pulumi-azure-native-kotlin/com.pulumi.azurenative.security.kotlin/AlertsSuppressionRuleArgs

AlertsSuppressionRuleArgs

data class AlertsSuppressionRuleArgs(val alertType: Output<String>? = null, val alertsSuppressionRuleName: Output<String>? = null, val comment: Output<String>? = null, val expirationDateUtc: Output<String>? = null, val reason: Output<String>? = null, val state: Output<Either<String, RuleState>>? = null, val suppressionAlertsScope: Output<SuppressionAlertsScopeArgs>? = null) : ConvertibleToJava<AlertsSuppressionRuleArgs>

Describes the suppression rule Uses Azure REST API version 2019-01-01-preview. In version 2.x of the Azure Native provider, it used API version 2019-01-01-preview.

Example Usage

Update or create suppression rule for subscription

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var alertsSuppressionRule = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRule", new()
    {
        AlertType = "IpAnomaly",
        AlertsSuppressionRuleName = "dismissIpAnomalyAlerts",
        Comment = "Test VM",
        ExpirationDateUtc = "2019-12-01T19:50:47.083633Z",
        Reason = "FalsePositive",
        State = AzureNative.Security.RuleState.Enabled,
        SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
        {
            AllOf = new[]
            {
                new AzureNative.Security.Inputs.ScopeElementArgs
                {
                    Field = "entities.ip.address",
                },
                new AzureNative.Security.Inputs.ScopeElementArgs
                {
                    Field = "entities.process.commandline",
                },
            },
        },
    });
});
Content copied to clipboard
package main
import (
	security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRule", &security.AlertsSuppressionRuleArgs{
			AlertType:                 pulumi.String("IpAnomaly"),
			AlertsSuppressionRuleName: pulumi.String("dismissIpAnomalyAlerts"),
			Comment:                   pulumi.String("Test VM"),
			ExpirationDateUtc:         pulumi.String("2019-12-01T19:50:47.083633Z"),
			Reason:                    pulumi.String("FalsePositive"),
			State:                     pulumi.String(security.RuleStateEnabled),
			SuppressionAlertsScope: &security.SuppressionAlertsScopeArgs{
				AllOf: security.ScopeElementArray{
					&security.ScopeElementArgs{
						Field: pulumi.String("entities.ip.address"),
					},
					&security.ScopeElementArgs{
						Field: pulumi.String("entities.process.commandline"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.AlertsSuppressionRule;
import com.pulumi.azurenative.security.AlertsSuppressionRuleArgs;
import com.pulumi.azurenative.security.inputs.SuppressionAlertsScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var alertsSuppressionRule = new AlertsSuppressionRule("alertsSuppressionRule", AlertsSuppressionRuleArgs.builder()
            .alertType("IpAnomaly")
            .alertsSuppressionRuleName("dismissIpAnomalyAlerts")
            .comment("Test VM")
            .expirationDateUtc("2019-12-01T19:50:47.083633Z")
            .reason("FalsePositive")
            .state("Enabled")
            .suppressionAlertsScope(SuppressionAlertsScopeArgs.builder()
                .allOf(
                    ScopeElementArgs.builder()
                        .field("entities.ip.address")
                        .build(),
                    ScopeElementArgs.builder()
                        .field("entities.process.commandline")
                        .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:security:AlertsSuppressionRule dismissIpAnomalyAlerts /subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(alertType: Output<String>? = null, alertsSuppressionRuleName: Output<String>? = null, comment: Output<String>? = null, expirationDateUtc: Output<String>? = null, reason: Output<String>? = null, state: Output<Either<String, RuleState>>? = null, suppressionAlertsScope: Output<SuppressionAlertsScopeArgs>? = null)

Properties

Link copied to clipboard
val alertsSuppressionRuleName: Output<String>? = null

The unique name of the suppression alert rule

Link copied to clipboard
val alertType: Output<String>? = null

Type of the alert to automatically suppress. For all alert types, use '*'

Link copied to clipboard
val comment: Output<String>? = null

Any comment regarding the rule

Link copied to clipboard
val expirationDateUtc: Output<String>? = null

Expiration date of the rule, if value is not provided or provided as null there will no expiration at all

Link copied to clipboard
val reason: Output<String>? = null

The reason for dismissing the alert

Link copied to clipboard
val state: Output<Either<String, RuleState>>? = null

Possible states of the rule

Link copied to clipboard
val suppressionAlertsScope: Output<SuppressionAlertsScopeArgs>? = null

The suppression conditions

Functions

Link copied to clipboard
open override fun toJava(): AlertsSuppressionRuleArgs