Automation
Represents an automation rule. API Version: 2019-01-01-preview.
Example Usage
Creates or updates an automation rule.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
{
Actions = new[]
{
new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
{
ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfigurationArgs
{
Severity = "High",
},
ActionType = "ModifyProperties",
Order = 1,
},
new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs
{
ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfigurationArgs
{
LogicAppResourceId = "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
TenantId = "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
},
ActionType = "RunPlaybook",
Order = 2,
},
},
AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
DisplayName = "High severity incidents escalation",
OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
Order = 1,
ResourceGroupName = "myRg",
TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
{
Conditions = new[]
{
{
{ "conditionProperties", new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionPropertiesArgs
{
Operator = "Contains",
PropertyName = "IncidentRelatedAnalyticRuleIds",
PropertyValues = new[]
{
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
},
} },
{ "conditionType", "Property" },
},
},
IsEnabled = true,
TriggersOn = "Incidents",
TriggersWhen = "Created",
},
WorkspaceName = "myWorkspace",
});
});Content copied to clipboard
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
Actions: pulumi.AnyArray{
securityinsights.AutomationRuleModifyPropertiesAction{
ActionConfiguration: securityinsights.AutomationRuleModifyPropertiesActionActionConfiguration{
Severity: "High",
},
ActionType: "ModifyProperties",
Order: 1,
},
securityinsights.AutomationRuleRunPlaybookAction{
ActionConfiguration: securityinsights.AutomationRuleRunPlaybookActionActionConfiguration{
LogicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
TenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
},
ActionType: "RunPlaybook",
Order: 2,
},
},
AutomationRuleId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
DisplayName: pulumi.String("High severity incidents escalation"),
OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
Order: pulumi.Int(1),
ResourceGroupName: pulumi.String("myRg"),
TriggeringLogic: securityinsights.AutomationRuleTriggeringLogicResponse{
Conditions: []securityinsights.AutomationRulePropertyValuesConditionArgs{
{
ConditionProperties: {
Operator: pulumi.String("Contains"),
PropertyName: pulumi.String("IncidentRelatedAnalyticRuleIds"),
PropertyValues: pulumi.StringArray{
pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"),
},
},
ConditionType: pulumi.String("Property"),
},
},
IsEnabled: pulumi.Bool(true),
TriggersOn: pulumi.String("Incidents"),
TriggersWhen: pulumi.String("Created"),
},
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()
.actions(
Map.ofEntries(
Map.entry("actionConfiguration", Map.of("severity", "High")),
Map.entry("actionType", "ModifyProperties"),
Map.entry("order", 1)
),
Map.ofEntries(
Map.entry("actionConfiguration", Map.ofEntries(
Map.entry("logicAppResourceId", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
Map.entry("tenantId", "ee48efaf-50c6-411b-9345-b2bdc3eb4abc")
)),
Map.entry("actionType", "RunPlaybook"),
Map.entry("order", 2)
))
.automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.displayName("High severity incidents escalation")
.operationalInsightsResourceProvider("Microsoft.OperationalInsights")
.order(1)
.resourceGroupName("myRg")
.triggeringLogic(Map.ofEntries(
Map.entry("conditions", Map.ofEntries(
Map.entry("conditionProperties", Map.ofEntries(
Map.entry("operator", "Contains"),
Map.entry("propertyName", "IncidentRelatedAnalyticRuleIds"),
Map.entry("propertyValues",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")
)),
Map.entry("conditionType", "Property")
)),
Map.entry("isEnabled", true),
Map.entry("triggersOn", "Incidents"),
Map.entry("triggersWhen", "Created")
))
.workspaceName("myWorkspace")
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5Content copied to clipboard
Properties
Link copied to clipboard
val actions: Output<List<Either<AutomationRuleModifyPropertiesActionResponse, AutomationRuleRunPlaybookActionResponse>>>
The actions to execute when the automation rule is triggered
Link copied to clipboard
Describes the client that created the automation rule
Link copied to clipboard
The time the automation rule was created
Link copied to clipboard
The display name of the automation rule
Link copied to clipboard
Describes the client that last updated the automation rule
Link copied to clipboard
The last time the automation rule was updated
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
The triggering logic of the automation rule