Docs Home
We recommend using Azure Native.
Azure v6.22.1 published on Monday, May 12, 2025 by Pulumi
azure.sentinel.getAlertRuleTemplate
Explore with Pulumi AI
Use this data source to access information about an existing Sentinel Alert Rule Template.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.sentinel.getAlertRuleTemplate({
logAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
displayName: "Create incidents based on Azure Security Center for IoT alerts",
});
export const id = example.then(example => example.id);
import pulumi
import pulumi_azure as azure
example = azure.sentinel.get_alert_rule_template(log_analytics_workspace_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
display_name="Create incidents based on Azure Security Center for IoT alerts")
pulumi.export("id", example.id)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
DisplayName: pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
}, nil)
if err != nil {
return err
}
ctx.Export("id", example.Id)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = Azure.Sentinel.GetAlertRuleTemplate.Invoke(new()
{
LogAnalyticsWorkspaceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
DisplayName = "Create incidents based on Azure Security Center for IoT alerts",
});
return new Dictionary<string, object?>
{
["id"] = example.Apply(getAlertRuleTemplateResult => getAlertRuleTemplateResult.Id),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.sentinel.SentinelFunctions;
import com.pulumi.azure.sentinel.inputs.GetAlertRuleTemplateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SentinelFunctions.getAlertRuleTemplate(GetAlertRuleTemplateArgs.builder()
.logAnalyticsWorkspaceId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1")
.displayName("Create incidents based on Azure Security Center for IoT alerts")
.build());
ctx.export("id", example.id());
}
}
variables:
example:
fn::invoke:
function: azure:sentinel:getAlertRuleTemplate
arguments:
logAnalyticsWorkspaceId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1
displayName: Create incidents based on Azure Security Center for IoT alerts
outputs:
id: ${example.id}
Using getAlertRuleTemplate
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAlertRuleTemplate(args: GetAlertRuleTemplateArgs, opts?: InvokeOptions): Promise<GetAlertRuleTemplateResult>
function getAlertRuleTemplateOutput(args: GetAlertRuleTemplateOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleTemplateResult>def get_alert_rule_template(display_name: Optional[str] = None,
log_analytics_workspace_id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAlertRuleTemplateResult
def get_alert_rule_template_output(display_name: Optional[pulumi.Input[str]] = None,
log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleTemplateResult]func GetAlertRuleTemplate(ctx *Context, args *GetAlertRuleTemplateArgs, opts ...InvokeOption) (*GetAlertRuleTemplateResult, error)
func GetAlertRuleTemplateOutput(ctx *Context, args *GetAlertRuleTemplateOutputArgs, opts ...InvokeOption) GetAlertRuleTemplateResultOutput> Note: This function is named GetAlertRuleTemplate in the Go SDK.
public static class GetAlertRuleTemplate
{
public static Task<GetAlertRuleTemplateResult> InvokeAsync(GetAlertRuleTemplateArgs args, InvokeOptions? opts = null)
public static Output<GetAlertRuleTemplateResult> Invoke(GetAlertRuleTemplateInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
public static Output<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
fn::invoke:
function: azure:sentinel/getAlertRuleTemplate:getAlertRuleTemplate
arguments:
# arguments dictionaryThe following arguments are supported:
- Log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace.
- Display
Name string The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.NOTE As
display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with samedisplay_name.- Name string
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- Log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace.
- Display
Name string The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.NOTE As
display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with samedisplay_name.- Name string
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics StringWorkspace Id - The ID of the Log Analytics Workspace.
- display
Name String The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.NOTE As
display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with samedisplay_name.- name String
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace.
- display
Name string The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.NOTE As
display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with samedisplay_name.- name string
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log_
analytics_ strworkspace_ id - The ID of the Log Analytics Workspace.
- display_
name str The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.NOTE As
display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with samedisplay_name.- name str
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics StringWorkspace Id - The ID of the Log Analytics Workspace.
- display
Name String The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.NOTE As
display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with samedisplay_name.- name String
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
getAlertRuleTemplate Result
The following output properties are available:
- Display
Name string - Id string
- The provider-assigned unique ID for this managed resource.
- Log
Analytics stringWorkspace Id - Name string
- Nrt
Templates List<GetAlert Rule Template Nrt Template> - A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template. - Scheduled
Templates List<GetAlert Rule Template Scheduled Template> - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - Security
Incident List<GetTemplates Alert Rule Template Security Incident Template> - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- Display
Name string - Id string
- The provider-assigned unique ID for this managed resource.
- Log
Analytics stringWorkspace Id - Name string
- Nrt
Templates []GetAlert Rule Template Nrt Template - A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template. - Scheduled
Templates []GetAlert Rule Template Scheduled Template - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - Security
Incident []GetTemplates Alert Rule Template Security Incident Template - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name String - id String
- The provider-assigned unique ID for this managed resource.
- log
Analytics StringWorkspace Id - name String
- nrt
Templates List<GetAlert Rule Template Nrt Template> - A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template. - scheduled
Templates List<GetAlert Rule Template Scheduled Template> - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - security
Incident List<GetTemplates Alert Rule Template Security Incident Template> - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name string - id string
- The provider-assigned unique ID for this managed resource.
- log
Analytics stringWorkspace Id - name string
- nrt
Templates GetAlert Rule Template Nrt Template[] - A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template. - scheduled
Templates GetAlert Rule Template Scheduled Template[] - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - security
Incident GetTemplates Alert Rule Template Security Incident Template[] - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display_
name str - id str
- The provider-assigned unique ID for this managed resource.
- log_
analytics_ strworkspace_ id - name str
- nrt_
templates Sequence[GetAlert Rule Template Nrt Template] - A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template. - scheduled_
templates Sequence[GetAlert Rule Template Scheduled Template] - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - security_
incident_ Sequence[Gettemplates Alert Rule Template Security Incident Template] - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name String - id String
- The provider-assigned unique ID for this managed resource.
- log
Analytics StringWorkspace Id - name String
- nrt
Templates List<Property Map> - A
nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template. - scheduled
Templates List<Property Map> - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - security
Incident List<Property Map>Templates - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
Supporting Types
GetAlertRuleTemplateNrtTemplate
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics List<string>
- A list of categories of attacks by which to classify the rule.
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics []string
- A list of categories of attacks by which to classify the rule.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
- description string
- The description of this Sentinel Scheduled Alert Rule Template.
- query string
- The query of this Sentinel Scheduled Alert Rule Template.
- severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics string[]
- A list of categories of attacks by which to classify the rule.
- description str
- The description of this Sentinel Scheduled Alert Rule Template.
- query str
- The query of this Sentinel Scheduled Alert Rule Template.
- severity str
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics Sequence[str]
- A list of categories of attacks by which to classify the rule.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
GetAlertRuleTemplateScheduledTemplate
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- Query
Frequency string - The ISO 8601 timespan duration between two consecutive queries.
- Query
Period string - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics List<string>
- A list of categories of attacks by which to classify the rule.
- Trigger
Operator string - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - Trigger
Threshold int - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- Query
Frequency string - The ISO 8601 timespan duration between two consecutive queries.
- Query
Period string - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics []string
- A list of categories of attacks by which to classify the rule.
- Trigger
Operator string - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - Trigger
Threshold int - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency String - The ISO 8601 timespan duration between two consecutive queries.
- query
Period String - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
- trigger
Operator String - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - trigger
Threshold Integer - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description string
- The description of this Sentinel Scheduled Alert Rule Template.
- query string
- The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency string - The ISO 8601 timespan duration between two consecutive queries.
- query
Period string - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics string[]
- A list of categories of attacks by which to classify the rule.
- trigger
Operator string - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - trigger
Threshold number - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description str
- The description of this Sentinel Scheduled Alert Rule Template.
- query str
- The query of this Sentinel Scheduled Alert Rule Template.
- query_
frequency str - The ISO 8601 timespan duration between two consecutive queries.
- query_
period str - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity str
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics Sequence[str]
- A list of categories of attacks by which to classify the rule.
- trigger_
operator str - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - trigger_
threshold int - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency String - The ISO 8601 timespan duration between two consecutive queries.
- query
Period String - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
- trigger
Operator String - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - trigger
Threshold Number - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
GetAlertRuleTemplateSecurityIncidentTemplate
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Product
Filter string - The Microsoft Security Service from where the alert will be generated.
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Product
Filter string - The Microsoft Security Service from where the alert will be generated.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter String - The Microsoft Security Service from where the alert will be generated.
- description string
- The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter string - The Microsoft Security Service from where the alert will be generated.
- description str
- The description of this Sentinel Scheduled Alert Rule Template.
- product_
filter str - The Microsoft Security Service from where the alert will be generated.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter String - The Microsoft Security Service from where the alert will be generated.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.