pulumi-azure-kotlin/com.pulumi.azure.sentinel.kotlin/Metadata

Metadata

class Metadata : KotlinCustomResource

Manages a Sentinel Metadata.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.operationalinsights.AnalyticsSolution;
import com.pulumi.azure.operationalinsights.AnalyticsSolutionArgs;
import com.pulumi.azure.operationalinsights.inputs.AnalyticsSolutionPlanArgs;
import com.pulumi.azure.sentinel.AlertRuleNrt;
import com.pulumi.azure.sentinel.AlertRuleNrtArgs;
import com.pulumi.azure.sentinel.Metadata;
import com.pulumi.azure.sentinel.MetadataArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .sku("pergb2018")
            .build());
        var exampleAnalyticsSolution = new AnalyticsSolution("exampleAnalyticsSolution", AnalyticsSolutionArgs.builder()
            .solutionName("SecurityInsights")
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .workspaceResourceId(exampleAnalyticsWorkspace.id())
            .workspaceName(exampleAnalyticsWorkspace.name())
            .plan(AnalyticsSolutionPlanArgs.builder()
                .publisher("Microsoft")
                .product("OMSGallery/SecurityInsights")
                .build())
            .build());
        var exampleAlertRuleNrt = new AlertRuleNrt("exampleAlertRuleNrt", AlertRuleNrtArgs.builder()
            .logAnalyticsWorkspaceId(exampleAnalyticsSolution.workspaceResourceId())
            .displayName("example")
            .severity("High")
            .query("""
AzureActivity |
  where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
  where ActivityStatus == "Succeeded" |
  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
            """)
            .build());
        var exampleMetadata = new Metadata("exampleMetadata", MetadataArgs.builder()
            .workspaceId(exampleAnalyticsSolution.workspaceResourceId())
            .contentId(exampleAlertRuleNrt.name())
            .kind("AnalyticsRule")
            .parentId(exampleAlertRuleNrt.id())
            .build());
    }
}

Import

Sentinel Metadata can be imported using the resource id, e.g.

$ pulumi import azure:sentinel/metadata:Metadata example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourcegroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/metadata/metadata1

Properties

author

val author: Output<MetadataAuthor>?

An author blocks as defined below.