pulumi-azure-native-kotlin/com.pulumi.azurenative.securityinsights.kotlin/IncidentArgs

IncidentArgs

data class IncidentArgs(val classification: Output<Either<String, IncidentClassification>>? = null, val classificationComment: Output<String>? = null, val classificationReason: Output<Either<String, IncidentClassificationReason>>? = null, val description: Output<String>? = null, val firstActivityTimeUtc: Output<String>? = null, val incidentId: Output<String>? = null, val labels: Output<List<IncidentLabelArgs>>? = null, val lastActivityTimeUtc: Output<String>? = null, val owner: Output<IncidentOwnerInfoArgs>? = null, val resourceGroupName: Output<String>? = null, val severity: Output<Either<String, IncidentSeverity>>? = null, val status: Output<Either<String, IncidentStatus>>? = null, val title: Output<String>? = null, val workspaceName: Output<String>? = null) : ConvertibleToJava<IncidentArgs>

Represents an incident in Azure Security Insights. API Version: 2020-01-01.

Example Usage

Creates or updates an incident.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var incident = new AzureNative.SecurityInsights.Incident("incident", new()
    {
        Classification = "FalsePositive",
        ClassificationComment = "Not a malicious activity",
        ClassificationReason = "IncorrectAlertLogic",
        Description = "This is a demo incident",
        FirstActivityTimeUtc = "2019-01-01T13:00:30Z",
        IncidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        LastActivityTimeUtc = "2019-01-01T13:05:30Z",
        Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
        {
            ObjectId = "2046feea-040d-4a46-9e2b-91c2941bfa70",
        },
        ResourceGroupName = "myRg",
        Severity = "High",
        Status = "Closed",
        Title = "My incident",
        WorkspaceName = "myWorkspace",
    });
});

package main
import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewIncident(ctx, "incident", &securityinsights.IncidentArgs{
			Classification:        pulumi.String("FalsePositive"),
			ClassificationComment: pulumi.String("Not a malicious activity"),
			ClassificationReason:  pulumi.String("IncorrectAlertLogic"),
			Description:           pulumi.String("This is a demo incident"),
			FirstActivityTimeUtc:  pulumi.String("2019-01-01T13:00:30Z"),
			IncidentId:            pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			LastActivityTimeUtc:   pulumi.String("2019-01-01T13:05:30Z"),
			Owner: &securityinsights.IncidentOwnerInfoArgs{
				ObjectId: pulumi.String("2046feea-040d-4a46-9e2b-91c2941bfa70"),
			},
			ResourceGroupName: pulumi.String("myRg"),
			Severity:          pulumi.String("High"),
			Status:            pulumi.String("Closed"),
			Title:             pulumi.String("My incident"),
			WorkspaceName:     pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.Incident;
import com.pulumi.azurenative.securityinsights.IncidentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var incident = new Incident("incident", IncidentArgs.builder()
            .classification("FalsePositive")
            .classificationComment("Not a malicious activity")
            .classificationReason("IncorrectAlertLogic")
            .description("This is a demo incident")
            .firstActivityTimeUtc("2019-01-01T13:00:30Z")
            .incidentId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .lastActivityTimeUtc("2019-01-01T13:05:30Z")
            .owner(Map.of("objectId", "2046feea-040d-4a46-9e2b-91c2941bfa70"))
            .resourceGroupName("myRg")
            .severity("High")
            .status("Closed")
            .title("My incident")
            .workspaceName("myWorkspace")
            .build());
    }
}

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:Incident 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5

Constructors

IncidentArgs

constructor(classification: Output<Either<String, IncidentClassification>>? = null, classificationComment: Output<String>? = null, classificationReason: Output<Either<String, IncidentClassificationReason>>? = null, description: Output<String>? = null, firstActivityTimeUtc: Output<String>? = null, incidentId: Output<String>? = null, labels: Output<List<IncidentLabelArgs>>? = null, lastActivityTimeUtc: Output<String>? = null, owner: Output<IncidentOwnerInfoArgs>? = null, resourceGroupName: Output<String>? = null, severity: Output<Either<String, IncidentSeverity>>? = null, status: Output<Either<String, IncidentStatus>>? = null, title: Output<String>? = null, workspaceName: Output<String>? = null)