pulumi-azure-kotlin/com.pulumi.azure.sentinel.kotlin.outputs/AlertRuleScheduledIncidentGrouping

AlertRuleScheduledIncidentGrouping

data class AlertRuleScheduledIncidentGrouping(val byAlertDetails: List<String>? = null, val byCustomDetails: List<String>? = null, val byEntities: List<String>? = null, val enabled: Boolean? = null, val entityMatchingMethod: String? = null, val lookbackDuration: String? = null, val reopenClosedIncidents: Boolean? = null)

Constructors

Link copied to clipboard
constructor(byAlertDetails: List<String>? = null, byCustomDetails: List<String>? = null, byEntities: List<String>? = null, enabled: Boolean? = null, entityMatchingMethod: String? = null, lookbackDuration: String? = null, reopenClosedIncidents: Boolean? = null)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val byAlertDetails: List<String>? = null

A list of alert details to group by, only when the entity_matching_method is Selected. Possible values are DisplayName and Severity.

Link copied to clipboard
val byCustomDetails: List<String>? = null

A list of custom details keys to group by, only when the entity_matching_method is Selected. Only keys defined in the custom_details may be used.

Link copied to clipboard
val byEntities: List<String>? = null

A list of entity types to group by, only when the entity_matching_method is Selected. Possible values are Account, AzureResource, CloudApplication, DNS, File, FileHash, Host, IP, Mailbox, MailCluster, MailMessage, Malware, Process, RegistryKey, RegistryValue, SecurityGroup, SubmissionMail, URL.

Link copied to clipboard
val enabled: Boolean? = null

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to true.

Link copied to clipboard
val entityMatchingMethod: String? = null

The method used to group incidents. Possible values are AnyAlert, Selected and AllEntities. Defaults to AnyAlert.

Link copied to clipboard
val lookbackDuration: String? = null

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to PT5M.

Link copied to clipboard
val reopenClosedIncidents: Boolean? = null

Whether to re-open closed matching incidents? Defaults to false.