pulumi-azure-native-kotlin/com.pulumi.azurenative.securityinsights.kotlin/ScheduledAlertRuleArgs

ScheduledAlertRuleArgs

data class ScheduledAlertRuleArgs(val alertRuleTemplateName: Output<String>? = null, val description: Output<String>? = null, val displayName: Output<String>? = null, val enabled: Output<Boolean>? = null, val kind: Output<String>? = null, val query: Output<String>? = null, val queryFrequency: Output<String>? = null, val queryPeriod: Output<String>? = null, val resourceGroupName: Output<String>? = null, val ruleId: Output<String>? = null, val severity: Output<Either<String, AlertSeverity>>? = null, val suppressionDuration: Output<String>? = null, val suppressionEnabled: Output<Boolean>? = null, val tactics: Output<List<Either<String, AttackTactic>>>? = null, val triggerOperator: Output<TriggerOperator>? = null, val triggerThreshold: Output<Int>? = null, val workspaceName: Output<String>? = null) : ConvertibleToJava<ScheduledAlertRuleArgs>

Represents scheduled alert rule. API Version: 2020-01-01.

Example Usage

Creates or updates a Fusion alert rule.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
    {
        ResourceGroupName = "myRg",
        RuleId = "myFirstFusionRule",
        WorkspaceName = "myWorkspace",
    });
});

package main
import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
			ResourceGroupName: pulumi.String("myRg"),
			RuleId:            pulumi.String("myFirstFusionRule"),
			WorkspaceName:     pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
            .resourceGroupName("myRg")
            .ruleId("myFirstFusionRule")
            .workspaceName("myWorkspace")
            .build());
    }
}

Creates or updates a MicrosoftSecurityIncidentCreation rule.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
    {
        ResourceGroupName = "myRg",
        RuleId = "microsoftSecurityIncidentCreationRuleExample",
        WorkspaceName = "myWorkspace",
    });
});

package main
import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
			ResourceGroupName: pulumi.String("myRg"),
			RuleId:            pulumi.String("microsoftSecurityIncidentCreationRuleExample"),
			WorkspaceName:     pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
            .resourceGroupName("myRg")
            .ruleId("microsoftSecurityIncidentCreationRuleExample")
            .workspaceName("myWorkspace")
            .build());
    }
}

Creates or updates a Scheduled alert rule.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var scheduledAlertRule = new AzureNative.SecurityInsights.ScheduledAlertRule("scheduledAlertRule", new()
    {
        Description = "",
        DisplayName = "Rule2",
        Enabled = true,
        Kind = "Scheduled",
        Query = "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden",
        QueryFrequency = "PT1H",
        QueryPeriod = "P2DT1H30M",
        ResourceGroupName = "myRg",
        RuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        Severity = "High",
        SuppressionDuration = "PT1H",
        SuppressionEnabled = false,
        Tactics = new[]
        {
            "Persistence",
            "LateralMovement",
        },
        TriggerOperator = AzureNative.SecurityInsights.TriggerOperator.GreaterThan,
        TriggerThreshold = 0,
        WorkspaceName = "myWorkspace",
    });
});

package main
import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewScheduledAlertRule(ctx, "scheduledAlertRule", &securityinsights.ScheduledAlertRuleArgs{
			Description:         pulumi.String(""),
			DisplayName:         pulumi.String("Rule2"),
			Enabled:             pulumi.Bool(true),
			Kind:                pulumi.String("Scheduled"),
			Query:               pulumi.String("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden"),
			QueryFrequency:      pulumi.String("PT1H"),
			QueryPeriod:         pulumi.String("P2DT1H30M"),
			ResourceGroupName:   pulumi.String("myRg"),
			RuleId:              pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			Severity:            pulumi.String("High"),
			SuppressionDuration: pulumi.String("PT1H"),
			SuppressionEnabled:  pulumi.Bool(false),
			Tactics: pulumi.StringArray{
				pulumi.String("Persistence"),
				pulumi.String("LateralMovement"),
			},
			TriggerOperator:  securityinsights.TriggerOperatorGreaterThan,
			TriggerThreshold: pulumi.Int(0),
			WorkspaceName:    pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
            .description("")
            .displayName("Rule2")
            .enabled(true)
            .kind("Scheduled")
            .query("ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden")
            .queryFrequency("PT1H")
            .queryPeriod("P2DT1H30M")
            .resourceGroupName("myRg")
            .ruleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .severity("High")
            .suppressionDuration("PT1H")
            .suppressionEnabled(false)
            .tactics(
                "Persistence",
                "LateralMovement")
            .triggerOperator("GreaterThan")
            .triggerThreshold(0)
            .workspaceName("myWorkspace")
            .build());
    }
}

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:ScheduledAlertRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5

Constructors

ScheduledAlertRuleArgs

constructor(alertRuleTemplateName: Output<String>? = null, description: Output<String>? = null, displayName: Output<String>? = null, enabled: Output<Boolean>? = null, kind: Output<String>? = null, query: Output<String>? = null, queryFrequency: Output<String>? = null, queryPeriod: Output<String>? = null, resourceGroupName: Output<String>? = null, ruleId: Output<String>? = null, severity: Output<Either<String, AlertSeverity>>? = null, suppressionDuration: Output<String>? = null, suppressionEnabled: Output<Boolean>? = null, tactics: Output<List<Either<String, AttackTactic>>>? = null, triggerOperator: Output<TriggerOperator>? = null, triggerThreshold: Output<Int>? = null, workspaceName: Output<String>? = null)