pulumi-azure-kotlin/com.pulumi.azure.securitycenter.kotlin/Automation

Automation

class Automation : KotlinCustomResource

Manages Security Center Automation and Continuous Export. This resource supports three types of destination in the action, Logic Apps, Log Analytics and Event Hubs

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.eventhub.EventHubNamespace;
import com.pulumi.azure.eventhub.EventHubNamespaceArgs;
import com.pulumi.azure.eventhub.EventHub;
import com.pulumi.azure.eventhub.EventHubArgs;
import com.pulumi.azure.eventhub.AuthorizationRule;
import com.pulumi.azure.eventhub.AuthorizationRuleArgs;
import com.pulumi.azure.securitycenter.Automation;
import com.pulumi.azure.securitycenter.AutomationArgs;
import com.pulumi.azure.securitycenter.inputs.AutomationActionArgs;
import com.pulumi.azure.securitycenter.inputs.AutomationSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = CoreFunctions.getClientConfig();
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleEventHubNamespace = new EventHubNamespace("exampleEventHubNamespace", EventHubNamespaceArgs.builder()
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .sku("Standard")
            .capacity(2)
            .build());
        var exampleEventHub = new EventHub("exampleEventHub", EventHubArgs.builder()
            .namespaceName(exampleEventHubNamespace.name())
            .resourceGroupName(exampleResourceGroup.name())
            .partitionCount(2)
            .messageRetention(2)
            .build());
        var exampleAuthorizationRule = new AuthorizationRule("exampleAuthorizationRule", AuthorizationRuleArgs.builder()
            .namespaceName(exampleEventHubNamespace.name())
            .eventhubName(exampleEventHub.name())
            .resourceGroupName(exampleResourceGroup.name())
            .listen(true)
            .send(false)
            .manage(false)
            .build());
        var exampleAutomation = new Automation("exampleAutomation", AutomationArgs.builder()
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .actions(AutomationActionArgs.builder()
                .type("EventHub")
                .resourceId(exampleEventHub.id())
                .connectionString(exampleAuthorizationRule.primaryConnectionString())
                .build())
            .sources(AutomationSourceArgs.builder()
                .eventSource("Alerts")
                .ruleSets(AutomationSourceRuleSetArgs.builder()
                    .rules(AutomationSourceRuleSetRuleArgs.builder()
                        .propertyPath("properties.metadata.severity")
                        .operator("Equals")
                        .expectedValue("High")
                        .propertyType("String")
                        .build())
                    .build())
                .build())
            .scopes(String.format("/subscriptions/%s", current.applyValue(getClientConfigResult -> getClientConfigResult.subscriptionId())))
            .build());
    }
}

Import

Security Center Automations can be imported using the resource id, e.g.

$ pulumi import azure:securitycenter/automation:Automation example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Security/automations/automation1

Properties

actions

val actions: Output<List<AutomationAction>>

One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.

description

val description: Output<String>?

Specifies the description for the Security Center Automation.

enabled

val enabled: Output<Boolean>?

Boolean to enable or disable this Security Center Automation. Defaults to true.

val id: Output<String>

location

val location: Output<String>

The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.

name

val name: Output<String>

The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

resourceGroupName

val resourceGroupName: Output<String>

The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.

scopes

val scopes: Output<List<String>>

A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.

sources

val sources: Output<List<AutomationSource>>

One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.