Automation
data class AutomationRuleArgs(val actionIncidents: Output<List<AutomationRuleActionIncidentArgs>>? = null, val actionPlaybooks: Output<List<AutomationRuleActionPlaybookArgs>>? = null, val conditionJson: Output<String>? = null, val displayName: Output<String>? = null, val enabled: Output<Boolean>? = null, val expiration: Output<String>? = null, val logAnalyticsWorkspaceId: Output<String>? = null, val name: Output<String>? = null, val order: Output<Int>? = null, val triggersOn: Output<String>? = null, val triggersWhen: Output<String>? = null) : ConvertibleToJava<AutomationRuleArgs>
Manages a Sentinel Automation Rule.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-rg",
location: "west europe",
});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
name: "example-workspace",
location: example.location,
resourceGroupName: example.name,
sku: "PerGB2018",
});
const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {workspaceId: exampleAnalyticsWorkspace.id});
const exampleAutomationRule = new azure.sentinel.AutomationRule("example", {
name: "56094f72-ac3f-40e7-a0c0-47bd95f70336",
logAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId,
displayName: "automation_rule1",
order: 1,
actionIncidents: [{
order: 1,
status: "Active",
}],
});Content copied to clipboard
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-rg",
location="west europe")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
name="example-workspace",
location=example.location,
resource_group_name=example.name,
sku="PerGB2018")
example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", workspace_id=example_analytics_workspace.id)
example_automation_rule = azure.sentinel.AutomationRule("example",
name="56094f72-ac3f-40e7-a0c0-47bd95f70336",
log_analytics_workspace_id=example_log_analytics_workspace_onboarding.workspace_id,
display_name="automation_rule1",
order=1,
action_incidents=[{
"order": 1,
"status": "Active",
}])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-rg",
Location = "west europe",
});
var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
{
Name = "example-workspace",
Location = example.Location,
ResourceGroupName = example.Name,
Sku = "PerGB2018",
});
var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("example", new()
{
WorkspaceId = exampleAnalyticsWorkspace.Id,
});
var exampleAutomationRule = new Azure.Sentinel.AutomationRule("example", new()
{
Name = "56094f72-ac3f-40e7-a0c0-47bd95f70336",
LogAnalyticsWorkspaceId = exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
DisplayName = "automation_rule1",
Order = 1,
ActionIncidents = new[]
{
new Azure.Sentinel.Inputs.AutomationRuleActionIncidentArgs
{
Order = 1,
Status = "Active",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-rg"),
Location: pulumi.String("west europe"),
})
if err != nil {
return err
}
exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
Name: pulumi.String("example-workspace"),
Location: example.Location,
ResourceGroupName: example.Name,
Sku: pulumi.String("PerGB2018"),
})
if err != nil {
return err
}
exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
WorkspaceId: exampleAnalyticsWorkspace.ID(),
})
if err != nil {
return err
}
_, err = sentinel.NewAutomationRule(ctx, "example", &sentinel.AutomationRuleArgs{
Name: pulumi.String("56094f72-ac3f-40e7-a0c0-47bd95f70336"),
LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
DisplayName: pulumi.String("automation_rule1"),
Order: pulumi.Int(1),
ActionIncidents: sentinel.AutomationRuleActionIncidentArray{
&sentinel.AutomationRuleActionIncidentArgs{
Order: pulumi.Int(1),
Status: pulumi.String("Active"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
import com.pulumi.azure.sentinel.AutomationRule;
import com.pulumi.azure.sentinel.AutomationRuleArgs;
import com.pulumi.azure.sentinel.inputs.AutomationRuleActionIncidentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-rg")
.location("west europe")
.build());
var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
.name("example-workspace")
.location(example.location())
.resourceGroupName(example.name())
.sku("PerGB2018")
.build());
var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
.workspaceId(exampleAnalyticsWorkspace.id())
.build());
var exampleAutomationRule = new AutomationRule("exampleAutomationRule", AutomationRuleArgs.builder()
.name("56094f72-ac3f-40e7-a0c0-47bd95f70336")
.logAnalyticsWorkspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
.displayName("automation_rule1")
.order(1)
.actionIncidents(AutomationRuleActionIncidentArgs.builder()
.order(1)
.status("Active")
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-rg
location: west europe
exampleAnalyticsWorkspace:
type: azure:operationalinsights:AnalyticsWorkspace
name: example
properties:
name: example-workspace
location: ${example.location}
resourceGroupName: ${example.name}
sku: PerGB2018
exampleLogAnalyticsWorkspaceOnboarding:
type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
name: example
properties:
workspaceId: ${exampleAnalyticsWorkspace.id}
exampleAutomationRule:
type: azure:sentinel:AutomationRule
name: example
properties:
name: 56094f72-ac3f-40e7-a0c0-47bd95f70336
logAnalyticsWorkspaceId: ${exampleLogAnalyticsWorkspaceOnboarding.workspaceId}
displayName: automation_rule1
order: 1
actionIncidents:
- order: 1
status: ActiveContent copied to clipboard
API Providers
This resource uses the following Azure API Providers:
Microsoft.OperationalInsights: 2024-09-01
Import
Sentinel Automation Rules can be imported using the resource id, e.g.
$ pulumi import azure:sentinel/automationRule:AutomationRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/automationRules/rule1Content copied to clipboard
Constructors
Link copied to clipboard
constructor(actionIncidents: Output<List<AutomationRuleActionIncidentArgs>>? = null, actionPlaybooks: Output<List<AutomationRuleActionPlaybookArgs>>? = null, conditionJson: Output<String>? = null, displayName: Output<String>? = null, enabled: Output<Boolean>? = null, expiration: Output<String>? = null, logAnalyticsWorkspaceId: Output<String>? = null, name: Output<String>? = null, order: Output<Int>? = null, triggersOn: Output<String>? = null, triggersWhen: Output<String>? = null)
Properties
Link copied to clipboard
One or more action_incident blocks as defined below.
Link copied to clipboard
One or more action_playbook blocks as defined below.
Link copied to clipboard
A JSON array of one or more condition JSON objects as is defined here.
Link copied to clipboard
The display name which should be used for this Sentinel Automation Rule.
Link copied to clipboard
The time in RFC3339 format of kind UTC that determines when this Automation Rule should expire and be disabled.
Link copied to clipboard
The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
Link copied to clipboard
Specifies what triggers this automation rule. Possible values are Alerts and Incidents. Defaults to Incidents.
Link copied to clipboard
Specifies when will this automation rule be triggered. Possible values are Created and Updated. Defaults to Created.