
    log_analytics_workspace_id str
    The ID of the Log Analytics Workspace.
    display_name str

    The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

    NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.

    name str
    The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
    logAnalyticsWorkspaceId String
    The ID of the Log Analytics Workspace.
    displayName String

    The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

    NOTE As display_name is not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same display_name.

    name String
    The name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

    getAlertRuleTemplate Result

    The following output properties are available:

    DisplayName string
    Id string
    The provider-assigned unique ID for this managed resource.
    LogAnalyticsWorkspaceId string
    Name string
    NrtTemplates List<GetAlertRuleTemplateNrtTemplate>
    A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
    ScheduledTemplates List<GetAlertRuleTemplateScheduledTemplate>
    A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
    SecurityIncidentTemplates List<GetAlertRuleTemplateSecurityIncidentTemplate>
    A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
    DisplayName string
    Id string
    The provider-assigned unique ID for this managed resource.
    LogAnalyticsWorkspaceId string
    Name string
    NrtTemplates []GetAlertRuleTemplateNrtTemplate
    A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
    ScheduledTemplates []GetAlertRuleTemplateScheduledTemplate
    A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
    SecurityIncidentTemplates []GetAlertRuleTemplateSecurityIncidentTemplate
    A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
    displayName String
    id String
    The provider-assigned unique ID for this managed resource.
    logAnalyticsWorkspaceId String
    name String
    nrtTemplates List<GetAlertRuleTemplateNrtTemplate>
    A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
    scheduledTemplates List<GetAlertRuleTemplateScheduledTemplate>
    A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
    securityIncidentTemplates List<GetAlertRuleTemplateSecurityIncidentTemplate>
    A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
    displayName string
    id string
    The provider-assigned unique ID for this managed resource.
    logAnalyticsWorkspaceId string
    name string
    nrtTemplates GetAlertRuleTemplateNrtTemplate[]
    A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
    scheduledTemplates GetAlertRuleTemplateScheduledTemplate[]
    A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
    securityIncidentTemplates GetAlertRuleTemplateSecurityIncidentTemplate[]
    A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
    display_name str
    id str
    The provider-assigned unique ID for this managed resource.
    log_analytics_workspace_id str
    name str
    nrt_templates Sequence[GetAlertRuleTemplateNrtTemplate]
    A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
    scheduled_templates Sequence[GetAlertRuleTemplateScheduledTemplate]
    A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
    security_incident_templates Sequence[GetAlertRuleTemplateSecurityIncidentTemplate]
    A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
    displayName String
    id String
    The provider-assigned unique ID for this managed resource.
    logAnalyticsWorkspaceId String
    name String
    nrtTemplates List<Property Map>
    A nrt_template block as defined below. This only applies to Sentinel NRT Alert Rule Template.
    scheduledTemplates List<Property Map>
    A scheduled_template block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
    securityIncidentTemplates List<Property Map>
    A security_incident_template block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

    Supporting Types

    GetAlertRuleTemplateNrtTemplate

    Description string
    The description of this Sentinel Scheduled Alert Rule Template.
    Query string
    The query of this Sentinel Scheduled Alert Rule Template.
    Severity string
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    Tactics List<string>
    A list of categories of attacks by which to classify the rule.
    Description string
    The description of this Sentinel Scheduled Alert Rule Template.
    Query string
    The query of this Sentinel Scheduled Alert Rule Template.
    Severity string
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    Tactics []string
    A list of categories of attacks by which to classify the rule.
    description String
    The description of this Sentinel Scheduled Alert Rule Template.
    query String
    The query of this Sentinel Scheduled Alert Rule Template.
    severity String
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    tactics List<String>
    A list of categories of attacks by which to classify the rule.
    description string
    The description of this Sentinel Scheduled Alert Rule Template.
    query string
    The query of this Sentinel Scheduled Alert Rule Template.
    severity string
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    tactics string[]
    A list of categories of attacks by which to classify the rule.
    description str
    The description of this Sentinel Scheduled Alert Rule Template.
    query str
    The query of this Sentinel Scheduled Alert Rule Template.
    severity str
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    tactics Sequence[str]
    A list of categories of attacks by which to classify the rule.
    description String
    The description of this Sentinel Scheduled Alert Rule Template.
    query String
    The query of this Sentinel Scheduled Alert Rule Template.
    severity String
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    tactics List<String>
    A list of categories of attacks by which to classify the rule.

    GetAlertRuleTemplateScheduledTemplate

    Description string
    The description of this Sentinel Scheduled Alert Rule Template.
    Query string
    The query of this Sentinel Scheduled Alert Rule Template.
    QueryFrequency string
    The ISO 8601 timespan duration between two consecutive queries.
    QueryPeriod string
    The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
    Severity string
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    Tactics List<string>
    A list of categories of attacks by which to classify the rule.
    TriggerOperator string
    The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    TriggerThreshold int
    The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    Description string
    The description of this Sentinel Scheduled Alert Rule Template.
    Query string
    The query of this Sentinel Scheduled Alert Rule Template.
    QueryFrequency string
    The ISO 8601 timespan duration between two consecutive queries.
    QueryPeriod string
    The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
    Severity string
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    Tactics []string
    A list of categories of attacks by which to classify the rule.
    TriggerOperator string
    The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    TriggerThreshold int
    The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    description String
    The description of this Sentinel Scheduled Alert Rule Template.
    query String
    The query of this Sentinel Scheduled Alert Rule Template.
    queryFrequency String
    The ISO 8601 timespan duration between two consecutive queries.
    queryPeriod String
    The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
    severity String
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    tactics List<String>
    A list of categories of attacks by which to classify the rule.
    triggerOperator String
    The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    triggerThreshold Integer
    The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    description string
    The description of this Sentinel Scheduled Alert Rule Template.
    query string
    The query of this Sentinel Scheduled Alert Rule Template.
    queryFrequency string
    The ISO 8601 timespan duration between two consecutive queries.
    queryPeriod string
    The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
    severity string
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    tactics string[]
    A list of categories of attacks by which to classify the rule.
    triggerOperator string
    The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    triggerThreshold number
    The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    description str
    The description of this Sentinel Scheduled Alert Rule Template.
    query str
    The query of this Sentinel Scheduled Alert Rule Template.
    query_frequency str
    The ISO 8601 timespan duration between two consecutive queries.
    query_period str
    The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
    severity str
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    tactics Sequence[str]
    A list of categories of attacks by which to classify the rule.
    trigger_operator str
    The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    trigger_threshold int
    The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    description String
    The description of this Sentinel Scheduled Alert Rule Template.
    query String
    The query of this Sentinel Scheduled Alert Rule Template.
    queryFrequency String
    The ISO 8601 timespan duration between two consecutive queries.
    queryPeriod String
    The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
    severity String
    The alert severity of this Sentinel Scheduled Alert Rule Template.
    tactics List<String>
    A list of categories of attacks by which to classify the rule.
    triggerOperator String
    The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
    triggerThreshold Number
    The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

    GetAlertRuleTemplateSecurityIncidentTemplate

    Description string
    The description of this Sentinel Scheduled Alert Rule Template.
    ProductFilter string
    The Microsoft Security Service from where the alert will be generated.
    Description string
    The description of this Sentinel Scheduled Alert Rule Template.
    ProductFilter string
    The Microsoft Security Service from where the alert will be generated.
    description String
    The description of this Sentinel Scheduled Alert Rule Template.
    productFilter String
    The Microsoft Security Service from where the alert will be generated.
    description string
    The description of this Sentinel Scheduled Alert Rule Template.
    productFilter string
    The Microsoft Security Service from where the alert will be generated.
    description str
    The description of this Sentinel Scheduled Alert Rule Template.
    product_filter str
    The Microsoft Security Service from where the alert will be generated.
    description String
    The description of this Sentinel Scheduled Alert Rule Template.
    productFilter String
    The Microsoft Security Service from where the alert will be generated.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.71.0 published on Tuesday, Apr 9, 2024 by Pulumi