pulumi-azure-native-kotlin/com.pulumi.azurenative.securityinsights.kotlin/AutomationRuleArgs

AutomationRuleArgs

data class AutomationRuleArgs(val actions: Output<List<Either<AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs>>>? = null, val automationRuleId: Output<String>? = null, val displayName: Output<String>? = null, val operationalInsightsResourceProvider: Output<String>? = null, val order: Output<Int>? = null, val resourceGroupName: Output<String>? = null, val triggeringLogic: Output<AutomationRuleTriggeringLogicArgs>? = null, val workspaceName: Output<String>? = null) : ConvertibleToJava<AutomationRuleArgs>

Represents an automation rule. API Version: 2019-01-01-preview.

Example Usage

Creates or updates an automation rule.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
    {
        Actions = new[]
        {
            new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
            {
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfigurationArgs
                {
                    Severity = "High",
                },
                ActionType = "ModifyProperties",
                Order = 1,
            },
            new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs
            {
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfigurationArgs
                {
                    LogicAppResourceId = "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                    TenantId = "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
                },
                ActionType = "RunPlaybook",
                Order = 2,
            },
        },
        AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        DisplayName = "High severity incidents escalation",
        OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
        Order = 1,
        ResourceGroupName = "myRg",
        TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
        {
            Conditions = new[]
            {
                {
                    { "conditionProperties", new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionPropertiesArgs
                    {
                        Operator = "Contains",
                        PropertyName = "IncidentRelatedAnalyticRuleIds",
                        PropertyValues = new[]
                        {
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                        },
                    } },
                    { "conditionType", "Property" },
                },
            },
            IsEnabled = true,
            TriggersOn = "Incidents",
            TriggersWhen = "Created",
        },
        WorkspaceName = "myWorkspace",
    });
});
Content copied to clipboard
package main
import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
			Actions: pulumi.AnyArray{
				securityinsights.AutomationRuleModifyPropertiesAction{
					ActionConfiguration: securityinsights.AutomationRuleModifyPropertiesActionActionConfiguration{
						Severity: "High",
					},
					ActionType: "ModifyProperties",
					Order:      1,
				},
				securityinsights.AutomationRuleRunPlaybookAction{
					ActionConfiguration: securityinsights.AutomationRuleRunPlaybookActionActionConfiguration{
						LogicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
						TenantId:           "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
					},
					ActionType: "RunPlaybook",
					Order:      2,
				},
			},
			AutomationRuleId:                    pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			DisplayName:                         pulumi.String("High severity incidents escalation"),
			OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
			Order:                               pulumi.Int(1),
			ResourceGroupName:                   pulumi.String("myRg"),
			TriggeringLogic: securityinsights.AutomationRuleTriggeringLogicResponse{
				Conditions: []securityinsights.AutomationRulePropertyValuesConditionArgs{
					{
						ConditionProperties: {
							Operator:     pulumi.String("Contains"),
							PropertyName: pulumi.String("IncidentRelatedAnalyticRuleIds"),
							PropertyValues: pulumi.StringArray{
								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"),
							},
						},
						ConditionType: pulumi.String("Property"),
					},
				},
				IsEnabled:    pulumi.Bool(true),
				TriggersOn:   pulumi.String("Incidents"),
				TriggersWhen: pulumi.String("Created"),
			},
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()
            .actions(
                Map.ofEntries(
                    Map.entry("actionConfiguration", Map.of("severity", "High")),
                    Map.entry("actionType", "ModifyProperties"),
                    Map.entry("order", 1)
                ),
                Map.ofEntries(
                    Map.entry("actionConfiguration", Map.ofEntries(
                        Map.entry("logicAppResourceId", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
                        Map.entry("tenantId", "ee48efaf-50c6-411b-9345-b2bdc3eb4abc")
                    )),
                    Map.entry("actionType", "RunPlaybook"),
                    Map.entry("order", 2)
                ))
            .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .displayName("High severity incidents escalation")
            .operationalInsightsResourceProvider("Microsoft.OperationalInsights")
            .order(1)
            .resourceGroupName("myRg")
            .triggeringLogic(Map.ofEntries(
                Map.entry("conditions", Map.ofEntries(
                    Map.entry("conditionProperties", Map.ofEntries(
                        Map.entry("operator", "Contains"),
                        Map.entry("propertyName", "IncidentRelatedAnalyticRuleIds"),
                        Map.entry("propertyValues",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")
                    )),
                    Map.entry("conditionType", "Property")
                )),
                Map.entry("isEnabled", true),
                Map.entry("triggersOn", "Incidents"),
                Map.entry("triggersWhen", "Created")
            ))
            .workspaceName("myWorkspace")
            .build());
    }
}
Content copied to clipboard

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5
Content copied to clipboard

Constructors

Link copied to clipboard
fun AutomationRuleArgs(actions: Output<List<Either<AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs>>>? = null, automationRuleId: Output<String>? = null, displayName: Output<String>? = null, operationalInsightsResourceProvider: Output<String>? = null, order: Output<Int>? = null, resourceGroupName: Output<String>? = null, triggeringLogic: Output<AutomationRuleTriggeringLogicArgs>? = null, workspaceName: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): AutomationRuleArgs

Properties

Link copied to clipboard
val actions: Output<List<Either<AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs>>>? = null

The actions to execute when the automation rule is triggered

Link copied to clipboard
val automationRuleId: Output<String>? = null

Automation rule ID

Link copied to clipboard
val displayName: Output<String>? = null

The display name of the automation rule

Link copied to clipboard
val operationalInsightsResourceProvider: Output<String>? = null

The namespace of workspaces resource provider- Microsoft.OperationalInsights.

Link copied to clipboard
val order: Output<Int>? = null

The order of execution of the automation rule

Link copied to clipboard
val resourceGroupName: Output<String>? = null

The name of the resource group within the user's subscription. The name is case insensitive.

Link copied to clipboard
val triggeringLogic: Output<AutomationRuleTriggeringLogicArgs>? = null

The triggering logic of the automation rule

Link copied to clipboard
val workspaceName: Output<String>? = null

The name of the workspace.