We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Use this data source to access information about an existing Sentinel Alert Rule Template.
Example Usage
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var example = Output.Create(Azure.Sentinel.GetAlertRuleTemplate.InvokeAsync(new Azure.Sentinel.GetAlertRuleTemplateArgs
{
LogAnalyticsWorkspaceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
DisplayName = "Create incidents based on Azure Security Center for IoT alerts",
}));
this.Id = example.Apply(example => example.Id);
}
[Output("id")]
public Output<string> Id { get; set; }
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
DisplayName: pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
}, nil)
if err != nil {
return err
}
ctx.Export("id", example.Id)
return nil
})
}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.sentinel.getAlertRuleTemplate({
logAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
displayName: "Create incidents based on Azure Security Center for IoT alerts",
});
export const id = example.then(example => example.id);
import pulumi
import pulumi_azure as azure
example = azure.sentinel.get_alert_rule_template(log_analytics_workspace_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
display_name="Create incidents based on Azure Security Center for IoT alerts")
pulumi.export("id", example.id)
Example coming soon!
Using getAlertRuleTemplate
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAlertRuleTemplate(args: GetAlertRuleTemplateArgs, opts?: InvokeOptions): Promise<GetAlertRuleTemplateResult>
function getAlertRuleTemplateOutput(args: GetAlertRuleTemplateOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleTemplateResult>def get_alert_rule_template(display_name: Optional[str] = None,
log_analytics_workspace_id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAlertRuleTemplateResult
def get_alert_rule_template_output(display_name: Optional[pulumi.Input[str]] = None,
log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleTemplateResult]func GetAlertRuleTemplate(ctx *Context, args *GetAlertRuleTemplateArgs, opts ...InvokeOption) (*GetAlertRuleTemplateResult, error)
func GetAlertRuleTemplateOutput(ctx *Context, args *GetAlertRuleTemplateOutputArgs, opts ...InvokeOption) GetAlertRuleTemplateResultOutput> Note: This function is named GetAlertRuleTemplate in the Go SDK.
public static class GetAlertRuleTemplate
{
public static Task<GetAlertRuleTemplateResult> InvokeAsync(GetAlertRuleTemplateArgs args, InvokeOptions? opts = null)
public static Output<GetAlertRuleTemplateResult> Invoke(GetAlertRuleTemplateInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
public static Output<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
fn::invoke:
function: azure:sentinel/getAlertRuleTemplate:getAlertRuleTemplate
arguments:
# arguments dictionaryThe following arguments are supported:
- Log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace.
- Display
Name string - The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified. - Name string
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- Log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace.
- Display
Name string - The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified. - Name string
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics StringWorkspace Id - The ID of the Log Analytics Workspace.
- display
Name String - The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified. - name String
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics stringWorkspace Id - The ID of the Log Analytics Workspace.
- display
Name string - The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified. - name string
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log_
analytics_ strworkspace_ id - The ID of the Log Analytics Workspace.
- display_
name str - The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified. - name str
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
- log
Analytics StringWorkspace Id - The ID of the Log Analytics Workspace.
- display
Name String - The display name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified. - name String
- The name of this Sentinel Alert Rule Template. Either
display_nameornamehave to be specified.
getAlertRuleTemplate Result
The following output properties are available:
- Display
Name string - Id string
- The provider-assigned unique ID for this managed resource.
- Log
Analytics stringWorkspace Id - Name string
- Scheduled
Templates List<GetAlert Rule Template Scheduled Template> - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - Security
Incident List<GetTemplates Alert Rule Template Security Incident Template> - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- Display
Name string - Id string
- The provider-assigned unique ID for this managed resource.
- Log
Analytics stringWorkspace Id - Name string
- Scheduled
Templates []GetAlert Rule Template Scheduled Template - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - Security
Incident []GetTemplates Alert Rule Template Security Incident Template - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name String - id String
- The provider-assigned unique ID for this managed resource.
- log
Analytics StringWorkspace Id - name String
- scheduled
Templates List<GetAlert Rule Template Scheduled Template> - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - security
Incident List<GetTemplates Alert Rule Template Security Incident Template> - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name string - id string
- The provider-assigned unique ID for this managed resource.
- log
Analytics stringWorkspace Id - name string
- scheduled
Templates GetAlert Rule Template Scheduled Template[] - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - security
Incident GetTemplates Alert Rule Template Security Incident Template[] - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display_
name str - id str
- The provider-assigned unique ID for this managed resource.
- log_
analytics_ strworkspace_ id - name str
- scheduled_
templates Sequence[GetAlert Rule Template Scheduled Template] - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - security_
incident_ Sequence[Gettemplates Alert Rule Template Security Incident Template] - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display
Name String - id String
- The provider-assigned unique ID for this managed resource.
- log
Analytics StringWorkspace Id - name String
- scheduled
Templates List<Property Map> - A
scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template. - security
Incident List<Property Map>Templates - A
security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
Supporting Types
GetAlertRuleTemplateScheduledTemplate
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- Query
Frequency string - The ISO 8601 timespan duration between two consecutive queries.
- Query
Period string - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics List<string>
- A list of categories of attacks by which to classify the rule.
- Trigger
Operator string - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - Trigger
Threshold int - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- Query
Frequency string - The ISO 8601 timespan duration between two consecutive queries.
- Query
Period string - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics []string
- A list of categories of attacks by which to classify the rule.
- Trigger
Operator string - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - Trigger
Threshold int - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency String - The ISO 8601 timespan duration between two consecutive queries.
- query
Period String - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
- trigger
Operator String - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - trigger
Threshold Integer - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description string
- The description of this Sentinel Scheduled Alert Rule Template.
- query string
- The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency string - The ISO 8601 timespan duration between two consecutive queries.
- query
Period string - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics string[]
- A list of categories of attacks by which to classify the rule.
- trigger
Operator string - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - trigger
Threshold number - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description str
- The description of this Sentinel Scheduled Alert Rule Template.
- query str
- The query of this Sentinel Scheduled Alert Rule Template.
- query_
frequency str - The ISO 8601 timespan duration between two consecutive queries.
- query_
period str - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity str
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics Sequence[str]
- A list of categories of attacks by which to classify the rule.
- trigger_
operator str - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - trigger_
threshold int - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- query
Frequency String - The ISO 8601 timespan duration between two consecutive queries.
- query
Period String - The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
- trigger
Operator String - The alert trigger operator, combined with
trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template. - trigger
Threshold Number - The baseline number of query results generated, combined with
trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
GetAlertRuleTemplateSecurityIncidentTemplate
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Product
Filter string - The Microsoft Security Service from where the alert will be generated.
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Product
Filter string - The Microsoft Security Service from where the alert will be generated.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter String - The Microsoft Security Service from where the alert will be generated.
- description string
- The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter string - The Microsoft Security Service from where the alert will be generated.
- description str
- The description of this Sentinel Scheduled Alert Rule Template.
- product_
filter str - The Microsoft Security Service from where the alert will be generated.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- product
Filter String - The Microsoft Security Service from where the alert will be generated.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.
We recommend using Azure Native.
Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
