pulumi-azure-native-kotlin/com.pulumi.azurenative.securityinsights.kotlin/IncidentArgs

IncidentArgs

data class IncidentArgs(val classification: Output<Either<String, IncidentClassification>>? = null, val classificationComment: Output<String>? = null, val classificationReason: Output<Either<String, IncidentClassificationReason>>? = null, val description: Output<String>? = null, val firstActivityTimeUtc: Output<String>? = null, val incidentId: Output<String>? = null, val labels: Output<List<IncidentLabelArgs>>? = null, val lastActivityTimeUtc: Output<String>? = null, val owner: Output<IncidentOwnerInfoArgs>? = null, val resourceGroupName: Output<String>? = null, val severity: Output<Either<String, IncidentSeverity>>? = null, val status: Output<Either<String, IncidentStatus>>? = null, val title: Output<String>? = null, val workspaceName: Output<String>? = null) : ConvertibleToJava<IncidentArgs>

Represents an incident in Azure Security Insights. Uses Azure REST API version 2024-09-01. In version 2.x of the Azure Native provider, it used API version 2023-02-01. Other available API versions: 2023-02-01, 2023-03-01-preview, 2023-04-01-preview, 2023-05-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview, 2024-10-01-preview, 2025-01-01-preview, 2025-03-01. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native securityinsights [ApiVersion]. See the ../../../version-guide/#accessing-any-api-version-via-local-packages for details.

Example Usage

Creates or updates an incident.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
    var incident = new AzureNative.SecurityInsights.Incident("incident", new()
    {
        Classification = AzureNative.SecurityInsights.IncidentClassification.FalsePositive,
        ClassificationComment = "Not a malicious activity",
        ClassificationReason = AzureNative.SecurityInsights.IncidentClassificationReason.IncorrectAlertLogic,
        Description = "This is a demo incident",
        FirstActivityTimeUtc = "2019-01-01T13:00:30Z",
        IncidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        LastActivityTimeUtc = "2019-01-01T13:05:30Z",
        Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
        {
            ObjectId = "2046feea-040d-4a46-9e2b-91c2941bfa70",
        },
        ResourceGroupName = "myRg",
        Severity = AzureNative.SecurityInsights.IncidentSeverity.High,
        Status = AzureNative.SecurityInsights.IncidentStatus.Closed,
        Title = "My incident",
        WorkspaceName = "myWorkspace",
    });
});

package main
import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewIncident(ctx, "incident", &securityinsights.IncidentArgs{
			Classification:        pulumi.String(securityinsights.IncidentClassificationFalsePositive),
			ClassificationComment: pulumi.String("Not a malicious activity"),
			ClassificationReason:  pulumi.String(securityinsights.IncidentClassificationReasonIncorrectAlertLogic),
			Description:           pulumi.String("This is a demo incident"),
			FirstActivityTimeUtc:  pulumi.String("2019-01-01T13:00:30Z"),
			IncidentId:            pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			LastActivityTimeUtc:   pulumi.String("2019-01-01T13:05:30Z"),
			Owner: &securityinsights.IncidentOwnerInfoArgs{
				ObjectId: pulumi.String("2046feea-040d-4a46-9e2b-91c2941bfa70"),
			},
			ResourceGroupName: pulumi.String("myRg"),
			Severity:          pulumi.String(securityinsights.IncidentSeverityHigh),
			Status:            pulumi.String(securityinsights.IncidentStatusClosed),
			Title:             pulumi.String("My incident"),
			WorkspaceName:     pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.Incident;
import com.pulumi.azurenative.securityinsights.IncidentArgs;
import com.pulumi.azurenative.securityinsights.inputs.IncidentOwnerInfoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var incident = new Incident("incident", IncidentArgs.builder()
            .classification("FalsePositive")
            .classificationComment("Not a malicious activity")
            .classificationReason("IncorrectAlertLogic")
            .description("This is a demo incident")
            .firstActivityTimeUtc("2019-01-01T13:00:30Z")
            .incidentId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .lastActivityTimeUtc("2019-01-01T13:05:30Z")
            .owner(IncidentOwnerInfoArgs.builder()
                .objectId("2046feea-040d-4a46-9e2b-91c2941bfa70")
                .build())
            .resourceGroupName("myRg")
            .severity("High")
            .status("Closed")
            .title("My incident")
            .workspaceName("myWorkspace")
            .build());
    }
}

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:Incident 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}

Constructors

IncidentArgs

constructor(classification: Output<Either<String, IncidentClassification>>? = null, classificationComment: Output<String>? = null, classificationReason: Output<Either<String, IncidentClassificationReason>>? = null, description: Output<String>? = null, firstActivityTimeUtc: Output<String>? = null, incidentId: Output<String>? = null, labels: Output<List<IncidentLabelArgs>>? = null, lastActivityTimeUtc: Output<String>? = null, owner: Output<IncidentOwnerInfoArgs>? = null, resourceGroupName: Output<String>? = null, severity: Output<Either<String, IncidentSeverity>>? = null, status: Output<Either<String, IncidentStatus>>? = null, title: Output<String>? = null, workspaceName: Output<String>? = null)