pulumi-azure-kotlin/com.pulumi.azure.sentinel.kotlin.inputs/AlertRuleNrtIncidentGroupingArgs

AlertRuleNrtIncidentGroupingArgs

data class AlertRuleNrtIncidentGroupingArgs(val byAlertDetails: Output<List<String>>? = null, val byCustomDetails: Output<List<String>>? = null, val byEntities: Output<List<String>>? = null, val enabled: Output<Boolean>? = null, val entityMatchingMethod: Output<String>? = null, val lookbackDuration: Output<String>? = null, val reopenClosedIncidents: Output<Boolean>? = null) : ConvertibleToJava<AlertRuleNrtIncidentGroupingArgs>

Constructors

Link copied to clipboard
constructor(byAlertDetails: Output<List<String>>? = null, byCustomDetails: Output<List<String>>? = null, byEntities: Output<List<String>>? = null, enabled: Output<Boolean>? = null, entityMatchingMethod: Output<String>? = null, lookbackDuration: Output<String>? = null, reopenClosedIncidents: Output<Boolean>? = null)

Properties

Link copied to clipboard
val byAlertDetails: Output<List<String>>? = null

A list of alert details to group by, only when the entity_matching_method is Selected. Possible values are DisplayName and Severity.

Link copied to clipboard
val byCustomDetails: Output<List<String>>? = null

A list of custom details keys to group by, only when the entity_matching_method is Selected. Only keys defined in the custom_details may be used.

Link copied to clipboard
val byEntities: Output<List<String>>? = null

A list of entity types to group by, only when the entity_matching_method is Selected. Possible values are Account, AzureResource, CloudApplication, DNS, File, FileHash, Host, IP, Mailbox, MailCluster, MailMessage, Malware, Process, RegistryKey, RegistryValue, SecurityGroup, SubmissionMail, URL.

Link copied to clipboard
val enabled: Output<Boolean>? = null

Enable grouping incidents created from alerts triggered by this Sentinel NRT Alert Rule. Defaults to true.

Link copied to clipboard
val entityMatchingMethod: Output<String>? = null

The method used to group incidents. Possible values are AnyAlert, Selected and AllEntities. Defaults to AnyAlert.

Link copied to clipboard
val lookbackDuration: Output<String>? = null

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to PT5M.

Link copied to clipboard
val reopenClosedIncidents: Output<Boolean>? = null

Whether to re-open closed matching incidents? Defaults to false.

Functions

Link copied to clipboard
open override fun toJava(): AlertRuleNrtIncidentGroupingArgs