pulumi-azure-kotlin/com.pulumi.azure.sentinel.kotlin/AutomationRuleArgs

AutomationRuleArgs

data class AutomationRuleArgs(val actionIncidents: Output<List<AutomationRuleActionIncidentArgs>>? = null, val actionPlaybooks: Output<List<AutomationRuleActionPlaybookArgs>>? = null, val conditionJson: Output<String>? = null, val conditions: Output<List<AutomationRuleConditionArgs>>? = null, val displayName: Output<String>? = null, val enabled: Output<Boolean>? = null, val expiration: Output<String>? = null, val logAnalyticsWorkspaceId: Output<String>? = null, val name: Output<String>? = null, val order: Output<Int>? = null, val triggersOn: Output<String>? = null, val triggersWhen: Output<String>? = null) : ConvertibleToJava<AutomationRuleArgs>

Manages a Sentinel Automation Rule.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
    name: "example-rg",
    location: "west europe",
});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
    name: "example-workspace",
    location: example.location,
    resourceGroupName: example.name,
    sku: "PerGB2018",
});
const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {workspaceId: exampleAnalyticsWorkspace.id});
const exampleAutomationRule = new azure.sentinel.AutomationRule("example", {
    name: "56094f72-ac3f-40e7-a0c0-47bd95f70336",
    logAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId,
    displayName: "automation_rule1",
    order: 1,
    actionIncidents: [{
        order: 1,
        status: "Active",
    }],
});

import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
    name="example-rg",
    location="west europe")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
    name="example-workspace",
    location=example.location,
    resource_group_name=example.name,
    sku="PerGB2018")
example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", workspace_id=example_analytics_workspace.id)
example_automation_rule = azure.sentinel.AutomationRule("example",
    name="56094f72-ac3f-40e7-a0c0-47bd95f70336",
    log_analytics_workspace_id=example_log_analytics_workspace_onboarding.workspace_id,
    display_name="automation_rule1",
    order=1,
    action_incidents=[{
        "order": 1,
        "status": "Active",
    }])

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-rg",
        Location = "west europe",
    });
    var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
    {
        Name = "example-workspace",
        Location = example.Location,
        ResourceGroupName = example.Name,
        Sku = "PerGB2018",
    });
    var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("example", new()
    {
        WorkspaceId = exampleAnalyticsWorkspace.Id,
    });
    var exampleAutomationRule = new Azure.Sentinel.AutomationRule("example", new()
    {
        Name = "56094f72-ac3f-40e7-a0c0-47bd95f70336",
        LogAnalyticsWorkspaceId = exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
        DisplayName = "automation_rule1",
        Order = 1,
        ActionIncidents = new[]
        {
            new Azure.Sentinel.Inputs.AutomationRuleActionIncidentArgs
            {
                Order = 1,
                Status = "Active",
            },
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
			Name:              pulumi.String("example-workspace"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId: exampleAnalyticsWorkspace.ID(),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAutomationRule(ctx, "example", &sentinel.AutomationRuleArgs{
			Name:                    pulumi.String("56094f72-ac3f-40e7-a0c0-47bd95f70336"),
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("automation_rule1"),
			Order:                   pulumi.Int(1),
			ActionIncidents: sentinel.AutomationRuleActionIncidentArray{
				&sentinel.AutomationRuleActionIncidentArgs{
					Order:  pulumi.Int(1),
					Status: pulumi.String("Active"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
import com.pulumi.azure.sentinel.AutomationRule;
import com.pulumi.azure.sentinel.AutomationRuleArgs;
import com.pulumi.azure.sentinel.inputs.AutomationRuleActionIncidentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-rg")
            .location("west europe")
            .build());
        var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
            .name("example-workspace")
            .location(example.location())
            .resourceGroupName(example.name())
            .sku("PerGB2018")
            .build());
        var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
            .workspaceId(exampleAnalyticsWorkspace.id())
            .build());
        var exampleAutomationRule = new AutomationRule("exampleAutomationRule", AutomationRuleArgs.builder()
            .name("56094f72-ac3f-40e7-a0c0-47bd95f70336")
            .logAnalyticsWorkspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
            .displayName("automation_rule1")
            .order(1)
            .actionIncidents(AutomationRuleActionIncidentArgs.builder()
                .order(1)
                .status("Active")
                .build())
            .build());
    }
}

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-rg
      location: west europe
  exampleAnalyticsWorkspace:
    type: azure:operationalinsights:AnalyticsWorkspace
    name: example
    properties:
      name: example-workspace
      location: ${example.location}
      resourceGroupName: ${example.name}
      sku: PerGB2018
  exampleLogAnalyticsWorkspaceOnboarding:
    type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
    name: example
    properties:
      workspaceId: ${exampleAnalyticsWorkspace.id}
  exampleAutomationRule:
    type: azure:sentinel:AutomationRule
    name: example
    properties:
      name: 56094f72-ac3f-40e7-a0c0-47bd95f70336
      logAnalyticsWorkspaceId: ${exampleLogAnalyticsWorkspaceOnboarding.workspaceId}
      displayName: automation_rule1
      order: 1
      actionIncidents:
        - order: 1
          status: Active

Import

Sentinel Automation Rules can be imported using the resource id, e.g.

$ pulumi import azure:sentinel/automationRule:AutomationRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/automationRules/rule1

Constructors

AutomationRuleArgs

constructor(actionIncidents: Output<List<AutomationRuleActionIncidentArgs>>? = null, actionPlaybooks: Output<List<AutomationRuleActionPlaybookArgs>>? = null, conditionJson: Output<String>? = null, conditions: Output<List<AutomationRuleConditionArgs>>? = null, displayName: Output<String>? = null, enabled: Output<Boolean>? = null, expiration: Output<String>? = null, logAnalyticsWorkspaceId: Output<String>? = null, name: Output<String>? = null, order: Output<Int>? = null, triggersOn: Output<String>? = null, triggersWhen: Output<String>? = null)