azure-native.securityinsights.AutomationRule
Explore with Pulumi AI
Represents an automation rule. API Version: 2019-01-01-preview.
Example Usage
Creates or updates an automation rule.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var automationRule = new AzureNative.SecurityInsights.AutomationRule("automationRule", new()
    {
        Actions = new[]
        {
            new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionArgs
            {
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleModifyPropertiesActionActionConfigurationArgs
                {
                    Severity = "High",
                },
                ActionType = "ModifyProperties",
                Order = 1,
            },
            new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionArgs
            {
                ActionConfiguration = new AzureNative.SecurityInsights.Inputs.AutomationRuleRunPlaybookActionActionConfigurationArgs
                {
                    LogicAppResourceId = "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                    TenantId = "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
                },
                ActionType = "RunPlaybook",
                Order = 2,
            },
        },
        AutomationRuleId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
        DisplayName = "High severity incidents escalation",
        OperationalInsightsResourceProvider = "Microsoft.OperationalInsights",
        Order = 1,
        ResourceGroupName = "myRg",
        TriggeringLogic = new AzureNative.SecurityInsights.Inputs.AutomationRuleTriggeringLogicArgs
        {
            Conditions = new[]
            {
                
                {
                    { "conditionProperties", new AzureNative.SecurityInsights.Inputs.AutomationRulePropertyValuesConditionConditionPropertiesArgs
                    {
                        Operator = "Contains",
                        PropertyName = "IncidentRelatedAnalyticRuleIds",
                        PropertyValues = new[]
                        {
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                        },
                    } },
                    { "conditionType", "Property" },
                },
            },
            IsEnabled = true,
            TriggersOn = "Incidents",
            TriggersWhen = "Created",
        },
        WorkspaceName = "myWorkspace",
    });
});
package main
import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAutomationRule(ctx, "automationRule", &securityinsights.AutomationRuleArgs{
			Actions: pulumi.AnyArray{
				securityinsights.AutomationRuleModifyPropertiesAction{
					ActionConfiguration: securityinsights.AutomationRuleModifyPropertiesActionActionConfiguration{
						Severity: "High",
					},
					ActionType: "ModifyProperties",
					Order:      1,
				},
				securityinsights.AutomationRuleRunPlaybookAction{
					ActionConfiguration: securityinsights.AutomationRuleRunPlaybookActionActionConfiguration{
						LogicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
						TenantId:           "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
					},
					ActionType: "RunPlaybook",
					Order:      2,
				},
			},
			AutomationRuleId:                    pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
			DisplayName:                         pulumi.String("High severity incidents escalation"),
			OperationalInsightsResourceProvider: pulumi.String("Microsoft.OperationalInsights"),
			Order:                               pulumi.Int(1),
			ResourceGroupName:                   pulumi.String("myRg"),
			TriggeringLogic: securityinsights.AutomationRuleTriggeringLogicResponse{
				Conditions: []securityinsights.AutomationRulePropertyValuesConditionArgs{
					{
						ConditionProperties: {
							Operator:     pulumi.String("Contains"),
							PropertyName: pulumi.String("IncidentRelatedAnalyticRuleIds"),
							PropertyValues: pulumi.StringArray{
								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7"),
								pulumi.String("/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"),
							},
						},
						ConditionType: pulumi.String("Property"),
					},
				},
				IsEnabled:    pulumi.Bool(true),
				TriggersOn:   pulumi.String("Incidents"),
				TriggersWhen: pulumi.String("Created"),
			},
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AutomationRule;
import com.pulumi.azurenative.securityinsights.AutomationRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var automationRule = new AutomationRule("automationRule", AutomationRuleArgs.builder()        
            .actions(            
                Map.ofEntries(
                    Map.entry("actionConfiguration", Map.of("severity", "High")),
                    Map.entry("actionType", "ModifyProperties"),
                    Map.entry("order", 1)
                ),
                Map.ofEntries(
                    Map.entry("actionConfiguration", Map.ofEntries(
                        Map.entry("logicAppResourceId", "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook"),
                        Map.entry("tenantId", "ee48efaf-50c6-411b-9345-b2bdc3eb4abc")
                    )),
                    Map.entry("actionType", "RunPlaybook"),
                    Map.entry("order", 2)
                ))
            .automationRuleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
            .displayName("High severity incidents escalation")
            .operationalInsightsResourceProvider("Microsoft.OperationalInsights")
            .order(1)
            .resourceGroupName("myRg")
            .triggeringLogic(Map.ofEntries(
                Map.entry("conditions", Map.ofEntries(
                    Map.entry("conditionProperties", Map.ofEntries(
                        Map.entry("operator", "Contains"),
                        Map.entry("propertyName", "IncidentRelatedAnalyticRuleIds"),
                        Map.entry("propertyValues",                         
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                            "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a")
                    )),
                    Map.entry("conditionType", "Property")
                )),
                Map.entry("isEnabled", true),
                Map.entry("triggersOn", "Incidents"),
                Map.entry("triggersWhen", "Created")
            ))
            .workspaceName("myWorkspace")
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const automationRule = new azure_native.securityinsights.AutomationRule("automationRule", {
    actions: [
        {
            actionConfiguration: {
                severity: "High",
            },
            actionType: "ModifyProperties",
            order: 1,
        },
        {
            actionConfiguration: {
                logicAppResourceId: "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                tenantId: "ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
            },
            actionType: "RunPlaybook",
            order: 2,
        },
    ],
    automationRuleId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    displayName: "High severity incidents escalation",
    operationalInsightsResourceProvider: "Microsoft.OperationalInsights",
    order: 1,
    resourceGroupName: "myRg",
    triggeringLogic: {
        conditions: [{
            conditionProperties: {
                operator: "Contains",
                propertyName: "IncidentRelatedAnalyticRuleIds",
                propertyValues: [
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                ],
            },
            conditionType: "Property",
        }],
        isEnabled: true,
        triggersOn: "Incidents",
        triggersWhen: "Created",
    },
    workspaceName: "myWorkspace",
});
import pulumi
import pulumi_azure_native as azure_native
automation_rule = azure_native.securityinsights.AutomationRule("automationRule",
    actions=[
        azure_native.securityinsights.AutomationRuleModifyPropertiesActionArgs(
            action_configuration=azure_native.securityinsights.AutomationRuleModifyPropertiesActionActionConfigurationArgs(
                severity="High",
            ),
            action_type="ModifyProperties",
            order=1,
        ),
        azure_native.securityinsights.AutomationRuleRunPlaybookActionArgs(
            action_configuration=azure_native.securityinsights.AutomationRuleRunPlaybookActionActionConfigurationArgs(
                logic_app_resource_id="/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook",
                tenant_id="ee48efaf-50c6-411b-9345-b2bdc3eb4abc",
            ),
            action_type="RunPlaybook",
            order=2,
        ),
    ],
    automation_rule_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
    display_name="High severity incidents escalation",
    operational_insights_resource_provider="Microsoft.OperationalInsights",
    order=1,
    resource_group_name="myRg",
    triggering_logic=azure_native.securityinsights.AutomationRuleTriggeringLogicResponseArgs(
        conditions=[azure_native.securityinsights.AutomationRulePropertyValuesConditionResponseArgs(
            condition_properties=azure_native.securityinsights.AutomationRulePropertyValuesConditionConditionPropertiesArgs(
                operator="Contains",
                property_name="IncidentRelatedAnalyticRuleIds",
                property_values=[
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
                    "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a",
                ],
            ),
            condition_type="Property",
        )],
        is_enabled=True,
        triggers_on="Incidents",
        triggers_when="Created",
    ),
    workspace_name="myWorkspace")
resources:
  automationRule:
    type: azure-native:securityinsights:AutomationRule
    properties:
      actions:
        - actionConfiguration:
            severity: High
          actionType: ModifyProperties
          order: 1
        - actionConfiguration:
            logicAppResourceId: /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/IncidentPlaybook
            tenantId: ee48efaf-50c6-411b-9345-b2bdc3eb4abc
          actionType: RunPlaybook
          order: 2
      automationRuleId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
      displayName: High severity incidents escalation
      operationalInsightsResourceProvider: Microsoft.OperationalInsights
      order: 1
      resourceGroupName: myRg
      triggeringLogic:
        conditions:
          - conditionProperties:
              operator: Contains
              propertyName: IncidentRelatedAnalyticRuleIds
              propertyValues:
                - /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7
                - /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a
            conditionType: Property
        isEnabled: true
        triggersOn: Incidents
        triggersWhen: Created
      workspaceName: myWorkspace
Create AutomationRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);@overload
def AutomationRule(resource_name: str,
                   args: AutomationRuleArgs,
                   opts: Optional[ResourceOptions] = None)
@overload
def AutomationRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   actions: Optional[Sequence[Union[AutomationRuleModifyPropertiesActionArgs, AutomationRuleRunPlaybookActionArgs]]] = None,
                   display_name: Optional[str] = None,
                   operational_insights_resource_provider: Optional[str] = None,
                   order: Optional[int] = None,
                   resource_group_name: Optional[str] = None,
                   triggering_logic: Optional[AutomationRuleTriggeringLogicArgs] = None,
                   workspace_name: Optional[str] = None,
                   automation_rule_id: Optional[str] = None)func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var automationRuleResource = new AzureNative.Securityinsights.AutomationRule("automationRuleResource", new()
{
    Actions = new[]
    {
        
        {
            { "actionConfiguration", 
            {
                { "classification", "string" },
                { "classificationComment", "string" },
                { "classificationReason", "string" },
                { "labels", new[]
                {
                    
                    {
                        { "labelName", "string" },
                    },
                } },
                { "owner", 
                {
                    { "assignedTo", "string" },
                    { "email", "string" },
                    { "objectId", "string" },
                    { "userPrincipalName", "string" },
                } },
                { "severity", "string" },
                { "status", "string" },
            } },
            { "actionType", "ModifyProperties" },
            { "order", 0 },
        },
    },
    DisplayName = "string",
    OperationalInsightsResourceProvider = "string",
    Order = 0,
    ResourceGroupName = "string",
    TriggeringLogic = 
    {
        { "isEnabled", false },
        { "triggersOn", "string" },
        { "triggersWhen", "string" },
        { "conditions", new[]
        {
            
            {
                { "conditionProperties", 
                {
                    { "operator", "string" },
                    { "propertyName", "string" },
                    { "propertyValues", new[]
                    {
                        "string",
                    } },
                } },
                { "conditionType", "Property" },
            },
        } },
        { "expirationTimeUtc", "string" },
    },
    WorkspaceName = "string",
    AutomationRuleId = "string",
});
example, err := securityinsights.NewAutomationRule(ctx, "automationRuleResource", &securityinsights.AutomationRuleArgs{
	Actions: []map[string]interface{}{
		map[string]interface{}{
			"actionConfiguration": map[string]interface{}{
				"classification":        "string",
				"classificationComment": "string",
				"classificationReason":  "string",
				"labels": []map[string]interface{}{
					map[string]interface{}{
						"labelName": "string",
					},
				},
				"owner": map[string]interface{}{
					"assignedTo":        "string",
					"email":             "string",
					"objectId":          "string",
					"userPrincipalName": "string",
				},
				"severity": "string",
				"status":   "string",
			},
			"actionType": "ModifyProperties",
			"order":      0,
		},
	},
	DisplayName:                         "string",
	OperationalInsightsResourceProvider: "string",
	Order:                               0,
	ResourceGroupName:                   "string",
	TriggeringLogic: map[string]interface{}{
		"isEnabled":    false,
		"triggersOn":   "string",
		"triggersWhen": "string",
		"conditions": []map[string]interface{}{
			map[string]interface{}{
				"conditionProperties": map[string]interface{}{
					"operator":     "string",
					"propertyName": "string",
					"propertyValues": []string{
						"string",
					},
				},
				"conditionType": "Property",
			},
		},
		"expirationTimeUtc": "string",
	},
	WorkspaceName:    "string",
	AutomationRuleId: "string",
})
var automationRuleResource = new AutomationRule("automationRuleResource", AutomationRuleArgs.builder()
    .actions(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .displayName("string")
    .operationalInsightsResourceProvider("string")
    .order(0)
    .resourceGroupName("string")
    .triggeringLogic(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .workspaceName("string")
    .automationRuleId("string")
    .build());
automation_rule_resource = azure_native.securityinsights.AutomationRule("automationRuleResource",
    actions=[{
        actionConfiguration: {
            classification: string,
            classificationComment: string,
            classificationReason: string,
            labels: [{
                labelName: string,
            }],
            owner: {
                assignedTo: string,
                email: string,
                objectId: string,
                userPrincipalName: string,
            },
            severity: string,
            status: string,
        },
        actionType: ModifyProperties,
        order: 0,
    }],
    display_name=string,
    operational_insights_resource_provider=string,
    order=0,
    resource_group_name=string,
    triggering_logic={
        isEnabled: False,
        triggersOn: string,
        triggersWhen: string,
        conditions: [{
            conditionProperties: {
                operator: string,
                propertyName: string,
                propertyValues: [string],
            },
            conditionType: Property,
        }],
        expirationTimeUtc: string,
    },
    workspace_name=string,
    automation_rule_id=string)
const automationRuleResource = new azure_native.securityinsights.AutomationRule("automationRuleResource", {
    actions: [{
        actionConfiguration: {
            classification: "string",
            classificationComment: "string",
            classificationReason: "string",
            labels: [{
                labelName: "string",
            }],
            owner: {
                assignedTo: "string",
                email: "string",
                objectId: "string",
                userPrincipalName: "string",
            },
            severity: "string",
            status: "string",
        },
        actionType: "ModifyProperties",
        order: 0,
    }],
    displayName: "string",
    operationalInsightsResourceProvider: "string",
    order: 0,
    resourceGroupName: "string",
    triggeringLogic: {
        isEnabled: false,
        triggersOn: "string",
        triggersWhen: "string",
        conditions: [{
            conditionProperties: {
                operator: "string",
                propertyName: "string",
                propertyValues: ["string"],
            },
            conditionType: "Property",
        }],
        expirationTimeUtc: "string",
    },
    workspaceName: "string",
    automationRuleId: "string",
});
type: azure-native:securityinsights:AutomationRule
properties:
    actions:
        - actionConfiguration:
            classification: string
            classificationComment: string
            classificationReason: string
            labels:
                - labelName: string
            owner:
                assignedTo: string
                email: string
                objectId: string
                userPrincipalName: string
            severity: string
            status: string
          actionType: ModifyProperties
          order: 0
    automationRuleId: string
    displayName: string
    operationalInsightsResourceProvider: string
    order: 0
    resourceGroupName: string
    triggeringLogic:
        conditions:
            - conditionProperties:
                operator: string
                propertyName: string
                propertyValues:
                    - string
              conditionType: Property
        expirationTimeUtc: string
        isEnabled: false
        triggersOn: string
        triggersWhen: string
    workspaceName: string
AutomationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AutomationRule resource accepts the following input properties:
- Actions
List<Union<Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action, Pulumi. Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Args>> 
- The actions to execute when the automation rule is triggered
- DisplayName string
- The display name of the automation rule
- OperationalInsights stringResource Provider 
- The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Order int
- The order of execution of the automation rule
- ResourceGroup stringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- TriggeringLogic Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Triggering Logic 
- The triggering logic of the automation rule
- WorkspaceName string
- The name of the workspace.
- AutomationRule stringId 
- Automation rule ID
- Actions []interface{}
- The actions to execute when the automation rule is triggered
- DisplayName string
- The display name of the automation rule
- OperationalInsights stringResource Provider 
- The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- Order int
- The order of execution of the automation rule
- ResourceGroup stringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- TriggeringLogic AutomationRule Triggering Logic Args 
- The triggering logic of the automation rule
- WorkspaceName string
- The name of the workspace.
- AutomationRule stringId 
- Automation rule ID
- actions
List<Either<AutomationRule Modify Properties Action,Automation Rule Run Playbook Action Args>> 
- The actions to execute when the automation rule is triggered
- displayName String
- The display name of the automation rule
- operationalInsights StringResource Provider 
- The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order Integer
- The order of execution of the automation rule
- resourceGroup StringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- triggeringLogic AutomationRule Triggering Logic 
- The triggering logic of the automation rule
- workspaceName String
- The name of the workspace.
- automationRule StringId 
- Automation rule ID
- actions
(AutomationRule Modify Properties Action | Automation Rule Run Playbook Action Args)[] 
- The actions to execute when the automation rule is triggered
- displayName string
- The display name of the automation rule
- operationalInsights stringResource Provider 
- The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order number
- The order of execution of the automation rule
- resourceGroup stringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- triggeringLogic AutomationRule Triggering Logic 
- The triggering logic of the automation rule
- workspaceName string
- The name of the workspace.
- automationRule stringId 
- Automation rule ID
- actions
Sequence[Union[AutomationRule Modify Properties Action Args, Automation Rule Run Playbook Action Args]] 
- The actions to execute when the automation rule is triggered
- display_name str
- The display name of the automation rule
- operational_insights_ strresource_ provider 
- The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order int
- The order of execution of the automation rule
- resource_group_ strname 
- The name of the resource group within the user's subscription. The name is case insensitive.
- triggering_logic AutomationRule Triggering Logic Args 
- The triggering logic of the automation rule
- workspace_name str
- The name of the workspace.
- automation_rule_ strid 
- Automation rule ID
- actions List<Property Map | Property Map>
- The actions to execute when the automation rule is triggered
- displayName String
- The display name of the automation rule
- operationalInsights StringResource Provider 
- The namespace of workspaces resource provider- Microsoft.OperationalInsights.
- order Number
- The order of execution of the automation rule
- resourceGroup StringName 
- The name of the resource group within the user's subscription. The name is case insensitive.
- triggeringLogic Property Map
- The triggering logic of the automation rule
- workspaceName String
- The name of the workspace.
- automationRule StringId 
- Automation rule ID
Outputs
All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:
- CreatedBy Pulumi.Azure Native. Security Insights. Outputs. Client Info Response 
- Describes the client that created the automation rule
- CreatedTime stringUtc 
- The time the automation rule was created
- Id string
- The provider-assigned unique ID for this managed resource.
- LastModified Pulumi.By Azure Native. Security Insights. Outputs. Client Info Response 
- Describes the client that last updated the automation rule
- LastModified stringTime Utc 
- The last time the automation rule was updated
- Name string
- Azure resource name
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- CreatedBy ClientInfo Response 
- Describes the client that created the automation rule
- CreatedTime stringUtc 
- The time the automation rule was created
- Id string
- The provider-assigned unique ID for this managed resource.
- LastModified ClientBy Info Response 
- Describes the client that last updated the automation rule
- LastModified stringTime Utc 
- The last time the automation rule was updated
- Name string
- Azure resource name
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- createdBy ClientInfo Response 
- Describes the client that created the automation rule
- createdTime StringUtc 
- The time the automation rule was created
- id String
- The provider-assigned unique ID for this managed resource.
- lastModified ClientBy Info Response 
- Describes the client that last updated the automation rule
- lastModified StringTime Utc 
- The last time the automation rule was updated
- name String
- Azure resource name
- type String
- Azure resource type
- etag String
- Etag of the azure resource
- createdBy ClientInfo Response 
- Describes the client that created the automation rule
- createdTime stringUtc 
- The time the automation rule was created
- id string
- The provider-assigned unique ID for this managed resource.
- lastModified ClientBy Info Response 
- Describes the client that last updated the automation rule
- lastModified stringTime Utc 
- The last time the automation rule was updated
- name string
- Azure resource name
- type string
- Azure resource type
- etag string
- Etag of the azure resource
- created_by ClientInfo Response 
- Describes the client that created the automation rule
- created_time_ strutc 
- The time the automation rule was created
- id str
- The provider-assigned unique ID for this managed resource.
- last_modified_ Clientby Info Response 
- Describes the client that last updated the automation rule
- last_modified_ strtime_ utc 
- The last time the automation rule was updated
- name str
- Azure resource name
- type str
- Azure resource type
- etag str
- Etag of the azure resource
- createdBy Property Map
- Describes the client that created the automation rule
- createdTime StringUtc 
- The time the automation rule was created
- id String
- The provider-assigned unique ID for this managed resource.
- lastModified Property MapBy 
- Describes the client that last updated the automation rule
- lastModified StringTime Utc 
- The last time the automation rule was updated
- name String
- Azure resource name
- type String
- Azure resource type
- etag String
- Etag of the azure resource
Supporting Types
AutomationRuleModifyPropertiesAction, AutomationRuleModifyPropertiesActionArgs          
- ActionConfiguration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action Action Configuration 
- The configuration of the modify properties automation rule action
- Order int
- The order of execution of the automation rule action
- ActionConfiguration AutomationRule Modify Properties Action Action Configuration 
- The configuration of the modify properties automation rule action
- Order int
- The order of execution of the automation rule action
- actionConfiguration AutomationRule Modify Properties Action Action Configuration 
- The configuration of the modify properties automation rule action
- order Integer
- The order of execution of the automation rule action
- actionConfiguration AutomationRule Modify Properties Action Action Configuration 
- The configuration of the modify properties automation rule action
- order number
- The order of execution of the automation rule action
- action_configuration AutomationRule Modify Properties Action Action Configuration 
- The configuration of the modify properties automation rule action
- order int
- The order of execution of the automation rule action
- actionConfiguration Property Map
- The configuration of the modify properties automation rule action
- order Number
- The order of execution of the automation rule action
AutomationRuleModifyPropertiesActionActionConfiguration, AutomationRuleModifyPropertiesActionActionConfigurationArgs              
- Classification
string | Pulumi.Azure Native. Security Insights. Incident Classification 
- The reason the incident was closed
- ClassificationComment string
- Describes the reason the incident was closed
- ClassificationReason string | Pulumi.Azure Native. Security Insights. Incident Classification Reason 
- The classification reason to close the incident with
- Labels
List<Pulumi.Azure Native. Security Insights. Inputs. Incident Label> 
- List of labels to add to the incident
- Owner
Pulumi.Azure Native. Security Insights. Inputs. Incident Owner Info 
- Describes a user that the incident is assigned to
- Severity
string | Pulumi.Azure Native. Security Insights. Incident Severity 
- The severity of the incident
- Status
string | Pulumi.Azure Native. Security Insights. Incident Status 
- The status of the incident
- Classification
string | IncidentClassification 
- The reason the incident was closed
- ClassificationComment string
- Describes the reason the incident was closed
- ClassificationReason string | IncidentClassification Reason 
- The classification reason to close the incident with
- Labels
[]IncidentLabel 
- List of labels to add to the incident
- Owner
IncidentOwner Info 
- Describes a user that the incident is assigned to
- Severity
string | IncidentSeverity 
- The severity of the incident
- Status
string | IncidentStatus 
- The status of the incident
- classification
String | IncidentClassification 
- The reason the incident was closed
- classificationComment String
- Describes the reason the incident was closed
- classificationReason String | IncidentClassification Reason 
- The classification reason to close the incident with
- labels
List<IncidentLabel> 
- List of labels to add to the incident
- owner
IncidentOwner Info 
- Describes a user that the incident is assigned to
- severity
String | IncidentSeverity 
- The severity of the incident
- status
String | IncidentStatus 
- The status of the incident
- classification
string | IncidentClassification 
- The reason the incident was closed
- classificationComment string
- Describes the reason the incident was closed
- classificationReason string | IncidentClassification Reason 
- The classification reason to close the incident with
- labels
IncidentLabel[] 
- List of labels to add to the incident
- owner
IncidentOwner Info 
- Describes a user that the incident is assigned to
- severity
string | IncidentSeverity 
- The severity of the incident
- status
string | IncidentStatus 
- The status of the incident
- classification
str | IncidentClassification 
- The reason the incident was closed
- classification_comment str
- Describes the reason the incident was closed
- classification_reason str | IncidentClassification Reason 
- The classification reason to close the incident with
- labels
Sequence[IncidentLabel] 
- List of labels to add to the incident
- owner
IncidentOwner Info 
- Describes a user that the incident is assigned to
- severity
str | IncidentSeverity 
- The severity of the incident
- status
str | IncidentStatus 
- The status of the incident
- classification
String | "Undetermined" | "TruePositive" | "Benign Positive" | "False Positive" 
- The reason the incident was closed
- classificationComment String
- Describes the reason the incident was closed
- classificationReason String | "SuspiciousActivity" | "Suspicious But Expected" | "Incorrect Alert Logic" | "Inaccurate Data" 
- The classification reason to close the incident with
- labels List<Property Map>
- List of labels to add to the incident
- owner Property Map
- Describes a user that the incident is assigned to
- severity String | "High" | "Medium" | "Low" | "Informational"
- The severity of the incident
- status String | "New" | "Active" | "Closed"
- The status of the incident
AutomationRuleModifyPropertiesActionResponse, AutomationRuleModifyPropertiesActionResponseArgs            
- ActionConfiguration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Modify Properties Action Response Action Configuration 
- The configuration of the modify properties automation rule action
- Order int
- The order of execution of the automation rule action
- ActionConfiguration AutomationRule Modify Properties Action Response Action Configuration 
- The configuration of the modify properties automation rule action
- Order int
- The order of execution of the automation rule action
- actionConfiguration AutomationRule Modify Properties Action Response Action Configuration 
- The configuration of the modify properties automation rule action
- order Integer
- The order of execution of the automation rule action
- actionConfiguration AutomationRule Modify Properties Action Response Action Configuration 
- The configuration of the modify properties automation rule action
- order number
- The order of execution of the automation rule action
- action_configuration AutomationRule Modify Properties Action Response Action Configuration 
- The configuration of the modify properties automation rule action
- order int
- The order of execution of the automation rule action
- actionConfiguration Property Map
- The configuration of the modify properties automation rule action
- order Number
- The order of execution of the automation rule action
AutomationRuleModifyPropertiesActionResponseActionConfiguration, AutomationRuleModifyPropertiesActionResponseActionConfigurationArgs                
- Classification string
- The reason the incident was closed
- ClassificationComment string
- Describes the reason the incident was closed
- ClassificationReason string
- The classification reason to close the incident with
- Labels
List<Pulumi.Azure Native. Security Insights. Inputs. Incident Label Response> 
- List of labels to add to the incident
- Owner
Pulumi.Azure Native. Security Insights. Inputs. Incident Owner Info Response 
- Describes a user that the incident is assigned to
- Severity string
- The severity of the incident
- Status string
- The status of the incident
- Classification string
- The reason the incident was closed
- ClassificationComment string
- Describes the reason the incident was closed
- ClassificationReason string
- The classification reason to close the incident with
- Labels
[]IncidentLabel Response 
- List of labels to add to the incident
- Owner
IncidentOwner Info Response 
- Describes a user that the incident is assigned to
- Severity string
- The severity of the incident
- Status string
- The status of the incident
- classification String
- The reason the incident was closed
- classificationComment String
- Describes the reason the incident was closed
- classificationReason String
- The classification reason to close the incident with
- labels
List<IncidentLabel Response> 
- List of labels to add to the incident
- owner
IncidentOwner Info Response 
- Describes a user that the incident is assigned to
- severity String
- The severity of the incident
- status String
- The status of the incident
- classification string
- The reason the incident was closed
- classificationComment string
- Describes the reason the incident was closed
- classificationReason string
- The classification reason to close the incident with
- labels
IncidentLabel Response[] 
- List of labels to add to the incident
- owner
IncidentOwner Info Response 
- Describes a user that the incident is assigned to
- severity string
- The severity of the incident
- status string
- The status of the incident
- classification str
- The reason the incident was closed
- classification_comment str
- Describes the reason the incident was closed
- classification_reason str
- The classification reason to close the incident with
- labels
Sequence[IncidentLabel Response] 
- List of labels to add to the incident
- owner
IncidentOwner Info Response 
- Describes a user that the incident is assigned to
- severity str
- The severity of the incident
- status str
- The status of the incident
- classification String
- The reason the incident was closed
- classificationComment String
- Describes the reason the incident was closed
- classificationReason String
- The classification reason to close the incident with
- labels List<Property Map>
- List of labels to add to the incident
- owner Property Map
- Describes a user that the incident is assigned to
- severity String
- The severity of the incident
- status String
- The status of the incident
AutomationRulePropertyConditionSupportedOperator, AutomationRulePropertyConditionSupportedOperatorArgs            
- EqualsValue 
- EqualsEvaluates if the property equals at least one of the condition values
- NotEquals 
- NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- NotContains 
- NotContainsEvaluates if the property does not contain any of the condition values
- StartsWith 
- StartsWithEvaluates if the property starts with any of the condition values
- NotStarts With 
- NotStartsWithEvaluates if the property does not start with any of the condition values
- EndsWith 
- EndsWithEvaluates if the property ends with any of the condition values
- NotEnds With 
- NotEndsWithEvaluates if the property does not end with any of the condition values
- AutomationRule Property Condition Supported Operator Equals 
- EqualsEvaluates if the property equals at least one of the condition values
- AutomationRule Property Condition Supported Operator Not Equals 
- NotEqualsEvaluates if the property does not equal any of the condition values
- AutomationRule Property Condition Supported Operator Contains 
- ContainsEvaluates if the property contains at least one of the condition values
- AutomationRule Property Condition Supported Operator Not Contains 
- NotContainsEvaluates if the property does not contain any of the condition values
- AutomationRule Property Condition Supported Operator Starts With 
- StartsWithEvaluates if the property starts with any of the condition values
- AutomationRule Property Condition Supported Operator Not Starts With 
- NotStartsWithEvaluates if the property does not start with any of the condition values
- AutomationRule Property Condition Supported Operator Ends With 
- EndsWithEvaluates if the property ends with any of the condition values
- AutomationRule Property Condition Supported Operator Not Ends With 
- NotEndsWithEvaluates if the property does not end with any of the condition values
- Equals
- EqualsEvaluates if the property equals at least one of the condition values
- NotEquals 
- NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- NotContains 
- NotContainsEvaluates if the property does not contain any of the condition values
- StartsWith 
- StartsWithEvaluates if the property starts with any of the condition values
- NotStarts With 
- NotStartsWithEvaluates if the property does not start with any of the condition values
- EndsWith 
- EndsWithEvaluates if the property ends with any of the condition values
- NotEnds With 
- NotEndsWithEvaluates if the property does not end with any of the condition values
- Equals
- EqualsEvaluates if the property equals at least one of the condition values
- NotEquals 
- NotEqualsEvaluates if the property does not equal any of the condition values
- Contains
- ContainsEvaluates if the property contains at least one of the condition values
- NotContains 
- NotContainsEvaluates if the property does not contain any of the condition values
- StartsWith 
- StartsWithEvaluates if the property starts with any of the condition values
- NotStarts With 
- NotStartsWithEvaluates if the property does not start with any of the condition values
- EndsWith 
- EndsWithEvaluates if the property ends with any of the condition values
- NotEnds With 
- NotEndsWithEvaluates if the property does not end with any of the condition values
- EQUALS
- EqualsEvaluates if the property equals at least one of the condition values
- NOT_EQUALS
- NotEqualsEvaluates if the property does not equal any of the condition values
- CONTAINS
- ContainsEvaluates if the property contains at least one of the condition values
- NOT_CONTAINS
- NotContainsEvaluates if the property does not contain any of the condition values
- STARTS_WITH
- StartsWithEvaluates if the property starts with any of the condition values
- NOT_STARTS_WITH
- NotStartsWithEvaluates if the property does not start with any of the condition values
- ENDS_WITH
- EndsWithEvaluates if the property ends with any of the condition values
- NOT_ENDS_WITH
- NotEndsWithEvaluates if the property does not end with any of the condition values
- "Equals"
- EqualsEvaluates if the property equals at least one of the condition values
- "NotEquals" 
- NotEqualsEvaluates if the property does not equal any of the condition values
- "Contains"
- ContainsEvaluates if the property contains at least one of the condition values
- "NotContains" 
- NotContainsEvaluates if the property does not contain any of the condition values
- "StartsWith" 
- StartsWithEvaluates if the property starts with any of the condition values
- "NotStarts With" 
- NotStartsWithEvaluates if the property does not start with any of the condition values
- "EndsWith" 
- EndsWithEvaluates if the property ends with any of the condition values
- "NotEnds With" 
- NotEndsWithEvaluates if the property does not end with any of the condition values
AutomationRulePropertyConditionSupportedProperty, AutomationRulePropertyConditionSupportedPropertyArgs            
- IncidentTitle 
- IncidentTitleThe title of the incident
- IncidentDescription 
- IncidentDescriptionThe description of the incident
- IncidentSeverity 
- IncidentSeverityThe severity of the incident
- IncidentStatus 
- IncidentStatusThe status of the incident
- IncidentTactics 
- IncidentTacticsThe tactics of the incident
- IncidentRelated Analytic Rule Ids 
- IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- IncidentProvider Name 
- IncidentProviderNameThe provider name of the incident
- AccountAad Tenant Id 
- AccountAadTenantIdThe account Azure Active Directory tenant id
- AccountAad User Id 
- AccountAadUserIdThe account Azure Active Directory user id.
- AccountName 
- AccountNameThe account name
- AccountNTDomain 
- AccountNTDomainThe account NetBIOS domain name
- AccountPUID 
- AccountPUIDThe account Azure Active Directory Passport User ID
- AccountSid 
- AccountSidThe account security identifier
- AccountObject Guid 
- AccountObjectGuidThe account unique identifier
- AccountUPNSuffix 
- AccountUPNSuffixThe account user principal name suffix
- AzureResource Resource Id 
- AzureResourceResourceIdThe Azure resource id
- AzureResource Subscription Id 
- AzureResourceSubscriptionIdThe Azure resource subscription id
- CloudApplication App Id 
- CloudApplicationAppIdThe cloud application identifier
- CloudApplication App Name 
- CloudApplicationAppNameThe cloud application name
- DNSDomainName 
- DNSDomainNameThe dns record domain name
- FileDirectory 
- FileDirectoryThe file directory full path
- FileName 
- FileNameThe file name without path
- FileHash Value 
- FileHashValueThe file hash value
- HostAzure ID 
- HostAzureIDThe host Azure resource id
- HostName 
- HostNameThe host name without domain
- HostNet Bios Name 
- HostNetBiosNameThe host NetBIOS name
- HostNTDomain 
- HostNTDomainThe host NT domain
- HostOSVersion 
- HostOSVersionThe host operating system
- IoTDevice Id 
- IoTDeviceIdThe IoT device id
- IoTDevice Name 
- IoTDeviceNameThe IoT device name
- IoTDevice Type 
- IoTDeviceTypeThe IoT device type
- IoTDevice Vendor 
- IoTDeviceVendorThe IoT device vendor
- IoTDevice Model 
- IoTDeviceModelThe IoT device model
- IoTDevice Operating System 
- IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- MailboxDisplay Name 
- MailboxDisplayNameThe mailbox display name
- MailboxPrimary Address 
- MailboxPrimaryAddressThe mailbox primary address
- MailboxUPN 
- MailboxUPNThe mailbox user principal name
- MailMessage Delivery Action 
- MailMessageDeliveryActionThe mail message delivery action
- MailMessage Delivery Location 
- MailMessageDeliveryLocationThe mail message delivery location
- MailMessage Recipient 
- MailMessageRecipientThe mail message recipient
- MailMessage Sender IP 
- MailMessageSenderIPThe mail message sender IP address
- MailMessage Subject 
- MailMessageSubjectThe mail message subject
- MailMessage P1Sender 
- MailMessageP1SenderThe mail message P1 sender
- MailMessage P2Sender 
- MailMessageP2SenderThe mail message P2 sender
- MalwareCategory 
- MalwareCategoryThe malware category
- MalwareName 
- MalwareNameThe malware name
- ProcessCommand Line 
- ProcessCommandLineThe process execution command line
- ProcessId 
- ProcessIdThe process id
- RegistryKey 
- RegistryKeyThe registry key path
- RegistryValue Data 
- RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- AutomationRule Property Condition Supported Property Incident Title 
- IncidentTitleThe title of the incident
- AutomationRule Property Condition Supported Property Incident Description 
- IncidentDescriptionThe description of the incident
- AutomationRule Property Condition Supported Property Incident Severity 
- IncidentSeverityThe severity of the incident
- AutomationRule Property Condition Supported Property Incident Status 
- IncidentStatusThe status of the incident
- AutomationRule Property Condition Supported Property Incident Tactics 
- IncidentTacticsThe tactics of the incident
- AutomationRule Property Condition Supported Property Incident Related Analytic Rule Ids 
- IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- AutomationRule Property Condition Supported Property Incident Provider Name 
- IncidentProviderNameThe provider name of the incident
- AutomationRule Property Condition Supported Property Account Aad Tenant Id 
- AccountAadTenantIdThe account Azure Active Directory tenant id
- AutomationRule Property Condition Supported Property Account Aad User Id 
- AccountAadUserIdThe account Azure Active Directory user id.
- AutomationRule Property Condition Supported Property Account Name 
- AccountNameThe account name
- AutomationRule Property Condition Supported Property Account NTDomain 
- AccountNTDomainThe account NetBIOS domain name
- AutomationRule Property Condition Supported Property Account PUID 
- AccountPUIDThe account Azure Active Directory Passport User ID
- AutomationRule Property Condition Supported Property Account Sid 
- AccountSidThe account security identifier
- AutomationRule Property Condition Supported Property Account Object Guid 
- AccountObjectGuidThe account unique identifier
- AutomationRule Property Condition Supported Property Account UPNSuffix 
- AccountUPNSuffixThe account user principal name suffix
- AutomationRule Property Condition Supported Property Azure Resource Resource Id 
- AzureResourceResourceIdThe Azure resource id
- AutomationRule Property Condition Supported Property Azure Resource Subscription Id 
- AzureResourceSubscriptionIdThe Azure resource subscription id
- AutomationRule Property Condition Supported Property Cloud Application App Id 
- CloudApplicationAppIdThe cloud application identifier
- AutomationRule Property Condition Supported Property Cloud Application App Name 
- CloudApplicationAppNameThe cloud application name
- AutomationRule Property Condition Supported Property DNSDomain Name 
- DNSDomainNameThe dns record domain name
- AutomationRule Property Condition Supported Property File Directory 
- FileDirectoryThe file directory full path
- AutomationRule Property Condition Supported Property File Name 
- FileNameThe file name without path
- AutomationRule Property Condition Supported Property File Hash Value 
- FileHashValueThe file hash value
- AutomationRule Property Condition Supported Property Host Azure ID 
- HostAzureIDThe host Azure resource id
- AutomationRule Property Condition Supported Property Host Name 
- HostNameThe host name without domain
- AutomationRule Property Condition Supported Property Host Net Bios Name 
- HostNetBiosNameThe host NetBIOS name
- AutomationRule Property Condition Supported Property Host NTDomain 
- HostNTDomainThe host NT domain
- AutomationRule Property Condition Supported Property Host OSVersion 
- HostOSVersionThe host operating system
- AutomationRule Property Condition Supported Property Io TDevice Id 
- IoTDeviceIdThe IoT device id
- AutomationRule Property Condition Supported Property Io TDevice Name 
- IoTDeviceNameThe IoT device name
- AutomationRule Property Condition Supported Property Io TDevice Type 
- IoTDeviceTypeThe IoT device type
- AutomationRule Property Condition Supported Property Io TDevice Vendor 
- IoTDeviceVendorThe IoT device vendor
- AutomationRule Property Condition Supported Property Io TDevice Model 
- IoTDeviceModelThe IoT device model
- AutomationRule Property Condition Supported Property Io TDevice Operating System 
- IoTDeviceOperatingSystemThe IoT device operating system
- AutomationRule Property Condition Supported Property IPAddress 
- IPAddressThe IP address
- AutomationRule Property Condition Supported Property Mailbox Display Name 
- MailboxDisplayNameThe mailbox display name
- AutomationRule Property Condition Supported Property Mailbox Primary Address 
- MailboxPrimaryAddressThe mailbox primary address
- AutomationRule Property Condition Supported Property Mailbox UPN 
- MailboxUPNThe mailbox user principal name
- AutomationRule Property Condition Supported Property Mail Message Delivery Action 
- MailMessageDeliveryActionThe mail message delivery action
- AutomationRule Property Condition Supported Property Mail Message Delivery Location 
- MailMessageDeliveryLocationThe mail message delivery location
- AutomationRule Property Condition Supported Property Mail Message Recipient 
- MailMessageRecipientThe mail message recipient
- AutomationRule Property Condition Supported Property Mail Message Sender IP 
- MailMessageSenderIPThe mail message sender IP address
- AutomationRule Property Condition Supported Property Mail Message Subject 
- MailMessageSubjectThe mail message subject
- AutomationRule Property Condition Supported Property Mail Message P1Sender 
- MailMessageP1SenderThe mail message P1 sender
- AutomationRule Property Condition Supported Property Mail Message P2Sender 
- MailMessageP2SenderThe mail message P2 sender
- AutomationRule Property Condition Supported Property Malware Category 
- MalwareCategoryThe malware category
- AutomationRule Property Condition Supported Property Malware Name 
- MalwareNameThe malware name
- AutomationRule Property Condition Supported Property Process Command Line 
- ProcessCommandLineThe process execution command line
- AutomationRule Property Condition Supported Property Process Id 
- ProcessIdThe process id
- AutomationRule Property Condition Supported Property Registry Key 
- RegistryKeyThe registry key path
- AutomationRule Property Condition Supported Property Registry Value Data 
- RegistryValueDataThe registry key value in string formatted representation
- AutomationRule Property Condition Supported Property Url 
- UrlThe url
- IncidentTitle 
- IncidentTitleThe title of the incident
- IncidentDescription 
- IncidentDescriptionThe description of the incident
- IncidentSeverity 
- IncidentSeverityThe severity of the incident
- IncidentStatus 
- IncidentStatusThe status of the incident
- IncidentTactics 
- IncidentTacticsThe tactics of the incident
- IncidentRelated Analytic Rule Ids 
- IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- IncidentProvider Name 
- IncidentProviderNameThe provider name of the incident
- AccountAad Tenant Id 
- AccountAadTenantIdThe account Azure Active Directory tenant id
- AccountAad User Id 
- AccountAadUserIdThe account Azure Active Directory user id.
- AccountName 
- AccountNameThe account name
- AccountNTDomain 
- AccountNTDomainThe account NetBIOS domain name
- AccountPUID 
- AccountPUIDThe account Azure Active Directory Passport User ID
- AccountSid 
- AccountSidThe account security identifier
- AccountObject Guid 
- AccountObjectGuidThe account unique identifier
- AccountUPNSuffix 
- AccountUPNSuffixThe account user principal name suffix
- AzureResource Resource Id 
- AzureResourceResourceIdThe Azure resource id
- AzureResource Subscription Id 
- AzureResourceSubscriptionIdThe Azure resource subscription id
- CloudApplication App Id 
- CloudApplicationAppIdThe cloud application identifier
- CloudApplication App Name 
- CloudApplicationAppNameThe cloud application name
- DNSDomainName 
- DNSDomainNameThe dns record domain name
- FileDirectory 
- FileDirectoryThe file directory full path
- FileName 
- FileNameThe file name without path
- FileHash Value 
- FileHashValueThe file hash value
- HostAzure ID 
- HostAzureIDThe host Azure resource id
- HostName 
- HostNameThe host name without domain
- HostNet Bios Name 
- HostNetBiosNameThe host NetBIOS name
- HostNTDomain 
- HostNTDomainThe host NT domain
- HostOSVersion 
- HostOSVersionThe host operating system
- IoTDevice Id 
- IoTDeviceIdThe IoT device id
- IoTDevice Name 
- IoTDeviceNameThe IoT device name
- IoTDevice Type 
- IoTDeviceTypeThe IoT device type
- IoTDevice Vendor 
- IoTDeviceVendorThe IoT device vendor
- IoTDevice Model 
- IoTDeviceModelThe IoT device model
- IoTDevice Operating System 
- IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- MailboxDisplay Name 
- MailboxDisplayNameThe mailbox display name
- MailboxPrimary Address 
- MailboxPrimaryAddressThe mailbox primary address
- MailboxUPN 
- MailboxUPNThe mailbox user principal name
- MailMessage Delivery Action 
- MailMessageDeliveryActionThe mail message delivery action
- MailMessage Delivery Location 
- MailMessageDeliveryLocationThe mail message delivery location
- MailMessage Recipient 
- MailMessageRecipientThe mail message recipient
- MailMessage Sender IP 
- MailMessageSenderIPThe mail message sender IP address
- MailMessage Subject 
- MailMessageSubjectThe mail message subject
- MailMessage P1Sender 
- MailMessageP1SenderThe mail message P1 sender
- MailMessage P2Sender 
- MailMessageP2SenderThe mail message P2 sender
- MalwareCategory 
- MalwareCategoryThe malware category
- MalwareName 
- MalwareNameThe malware name
- ProcessCommand Line 
- ProcessCommandLineThe process execution command line
- ProcessId 
- ProcessIdThe process id
- RegistryKey 
- RegistryKeyThe registry key path
- RegistryValue Data 
- RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- IncidentTitle 
- IncidentTitleThe title of the incident
- IncidentDescription 
- IncidentDescriptionThe description of the incident
- IncidentSeverity 
- IncidentSeverityThe severity of the incident
- IncidentStatus 
- IncidentStatusThe status of the incident
- IncidentTactics 
- IncidentTacticsThe tactics of the incident
- IncidentRelated Analytic Rule Ids 
- IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- IncidentProvider Name 
- IncidentProviderNameThe provider name of the incident
- AccountAad Tenant Id 
- AccountAadTenantIdThe account Azure Active Directory tenant id
- AccountAad User Id 
- AccountAadUserIdThe account Azure Active Directory user id.
- AccountName 
- AccountNameThe account name
- AccountNTDomain 
- AccountNTDomainThe account NetBIOS domain name
- AccountPUID 
- AccountPUIDThe account Azure Active Directory Passport User ID
- AccountSid 
- AccountSidThe account security identifier
- AccountObject Guid 
- AccountObjectGuidThe account unique identifier
- AccountUPNSuffix 
- AccountUPNSuffixThe account user principal name suffix
- AzureResource Resource Id 
- AzureResourceResourceIdThe Azure resource id
- AzureResource Subscription Id 
- AzureResourceSubscriptionIdThe Azure resource subscription id
- CloudApplication App Id 
- CloudApplicationAppIdThe cloud application identifier
- CloudApplication App Name 
- CloudApplicationAppNameThe cloud application name
- DNSDomainName 
- DNSDomainNameThe dns record domain name
- FileDirectory 
- FileDirectoryThe file directory full path
- FileName 
- FileNameThe file name without path
- FileHash Value 
- FileHashValueThe file hash value
- HostAzure ID 
- HostAzureIDThe host Azure resource id
- HostName 
- HostNameThe host name without domain
- HostNet Bios Name 
- HostNetBiosNameThe host NetBIOS name
- HostNTDomain 
- HostNTDomainThe host NT domain
- HostOSVersion 
- HostOSVersionThe host operating system
- IoTDevice Id 
- IoTDeviceIdThe IoT device id
- IoTDevice Name 
- IoTDeviceNameThe IoT device name
- IoTDevice Type 
- IoTDeviceTypeThe IoT device type
- IoTDevice Vendor 
- IoTDeviceVendorThe IoT device vendor
- IoTDevice Model 
- IoTDeviceModelThe IoT device model
- IoTDevice Operating System 
- IoTDeviceOperatingSystemThe IoT device operating system
- IPAddress
- IPAddressThe IP address
- MailboxDisplay Name 
- MailboxDisplayNameThe mailbox display name
- MailboxPrimary Address 
- MailboxPrimaryAddressThe mailbox primary address
- MailboxUPN 
- MailboxUPNThe mailbox user principal name
- MailMessage Delivery Action 
- MailMessageDeliveryActionThe mail message delivery action
- MailMessage Delivery Location 
- MailMessageDeliveryLocationThe mail message delivery location
- MailMessage Recipient 
- MailMessageRecipientThe mail message recipient
- MailMessage Sender IP 
- MailMessageSenderIPThe mail message sender IP address
- MailMessage Subject 
- MailMessageSubjectThe mail message subject
- MailMessage P1Sender 
- MailMessageP1SenderThe mail message P1 sender
- MailMessage P2Sender 
- MailMessageP2SenderThe mail message P2 sender
- MalwareCategory 
- MalwareCategoryThe malware category
- MalwareName 
- MalwareNameThe malware name
- ProcessCommand Line 
- ProcessCommandLineThe process execution command line
- ProcessId 
- ProcessIdThe process id
- RegistryKey 
- RegistryKeyThe registry key path
- RegistryValue Data 
- RegistryValueDataThe registry key value in string formatted representation
- Url
- UrlThe url
- INCIDENT_TITLE
- IncidentTitleThe title of the incident
- INCIDENT_DESCRIPTION
- IncidentDescriptionThe description of the incident
- INCIDENT_SEVERITY
- IncidentSeverityThe severity of the incident
- INCIDENT_STATUS
- IncidentStatusThe status of the incident
- INCIDENT_TACTICS
- IncidentTacticsThe tactics of the incident
- INCIDENT_RELATED_ANALYTIC_RULE_IDS
- IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- INCIDENT_PROVIDER_NAME
- IncidentProviderNameThe provider name of the incident
- ACCOUNT_AAD_TENANT_ID
- AccountAadTenantIdThe account Azure Active Directory tenant id
- ACCOUNT_AAD_USER_ID
- AccountAadUserIdThe account Azure Active Directory user id.
- ACCOUNT_NAME
- AccountNameThe account name
- ACCOUNT_NT_DOMAIN
- AccountNTDomainThe account NetBIOS domain name
- ACCOUNT_PUID
- AccountPUIDThe account Azure Active Directory Passport User ID
- ACCOUNT_SID
- AccountSidThe account security identifier
- ACCOUNT_OBJECT_GUID
- AccountObjectGuidThe account unique identifier
- ACCOUNT_UPN_SUFFIX
- AccountUPNSuffixThe account user principal name suffix
- AZURE_RESOURCE_RESOURCE_ID
- AzureResourceResourceIdThe Azure resource id
- AZURE_RESOURCE_SUBSCRIPTION_ID
- AzureResourceSubscriptionIdThe Azure resource subscription id
- CLOUD_APPLICATION_APP_ID
- CloudApplicationAppIdThe cloud application identifier
- CLOUD_APPLICATION_APP_NAME
- CloudApplicationAppNameThe cloud application name
- DNS_DOMAIN_NAME
- DNSDomainNameThe dns record domain name
- FILE_DIRECTORY
- FileDirectoryThe file directory full path
- FILE_NAME
- FileNameThe file name without path
- FILE_HASH_VALUE
- FileHashValueThe file hash value
- HOST_AZURE_ID
- HostAzureIDThe host Azure resource id
- HOST_NAME
- HostNameThe host name without domain
- HOST_NET_BIOS_NAME
- HostNetBiosNameThe host NetBIOS name
- HOST_NT_DOMAIN
- HostNTDomainThe host NT domain
- HOST_OS_VERSION
- HostOSVersionThe host operating system
- IO_T_DEVICE_ID
- IoTDeviceIdThe IoT device id
- IO_T_DEVICE_NAME
- IoTDeviceNameThe IoT device name
- IO_T_DEVICE_TYPE
- IoTDeviceTypeThe IoT device type
- IO_T_DEVICE_VENDOR
- IoTDeviceVendorThe IoT device vendor
- IO_T_DEVICE_MODEL
- IoTDeviceModelThe IoT device model
- IO_T_DEVICE_OPERATING_SYSTEM
- IoTDeviceOperatingSystemThe IoT device operating system
- IP_ADDRESS
- IPAddressThe IP address
- MAILBOX_DISPLAY_NAME
- MailboxDisplayNameThe mailbox display name
- MAILBOX_PRIMARY_ADDRESS
- MailboxPrimaryAddressThe mailbox primary address
- MAILBOX_UPN
- MailboxUPNThe mailbox user principal name
- MAIL_MESSAGE_DELIVERY_ACTION
- MailMessageDeliveryActionThe mail message delivery action
- MAIL_MESSAGE_DELIVERY_LOCATION
- MailMessageDeliveryLocationThe mail message delivery location
- MAIL_MESSAGE_RECIPIENT
- MailMessageRecipientThe mail message recipient
- MAIL_MESSAGE_SENDER_IP
- MailMessageSenderIPThe mail message sender IP address
- MAIL_MESSAGE_SUBJECT
- MailMessageSubjectThe mail message subject
- MAIL_MESSAGE_P1_SENDER
- MailMessageP1SenderThe mail message P1 sender
- MAIL_MESSAGE_P2_SENDER
- MailMessageP2SenderThe mail message P2 sender
- MALWARE_CATEGORY
- MalwareCategoryThe malware category
- MALWARE_NAME
- MalwareNameThe malware name
- PROCESS_COMMAND_LINE
- ProcessCommandLineThe process execution command line
- PROCESS_ID
- ProcessIdThe process id
- REGISTRY_KEY
- RegistryKeyThe registry key path
- REGISTRY_VALUE_DATA
- RegistryValueDataThe registry key value in string formatted representation
- URL
- UrlThe url
- "IncidentTitle" 
- IncidentTitleThe title of the incident
- "IncidentDescription" 
- IncidentDescriptionThe description of the incident
- "IncidentSeverity" 
- IncidentSeverityThe severity of the incident
- "IncidentStatus" 
- IncidentStatusThe status of the incident
- "IncidentTactics" 
- IncidentTacticsThe tactics of the incident
- "IncidentRelated Analytic Rule Ids" 
- IncidentRelatedAnalyticRuleIdsThe related Analytic rule ids of the incident
- "IncidentProvider Name" 
- IncidentProviderNameThe provider name of the incident
- "AccountAad Tenant Id" 
- AccountAadTenantIdThe account Azure Active Directory tenant id
- "AccountAad User Id" 
- AccountAadUserIdThe account Azure Active Directory user id.
- "AccountName" 
- AccountNameThe account name
- "AccountNTDomain" 
- AccountNTDomainThe account NetBIOS domain name
- "AccountPUID" 
- AccountPUIDThe account Azure Active Directory Passport User ID
- "AccountSid" 
- AccountSidThe account security identifier
- "AccountObject Guid" 
- AccountObjectGuidThe account unique identifier
- "AccountUPNSuffix" 
- AccountUPNSuffixThe account user principal name suffix
- "AzureResource Resource Id" 
- AzureResourceResourceIdThe Azure resource id
- "AzureResource Subscription Id" 
- AzureResourceSubscriptionIdThe Azure resource subscription id
- "CloudApplication App Id" 
- CloudApplicationAppIdThe cloud application identifier
- "CloudApplication App Name" 
- CloudApplicationAppNameThe cloud application name
- "DNSDomainName" 
- DNSDomainNameThe dns record domain name
- "FileDirectory" 
- FileDirectoryThe file directory full path
- "FileName" 
- FileNameThe file name without path
- "FileHash Value" 
- FileHashValueThe file hash value
- "HostAzure ID" 
- HostAzureIDThe host Azure resource id
- "HostName" 
- HostNameThe host name without domain
- "HostNet Bios Name" 
- HostNetBiosNameThe host NetBIOS name
- "HostNTDomain" 
- HostNTDomainThe host NT domain
- "HostOSVersion" 
- HostOSVersionThe host operating system
- "IoTDevice Id" 
- IoTDeviceIdThe IoT device id
- "IoTDevice Name" 
- IoTDeviceNameThe IoT device name
- "IoTDevice Type" 
- IoTDeviceTypeThe IoT device type
- "IoTDevice Vendor" 
- IoTDeviceVendorThe IoT device vendor
- "IoTDevice Model" 
- IoTDeviceModelThe IoT device model
- "IoTDevice Operating System" 
- IoTDeviceOperatingSystemThe IoT device operating system
- "IPAddress"
- IPAddressThe IP address
- "MailboxDisplay Name" 
- MailboxDisplayNameThe mailbox display name
- "MailboxPrimary Address" 
- MailboxPrimaryAddressThe mailbox primary address
- "MailboxUPN" 
- MailboxUPNThe mailbox user principal name
- "MailMessage Delivery Action" 
- MailMessageDeliveryActionThe mail message delivery action
- "MailMessage Delivery Location" 
- MailMessageDeliveryLocationThe mail message delivery location
- "MailMessage Recipient" 
- MailMessageRecipientThe mail message recipient
- "MailMessage Sender IP" 
- MailMessageSenderIPThe mail message sender IP address
- "MailMessage Subject" 
- MailMessageSubjectThe mail message subject
- "MailMessage P1Sender" 
- MailMessageP1SenderThe mail message P1 sender
- "MailMessage P2Sender" 
- MailMessageP2SenderThe mail message P2 sender
- "MalwareCategory" 
- MalwareCategoryThe malware category
- "MalwareName" 
- MalwareNameThe malware name
- "ProcessCommand Line" 
- ProcessCommandLineThe process execution command line
- "ProcessId" 
- ProcessIdThe process id
- "RegistryKey" 
- RegistryKeyThe registry key path
- "RegistryValue Data" 
- RegistryValueDataThe registry key value in string formatted representation
- "Url"
- UrlThe url
AutomationRulePropertyValuesCondition, AutomationRulePropertyValuesConditionArgs          
- ConditionProperties Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Condition Properties 
- The configuration of the automation rule condition
- ConditionProperties AutomationRule Property Values Condition Condition Properties 
- The configuration of the automation rule condition
- conditionProperties AutomationRule Property Values Condition Condition Properties 
- The configuration of the automation rule condition
- conditionProperties AutomationRule Property Values Condition Condition Properties 
- The configuration of the automation rule condition
- condition_properties AutomationRule Property Values Condition Condition Properties 
- The configuration of the automation rule condition
- conditionProperties Property Map
- The configuration of the automation rule condition
AutomationRulePropertyValuesConditionConditionProperties, AutomationRulePropertyValuesConditionConditionPropertiesArgs              
- Operator
string | Pulumi.Azure Native. Security Insights. Automation Rule Property Condition Supported Operator 
- The operator to use for evaluation the condition
- PropertyName string | Pulumi.Azure Native. Security Insights. Automation Rule Property Condition Supported Property 
- The property to evaluate
- PropertyValues List<string>
- The values to use for evaluating the condition
- Operator
string | AutomationRule Property Condition Supported Operator 
- The operator to use for evaluation the condition
- PropertyName string | AutomationRule Property Condition Supported Property 
- The property to evaluate
- PropertyValues []string
- The values to use for evaluating the condition
- operator
String | AutomationRule Property Condition Supported Operator 
- The operator to use for evaluation the condition
- propertyName String | AutomationRule Property Condition Supported Property 
- The property to evaluate
- propertyValues List<String>
- The values to use for evaluating the condition
- operator
string | AutomationRule Property Condition Supported Operator 
- The operator to use for evaluation the condition
- propertyName string | AutomationRule Property Condition Supported Property 
- The property to evaluate
- propertyValues string[]
- The values to use for evaluating the condition
- operator
str | AutomationRule Property Condition Supported Operator 
- The operator to use for evaluation the condition
- property_name str | AutomationRule Property Condition Supported Property 
- The property to evaluate
- property_values Sequence[str]
- The values to use for evaluating the condition
- operator
String | "Equals" | "NotEquals" | "Contains" | "Not Contains" | "Starts With" | "Not Starts With" | "Ends With" | "Not Ends With" 
- The operator to use for evaluation the condition
- propertyName String | "IncidentTitle" | "Incident Description" | "Incident Severity" | "Incident Status" | "Incident Tactics" | "Incident Related Analytic Rule Ids" | "Incident Provider Name" | "Account Aad Tenant Id" | "Account Aad User Id" | "Account Name" | "Account NTDomain" | "Account PUID" | "Account Sid" | "Account Object Guid" | "Account UPNSuffix" | "Azure Resource Resource Id" | "Azure Resource Subscription Id" | "Cloud Application App Id" | "Cloud Application App Name" | "DNSDomain Name" | "File Directory" | "File Name" | "File Hash Value" | "Host Azure ID" | "Host Name" | "Host Net Bios Name" | "Host NTDomain" | "Host OSVersion" | "Io TDevice Id" | "Io TDevice Name" | "Io TDevice Type" | "Io TDevice Vendor" | "Io TDevice Model" | "Io TDevice Operating System" | "IPAddress" | "Mailbox Display Name" | "Mailbox Primary Address" | "Mailbox UPN" | "Mail Message Delivery Action" | "Mail Message Delivery Location" | "Mail Message Recipient" | "Mail Message Sender IP" | "Mail Message Subject" | "Mail Message P1Sender" | "Mail Message P2Sender" | "Malware Category" | "Malware Name" | "Process Command Line" | "Process Id" | "Registry Key" | "Registry Value Data" | "Url" 
- The property to evaluate
- propertyValues List<String>
- The values to use for evaluating the condition
AutomationRulePropertyValuesConditionResponse, AutomationRulePropertyValuesConditionResponseArgs            
- ConditionProperties Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Response Condition Properties 
- The configuration of the automation rule condition
- ConditionProperties AutomationRule Property Values Condition Response Condition Properties 
- The configuration of the automation rule condition
- conditionProperties AutomationRule Property Values Condition Response Condition Properties 
- The configuration of the automation rule condition
- conditionProperties AutomationRule Property Values Condition Response Condition Properties 
- The configuration of the automation rule condition
- condition_properties AutomationRule Property Values Condition Response Condition Properties 
- The configuration of the automation rule condition
- conditionProperties Property Map
- The configuration of the automation rule condition
AutomationRulePropertyValuesConditionResponseConditionProperties, AutomationRulePropertyValuesConditionResponseConditionPropertiesArgs                
- Operator string
- The operator to use for evaluation the condition
- PropertyName string
- The property to evaluate
- PropertyValues List<string>
- The values to use for evaluating the condition
- Operator string
- The operator to use for evaluation the condition
- PropertyName string
- The property to evaluate
- PropertyValues []string
- The values to use for evaluating the condition
- operator String
- The operator to use for evaluation the condition
- propertyName String
- The property to evaluate
- propertyValues List<String>
- The values to use for evaluating the condition
- operator string
- The operator to use for evaluation the condition
- propertyName string
- The property to evaluate
- propertyValues string[]
- The values to use for evaluating the condition
- operator str
- The operator to use for evaluation the condition
- property_name str
- The property to evaluate
- property_values Sequence[str]
- The values to use for evaluating the condition
- operator String
- The operator to use for evaluation the condition
- propertyName String
- The property to evaluate
- propertyValues List<String>
- The values to use for evaluating the condition
AutomationRuleRunPlaybookAction, AutomationRuleRunPlaybookActionArgs          
- ActionConfiguration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Action Configuration 
- The configuration of the run playbook automation rule action
- Order int
- The order of execution of the automation rule action
- ActionConfiguration AutomationRule Run Playbook Action Action Configuration 
- The configuration of the run playbook automation rule action
- Order int
- The order of execution of the automation rule action
- actionConfiguration AutomationRule Run Playbook Action Action Configuration 
- The configuration of the run playbook automation rule action
- order Integer
- The order of execution of the automation rule action
- actionConfiguration AutomationRule Run Playbook Action Action Configuration 
- The configuration of the run playbook automation rule action
- order number
- The order of execution of the automation rule action
- action_configuration AutomationRule Run Playbook Action Action Configuration 
- The configuration of the run playbook automation rule action
- order int
- The order of execution of the automation rule action
- actionConfiguration Property Map
- The configuration of the run playbook automation rule action
- order Number
- The order of execution of the automation rule action
AutomationRuleRunPlaybookActionActionConfiguration, AutomationRuleRunPlaybookActionActionConfigurationArgs              
- LogicApp stringResource Id 
- The resource id of the playbook resource
- TenantId string
- The tenant id of the playbook resource
- LogicApp stringResource Id 
- The resource id of the playbook resource
- TenantId string
- The tenant id of the playbook resource
- logicApp StringResource Id 
- The resource id of the playbook resource
- tenantId String
- The tenant id of the playbook resource
- logicApp stringResource Id 
- The resource id of the playbook resource
- tenantId string
- The tenant id of the playbook resource
- logic_app_ strresource_ id 
- The resource id of the playbook resource
- tenant_id str
- The tenant id of the playbook resource
- logicApp StringResource Id 
- The resource id of the playbook resource
- tenantId String
- The tenant id of the playbook resource
AutomationRuleRunPlaybookActionResponse, AutomationRuleRunPlaybookActionResponseArgs            
- ActionConfiguration Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Run Playbook Action Response Action Configuration 
- The configuration of the run playbook automation rule action
- Order int
- The order of execution of the automation rule action
- ActionConfiguration AutomationRule Run Playbook Action Response Action Configuration 
- The configuration of the run playbook automation rule action
- Order int
- The order of execution of the automation rule action
- actionConfiguration AutomationRule Run Playbook Action Response Action Configuration 
- The configuration of the run playbook automation rule action
- order Integer
- The order of execution of the automation rule action
- actionConfiguration AutomationRule Run Playbook Action Response Action Configuration 
- The configuration of the run playbook automation rule action
- order number
- The order of execution of the automation rule action
- action_configuration AutomationRule Run Playbook Action Response Action Configuration 
- The configuration of the run playbook automation rule action
- order int
- The order of execution of the automation rule action
- actionConfiguration Property Map
- The configuration of the run playbook automation rule action
- order Number
- The order of execution of the automation rule action
AutomationRuleRunPlaybookActionResponseActionConfiguration, AutomationRuleRunPlaybookActionResponseActionConfigurationArgs                
- LogicApp stringResource Id 
- The resource id of the playbook resource
- TenantId string
- The tenant id of the playbook resource
- LogicApp stringResource Id 
- The resource id of the playbook resource
- TenantId string
- The tenant id of the playbook resource
- logicApp StringResource Id 
- The resource id of the playbook resource
- tenantId String
- The tenant id of the playbook resource
- logicApp stringResource Id 
- The resource id of the playbook resource
- tenantId string
- The tenant id of the playbook resource
- logic_app_ strresource_ id 
- The resource id of the playbook resource
- tenant_id str
- The tenant id of the playbook resource
- logicApp StringResource Id 
- The resource id of the playbook resource
- tenantId String
- The tenant id of the playbook resource
AutomationRuleTriggeringLogic, AutomationRuleTriggeringLogicArgs        
- IsEnabled bool
- Determines whether the automation rule is enabled or disabled.
- TriggersOn string | Pulumi.Azure Native. Security Insights. Triggers On 
- The type of object the automation rule triggers on
- TriggersWhen string | Pulumi.Azure Native. Security Insights. Triggers When 
- The type of event the automation rule triggers on
- Conditions
List<Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition> 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- ExpirationTime stringUtc 
- Determines when the automation rule should automatically expire and be disabled.
- IsEnabled bool
- Determines whether the automation rule is enabled or disabled.
- TriggersOn string | TriggersOn 
- The type of object the automation rule triggers on
- TriggersWhen string | TriggersWhen 
- The type of event the automation rule triggers on
- Conditions
[]AutomationRule Property Values Condition 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- ExpirationTime stringUtc 
- Determines when the automation rule should automatically expire and be disabled.
- isEnabled Boolean
- Determines whether the automation rule is enabled or disabled.
- triggersOn String | TriggersOn 
- The type of object the automation rule triggers on
- triggersWhen String | TriggersWhen 
- The type of event the automation rule triggers on
- conditions
List<AutomationRule Property Values Condition> 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expirationTime StringUtc 
- Determines when the automation rule should automatically expire and be disabled.
- isEnabled boolean
- Determines whether the automation rule is enabled or disabled.
- triggersOn string | TriggersOn 
- The type of object the automation rule triggers on
- triggersWhen string | TriggersWhen 
- The type of event the automation rule triggers on
- conditions
AutomationRule Property Values Condition[] 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expirationTime stringUtc 
- Determines when the automation rule should automatically expire and be disabled.
- is_enabled bool
- Determines whether the automation rule is enabled or disabled.
- triggers_on str | TriggersOn 
- The type of object the automation rule triggers on
- triggers_when str | TriggersWhen 
- The type of event the automation rule triggers on
- conditions
Sequence[AutomationRule Property Values Condition] 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration_time_ strutc 
- Determines when the automation rule should automatically expire and be disabled.
- isEnabled Boolean
- Determines whether the automation rule is enabled or disabled.
- triggersOn String | "Incidents"
- The type of object the automation rule triggers on
- triggersWhen String | "Created"
- The type of event the automation rule triggers on
- conditions List<Property Map>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expirationTime StringUtc 
- Determines when the automation rule should automatically expire and be disabled.
AutomationRuleTriggeringLogicResponse, AutomationRuleTriggeringLogicResponseArgs          
- IsEnabled bool
- Determines whether the automation rule is enabled or disabled.
- TriggersOn string
- The type of object the automation rule triggers on
- TriggersWhen string
- The type of event the automation rule triggers on
- Conditions
List<Pulumi.Azure Native. Security Insights. Inputs. Automation Rule Property Values Condition Response> 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- ExpirationTime stringUtc 
- Determines when the automation rule should automatically expire and be disabled.
- IsEnabled bool
- Determines whether the automation rule is enabled or disabled.
- TriggersOn string
- The type of object the automation rule triggers on
- TriggersWhen string
- The type of event the automation rule triggers on
- Conditions
[]AutomationRule Property Values Condition Response 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- ExpirationTime stringUtc 
- Determines when the automation rule should automatically expire and be disabled.
- isEnabled Boolean
- Determines whether the automation rule is enabled or disabled.
- triggersOn String
- The type of object the automation rule triggers on
- triggersWhen String
- The type of event the automation rule triggers on
- conditions
List<AutomationRule Property Values Condition Response> 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expirationTime StringUtc 
- Determines when the automation rule should automatically expire and be disabled.
- isEnabled boolean
- Determines whether the automation rule is enabled or disabled.
- triggersOn string
- The type of object the automation rule triggers on
- triggersWhen string
- The type of event the automation rule triggers on
- conditions
AutomationRule Property Values Condition Response[] 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expirationTime stringUtc 
- Determines when the automation rule should automatically expire and be disabled.
- is_enabled bool
- Determines whether the automation rule is enabled or disabled.
- triggers_on str
- The type of object the automation rule triggers on
- triggers_when str
- The type of event the automation rule triggers on
- conditions
Sequence[AutomationRule Property Values Condition Response] 
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expiration_time_ strutc 
- Determines when the automation rule should automatically expire and be disabled.
- isEnabled Boolean
- Determines whether the automation rule is enabled or disabled.
- triggersOn String
- The type of object the automation rule triggers on
- triggersWhen String
- The type of event the automation rule triggers on
- conditions List<Property Map>
- The conditions to evaluate to determine if the automation rule should be triggered on a given object
- expirationTime StringUtc 
- Determines when the automation rule should automatically expire and be disabled.
ClientInfoResponse, ClientInfoResponseArgs      
- Email string
- The email of the client.
- Name string
- The name of the client.
- ObjectId string
- The object id of the client.
- UserPrincipal stringName 
- The user principal name of the client.
- Email string
- The email of the client.
- Name string
- The name of the client.
- ObjectId string
- The object id of the client.
- UserPrincipal stringName 
- The user principal name of the client.
- email String
- The email of the client.
- name String
- The name of the client.
- objectId String
- The object id of the client.
- userPrincipal StringName 
- The user principal name of the client.
- email string
- The email of the client.
- name string
- The name of the client.
- objectId string
- The object id of the client.
- userPrincipal stringName 
- The user principal name of the client.
- email str
- The email of the client.
- name str
- The name of the client.
- object_id str
- The object id of the client.
- user_principal_ strname 
- The user principal name of the client.
- email String
- The email of the client.
- name String
- The name of the client.
- objectId String
- The object id of the client.
- userPrincipal StringName 
- The user principal name of the client.
IncidentClassification, IncidentClassificationArgs    
- Undetermined
- UndeterminedIncident classification was undetermined
- TruePositive 
- TruePositiveIncident was true positive
- BenignPositive 
- BenignPositiveIncident was benign positive
- FalsePositive 
- FalsePositiveIncident was false positive
- IncidentClassification Undetermined 
- UndeterminedIncident classification was undetermined
- IncidentClassification True Positive 
- TruePositiveIncident was true positive
- IncidentClassification Benign Positive 
- BenignPositiveIncident was benign positive
- IncidentClassification False Positive 
- FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- TruePositive 
- TruePositiveIncident was true positive
- BenignPositive 
- BenignPositiveIncident was benign positive
- FalsePositive 
- FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- TruePositive 
- TruePositiveIncident was true positive
- BenignPositive 
- BenignPositiveIncident was benign positive
- FalsePositive 
- FalsePositiveIncident was false positive
- UNDETERMINED
- UndeterminedIncident classification was undetermined
- TRUE_POSITIVE
- TruePositiveIncident was true positive
- BENIGN_POSITIVE
- BenignPositiveIncident was benign positive
- FALSE_POSITIVE
- FalsePositiveIncident was false positive
- "Undetermined"
- UndeterminedIncident classification was undetermined
- "TruePositive" 
- TruePositiveIncident was true positive
- "BenignPositive" 
- BenignPositiveIncident was benign positive
- "FalsePositive" 
- FalsePositiveIncident was false positive
IncidentClassificationReason, IncidentClassificationReasonArgs      
- SuspiciousActivity 
- SuspiciousActivityClassification reason was suspicious activity
- SuspiciousBut Expected 
- SuspiciousButExpectedClassification reason was suspicious but expected
- IncorrectAlert Logic 
- IncorrectAlertLogicClassification reason was incorrect alert logic
- InaccurateData 
- InaccurateDataClassification reason was inaccurate data
- IncidentClassification Reason Suspicious Activity 
- SuspiciousActivityClassification reason was suspicious activity
- IncidentClassification Reason Suspicious But Expected 
- SuspiciousButExpectedClassification reason was suspicious but expected
- IncidentClassification Reason Incorrect Alert Logic 
- IncorrectAlertLogicClassification reason was incorrect alert logic
- IncidentClassification Reason Inaccurate Data 
- InaccurateDataClassification reason was inaccurate data
- SuspiciousActivity 
- SuspiciousActivityClassification reason was suspicious activity
- SuspiciousBut Expected 
- SuspiciousButExpectedClassification reason was suspicious but expected
- IncorrectAlert Logic 
- IncorrectAlertLogicClassification reason was incorrect alert logic
- InaccurateData 
- InaccurateDataClassification reason was inaccurate data
- SuspiciousActivity 
- SuspiciousActivityClassification reason was suspicious activity
- SuspiciousBut Expected 
- SuspiciousButExpectedClassification reason was suspicious but expected
- IncorrectAlert Logic 
- IncorrectAlertLogicClassification reason was incorrect alert logic
- InaccurateData 
- InaccurateDataClassification reason was inaccurate data
- SUSPICIOUS_ACTIVITY
- SuspiciousActivityClassification reason was suspicious activity
- SUSPICIOUS_BUT_EXPECTED
- SuspiciousButExpectedClassification reason was suspicious but expected
- INCORRECT_ALERT_LOGIC
- IncorrectAlertLogicClassification reason was incorrect alert logic
- INACCURATE_DATA
- InaccurateDataClassification reason was inaccurate data
- "SuspiciousActivity" 
- SuspiciousActivityClassification reason was suspicious activity
- "SuspiciousBut Expected" 
- SuspiciousButExpectedClassification reason was suspicious but expected
- "IncorrectAlert Logic" 
- IncorrectAlertLogicClassification reason was incorrect alert logic
- "InaccurateData" 
- InaccurateDataClassification reason was inaccurate data
IncidentLabel, IncidentLabelArgs    
- LabelName string
- The name of the label
- LabelName string
- The name of the label
- labelName String
- The name of the label
- labelName string
- The name of the label
- label_name str
- The name of the label
- labelName String
- The name of the label
IncidentLabelResponse, IncidentLabelResponseArgs      
- label_name str
- The name of the label
- label_type str
- The type of the label
IncidentOwnerInfo, IncidentOwnerInfoArgs      
- AssignedTo string
- The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- ObjectId string
- The object id of the user the incident is assigned to.
- UserPrincipal stringName 
- The user principal name of the user the incident is assigned to.
- AssignedTo string
- The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- ObjectId string
- The object id of the user the incident is assigned to.
- UserPrincipal stringName 
- The user principal name of the user the incident is assigned to.
- assignedTo String
- The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- objectId String
- The object id of the user the incident is assigned to.
- userPrincipal StringName 
- The user principal name of the user the incident is assigned to.
- assignedTo string
- The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- objectId string
- The object id of the user the incident is assigned to.
- userPrincipal stringName 
- The user principal name of the user the incident is assigned to.
- assigned_to str
- The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_id str
- The object id of the user the incident is assigned to.
- user_principal_ strname 
- The user principal name of the user the incident is assigned to.
- assignedTo String
- The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- objectId String
- The object id of the user the incident is assigned to.
- userPrincipal StringName 
- The user principal name of the user the incident is assigned to.
IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs        
- AssignedTo string
- The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- ObjectId string
- The object id of the user the incident is assigned to.
- UserPrincipal stringName 
- The user principal name of the user the incident is assigned to.
- AssignedTo string
- The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- ObjectId string
- The object id of the user the incident is assigned to.
- UserPrincipal stringName 
- The user principal name of the user the incident is assigned to.
- assignedTo String
- The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- objectId String
- The object id of the user the incident is assigned to.
- userPrincipal StringName 
- The user principal name of the user the incident is assigned to.
- assignedTo string
- The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- objectId string
- The object id of the user the incident is assigned to.
- userPrincipal stringName 
- The user principal name of the user the incident is assigned to.
- assigned_to str
- The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_id str
- The object id of the user the incident is assigned to.
- user_principal_ strname 
- The user principal name of the user the incident is assigned to.
- assignedTo String
- The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- objectId String
- The object id of the user the incident is assigned to.
- userPrincipal StringName 
- The user principal name of the user the incident is assigned to.
IncidentSeverity, IncidentSeverityArgs    
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- IncidentSeverity High 
- HighHigh severity
- IncidentSeverity Medium 
- MediumMedium severity
- IncidentSeverity Low 
- LowLow severity
- IncidentSeverity Informational 
- InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- HIGH
- HighHigh severity
- MEDIUM
- MediumMedium severity
- LOW
- LowLow severity
- INFORMATIONAL
- InformationalInformational severity
- "High"
- HighHigh severity
- "Medium"
- MediumMedium severity
- "Low"
- LowLow severity
- "Informational"
- InformationalInformational severity
IncidentStatus, IncidentStatusArgs    
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- IncidentStatus New 
- NewAn active incident which isn't being handled currently
- IncidentStatus Active 
- ActiveAn active incident which is being handled
- IncidentStatus Closed 
- ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- NEW
- NewAn active incident which isn't being handled currently
- ACTIVE
- ActiveAn active incident which is being handled
- CLOSED
- ClosedA non-active incident
- "New"
- NewAn active incident which isn't being handled currently
- "Active"
- ActiveAn active incident which is being handled
- "Closed"
- ClosedA non-active incident
TriggersOn, TriggersOnArgs    
- Incidents
- IncidentsTrigger on Incidents
- TriggersOn Incidents 
- IncidentsTrigger on Incidents
- Incidents
- IncidentsTrigger on Incidents
- Incidents
- IncidentsTrigger on Incidents
- INCIDENTS
- IncidentsTrigger on Incidents
- "Incidents"
- IncidentsTrigger on Incidents
TriggersWhen, TriggersWhenArgs    
- Created
- CreatedTrigger on created objects
- TriggersWhen Created 
- CreatedTrigger on created objects
- Created
- CreatedTrigger on created objects
- Created
- CreatedTrigger on created objects
- CREATED
- CreatedTrigger on created objects
- "Created"
- CreatedTrigger on created objects
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:AutomationRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5 
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0