The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AlertRuleMsSecurityIncident ¶
type AlertRuleMsSecurityIncident struct {
pulumi.CustomResourceState
// The description of this Sentinel MS Security Incident Alert Rule.
Description pulumi.StringPtrOutput `pulumi:"description"`
// The friendly name of this Sentinel MS Security Incident Alert Rule.
DisplayName pulumi.StringOutput `pulumi:"displayName"`
// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
Name pulumi.StringOutput `pulumi:"name"`
// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT` and `Microsoft Cloud App Security`.
ProductFilter pulumi.StringOutput `pulumi:"productFilter"`
// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
SeverityFilters pulumi.StringArrayOutput `pulumi:"severityFilters"`
// Only create incidents from alerts when alert name contain text in this list. No filter will happen if this field is absent.
TextWhitelists pulumi.StringArrayOutput `pulumi:"textWhitelists"`
}
Manages a Sentinel MS Security Incident Alert Rule.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core" "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/operationalinsights" "github.com/pulumi/pulumi-azure/sdk/v3/go/azure/sentinel" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
Sku: pulumi.String("pergb2018"),
})
if err != nil {
return err
}
exampleAlertRuleMsSecurityIncident, err := sentinel.NewAlertRuleMsSecurityIncident(ctx, "exampleAlertRuleMsSecurityIncident", &sentinel.AlertRuleMsSecurityIncidentArgs{
LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.ID(),
ProductFilter: pulumi.String("Microsoft Cloud App Security"),
DisplayName: pulumi.String("example rule"),
SeverityFilters: pulumi.StringArray{
pulumi.String("High"),
},
})
if err != nil {
return err
}
return nil
})
}
```
func GetAlertRuleMsSecurityIncident ¶
func GetAlertRuleMsSecurityIncident(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AlertRuleMsSecurityIncidentState, opts ...pulumi.ResourceOption) (*AlertRuleMsSecurityIncident, error)
GetAlertRuleMsSecurityIncident gets an existing AlertRuleMsSecurityIncident resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAlertRuleMsSecurityIncident ¶
func NewAlertRuleMsSecurityIncident(ctx *pulumi.Context, name string, args *AlertRuleMsSecurityIncidentArgs, opts ...pulumi.ResourceOption) (*AlertRuleMsSecurityIncident, error)
NewAlertRuleMsSecurityIncident registers a new resource with the given unique name, arguments, and options.
type AlertRuleMsSecurityIncidentArgs ¶
type AlertRuleMsSecurityIncidentArgs struct {
// The description of this Sentinel MS Security Incident Alert Rule.
Description pulumi.StringPtrInput
// The friendly name of this Sentinel MS Security Incident Alert Rule.
DisplayName pulumi.StringInput
// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
Enabled pulumi.BoolPtrInput
// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
LogAnalyticsWorkspaceId pulumi.StringInput
// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
Name pulumi.StringPtrInput
// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT` and `Microsoft Cloud App Security`.
ProductFilter pulumi.StringInput
// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
SeverityFilters pulumi.StringArrayInput
// Only create incidents from alerts when alert name contain text in this list. No filter will happen if this field is absent.
TextWhitelists pulumi.StringArrayInput
}
The set of arguments for constructing a AlertRuleMsSecurityIncident resource.
func (AlertRuleMsSecurityIncidentArgs) ElementType ¶
func (AlertRuleMsSecurityIncidentArgs) ElementType() reflect.Type
type AlertRuleMsSecurityIncidentState ¶
type AlertRuleMsSecurityIncidentState struct {
// The description of this Sentinel MS Security Incident Alert Rule.
Description pulumi.StringPtrInput
// The friendly name of this Sentinel MS Security Incident Alert Rule.
DisplayName pulumi.StringPtrInput
// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
Enabled pulumi.BoolPtrInput
// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
LogAnalyticsWorkspaceId pulumi.StringPtrInput
// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
Name pulumi.StringPtrInput
// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT` and `Microsoft Cloud App Security`.
ProductFilter pulumi.StringPtrInput
// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
SeverityFilters pulumi.StringArrayInput
// Only create incidents from alerts when alert name contain text in this list. No filter will happen if this field is absent.
TextWhitelists pulumi.StringArrayInput
}
func (AlertRuleMsSecurityIncidentState) ElementType ¶
func (AlertRuleMsSecurityIncidentState) ElementType() reflect.Type
type AlertRuleScheduled ¶ added in v3.5.0
type AlertRuleScheduled struct {
pulumi.CustomResourceState
// The description of this Sentinel Scheduled Alert Rule.
Description pulumi.StringPtrOutput `pulumi:"description"`
// The friendly name of this Sentinel Scheduled Alert Rule.
DisplayName pulumi.StringOutput `pulumi:"displayName"`
// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
Name pulumi.StringOutput `pulumi:"name"`
// The query of this Sentinel Scheduled Alert Rule.
Query pulumi.StringOutput `pulumi:"query"`
// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
QueryFrequency pulumi.StringPtrOutput `pulumi:"queryFrequency"`
// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
QueryPeriod pulumi.StringPtrOutput `pulumi:"queryPeriod"`
// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
Severity pulumi.StringOutput `pulumi:"severity"`
// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
SuppressionDuration pulumi.StringPtrOutput `pulumi:"suppressionDuration"`
// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
SuppressionEnabled pulumi.BoolPtrOutput `pulumi:"suppressionEnabled"`
// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
Tactics pulumi.StringArrayOutput `pulumi:"tactics"`
// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
TriggerOperator pulumi.StringPtrOutput `pulumi:"triggerOperator"`
// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
TriggerThreshold pulumi.IntPtrOutput `pulumi:"triggerThreshold"`
}
Manages a Sentinel Scheduled Alert Rule.
func GetAlertRuleScheduled ¶ added in v3.5.0
func GetAlertRuleScheduled(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AlertRuleScheduledState, opts ...pulumi.ResourceOption) (*AlertRuleScheduled, error)
GetAlertRuleScheduled gets an existing AlertRuleScheduled resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAlertRuleScheduled ¶ added in v3.5.0
func NewAlertRuleScheduled(ctx *pulumi.Context, name string, args *AlertRuleScheduledArgs, opts ...pulumi.ResourceOption) (*AlertRuleScheduled, error)
NewAlertRuleScheduled registers a new resource with the given unique name, arguments, and options.
type AlertRuleScheduledArgs ¶ added in v3.5.0
type AlertRuleScheduledArgs struct {
// The description of this Sentinel Scheduled Alert Rule.
Description pulumi.StringPtrInput
// The friendly name of this Sentinel Scheduled Alert Rule.
DisplayName pulumi.StringInput
// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
Enabled pulumi.BoolPtrInput
// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
LogAnalyticsWorkspaceId pulumi.StringInput
// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
Name pulumi.StringPtrInput
// The query of this Sentinel Scheduled Alert Rule.
Query pulumi.StringInput
// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
QueryFrequency pulumi.StringPtrInput
// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
QueryPeriod pulumi.StringPtrInput
// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
Severity pulumi.StringInput
// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
SuppressionDuration pulumi.StringPtrInput
// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
SuppressionEnabled pulumi.BoolPtrInput
// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
Tactics pulumi.StringArrayInput
// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
TriggerOperator pulumi.StringPtrInput
// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
TriggerThreshold pulumi.IntPtrInput
}
The set of arguments for constructing a AlertRuleScheduled resource.
func (AlertRuleScheduledArgs) ElementType ¶ added in v3.5.0
func (AlertRuleScheduledArgs) ElementType() reflect.Type
type AlertRuleScheduledState ¶ added in v3.5.0
type AlertRuleScheduledState struct {
// The description of this Sentinel Scheduled Alert Rule.
Description pulumi.StringPtrInput
// The friendly name of this Sentinel Scheduled Alert Rule.
DisplayName pulumi.StringPtrInput
// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
Enabled pulumi.BoolPtrInput
// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
LogAnalyticsWorkspaceId pulumi.StringPtrInput
// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
Name pulumi.StringPtrInput
// The query of this Sentinel Scheduled Alert Rule.
Query pulumi.StringPtrInput
// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
QueryFrequency pulumi.StringPtrInput
// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
QueryPeriod pulumi.StringPtrInput
// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
Severity pulumi.StringPtrInput
// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
SuppressionDuration pulumi.StringPtrInput
// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
SuppressionEnabled pulumi.BoolPtrInput
// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
Tactics pulumi.StringArrayInput
// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
TriggerOperator pulumi.StringPtrInput
// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
TriggerThreshold pulumi.IntPtrInput
}
func (AlertRuleScheduledState) ElementType ¶ added in v3.5.0
func (AlertRuleScheduledState) ElementType() reflect.Type
type GetAlertRuleArgs ¶
type GetAlertRuleArgs struct {
// The ID of the Log Analytics Workspace this Sentinel Alert Rule belongs to.
LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
// The name which should be used for this Sentinel Alert Rule.
Name string `pulumi:"name"`
}
A collection of arguments for invoking getAlertRule.
type GetAlertRuleResult ¶
type GetAlertRuleResult struct {
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
Name string `pulumi:"name"`
}
A collection of values returned by getAlertRule.
func GetAlertRule ¶
func GetAlertRule(ctx *pulumi.Context, args *GetAlertRuleArgs, opts ...pulumi.InvokeOption) (*GetAlertRuleResult, error)
Use this data source to access information about an existing Sentinel Alert Rule.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleAnalyticsWorkspace, err := operationalinsights.LookupAnalyticsWorkspace(ctx, &operationalinsights.LookupAnalyticsWorkspaceArgs{
Name: "example",
ResourceGroupName: "example-resources",
}, nil)
if err != nil {
return err
}
exampleAlertRule, err := sentinel.LookupAlertRule(ctx, &sentinel.LookupAlertRuleArgs{
Name: "existing",
LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.Id,
}, nil)
if err != nil {
return err
}
ctx.Export("id", exampleAlertRule.Id)
return nil
})
}
```
Source Files
Click to show internal directories.
Click to hide internal directories.