com.pulumi.azurenative.securityinsights.ScheduledAlertRule Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-native Show documentation
Show all versions of azure-native Show documentation
A native Pulumi package for creating and managing Azure resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azurenative.securityinsights;
import com.pulumi.azurenative.Utilities;
import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
import com.pulumi.azurenative.securityinsights.outputs.AlertDetailsOverrideResponse;
import com.pulumi.azurenative.securityinsights.outputs.EntityMappingResponse;
import com.pulumi.azurenative.securityinsights.outputs.EventGroupingSettingsResponse;
import com.pulumi.azurenative.securityinsights.outputs.IncidentConfigurationResponse;
import com.pulumi.azurenative.securityinsights.outputs.SystemDataResponse;
import com.pulumi.core.Alias;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* Represents scheduled alert rule.
* Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-01-01.
*
* ## Example Usage
* ### Creates or updates a Fusion alert rule.
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
* import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
* .resourceGroupName("myRg")
* .ruleId("myFirstFusionRule")
* .workspaceName("myWorkspace")
* .build());
*
* }
* }
*
* }
*
* ### Creates or updates a MicrosoftSecurityIncidentCreation rule.
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
* import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
* .resourceGroupName("myRg")
* .ruleId("microsoftSecurityIncidentCreationRuleExample")
* .workspaceName("myWorkspace")
* .build());
*
* }
* }
*
* }
*
* ### Creates or updates a Scheduled alert rule.
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.securityinsights.ScheduledAlertRule;
* import com.pulumi.azurenative.securityinsights.ScheduledAlertRuleArgs;
* import com.pulumi.azurenative.securityinsights.inputs.AlertDetailsOverrideArgs;
* import com.pulumi.azurenative.securityinsights.inputs.EntityMappingArgs;
* import com.pulumi.azurenative.securityinsights.inputs.EventGroupingSettingsArgs;
* import com.pulumi.azurenative.securityinsights.inputs.IncidentConfigurationArgs;
* import com.pulumi.azurenative.securityinsights.inputs.GroupingConfigurationArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var scheduledAlertRule = new ScheduledAlertRule("scheduledAlertRule", ScheduledAlertRuleArgs.builder()
* .alertDetailsOverride(AlertDetailsOverrideArgs.builder()
* .alertDescriptionFormat("Suspicious activity was made by {{ComputerIP}}")
* .alertDisplayNameFormat("Alert from {{Computer}}")
* .alertDynamicProperties(
* AlertPropertyMappingArgs.builder()
* .alertProperty("ProductComponentName")
* .value("ProductComponentNameCustomColumn")
* .build(),
* AlertPropertyMappingArgs.builder()
* .alertProperty("ProductName")
* .value("ProductNameCustomColumn")
* .build(),
* AlertPropertyMappingArgs.builder()
* .alertProperty("AlertLink")
* .value("Link")
* .build())
* .build())
* .customDetails(Map.ofEntries(
* Map.entry("OperatingSystemName", "OSName"),
* Map.entry("OperatingSystemType", "OSType")
* ))
* .description("An example for a scheduled rule")
* .displayName("My scheduled rule")
* .enabled(true)
* .entityMappings(
* EntityMappingArgs.builder()
* .entityType("Host")
* .fieldMappings(FieldMappingArgs.builder()
* .columnName("Computer")
* .identifier("FullName")
* .build())
* .build(),
* EntityMappingArgs.builder()
* .entityType("IP")
* .fieldMappings(FieldMappingArgs.builder()
* .columnName("ComputerIP")
* .identifier("Address")
* .build())
* .build())
* .eventGroupingSettings(EventGroupingSettingsArgs.builder()
* .aggregationKind("AlertPerResult")
* .build())
* .incidentConfiguration(IncidentConfigurationArgs.builder()
* .createIncident(true)
* .groupingConfiguration(GroupingConfigurationArgs.builder()
* .enabled(true)
* .groupByAlertDetails("DisplayName")
* .groupByCustomDetails(
* "OperatingSystemType",
* "OperatingSystemName")
* .groupByEntities("Host")
* .lookbackDuration("PT5H")
* .matchingMethod("Selected")
* .reopenClosedIncident(false)
* .build())
* .build())
* .kind("Scheduled")
* .query("Heartbeat")
* .queryFrequency("PT1H")
* .queryPeriod("P2DT1H30M")
* .resourceGroupName("myRg")
* .ruleId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
* .severity("High")
* .suppressionDuration("PT1H")
* .suppressionEnabled(false)
* .tactics(
* "Persistence",
* "LateralMovement")
* .triggerOperator("GreaterThan")
* .triggerThreshold(0)
* .workspaceName("myWorkspace")
* .build());
*
* }
* }
*
* }
*
*
* ## Import
*
* An existing resource can be imported using its type token, name, and identifier, e.g.
*
* ```sh
* $ pulumi import azure-native:securityinsights:ScheduledAlertRule 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}
* ```
*
*/
@ResourceType(type="azure-native:securityinsights:ScheduledAlertRule")
public class ScheduledAlertRule extends com.pulumi.resources.CustomResource {
/**
* The alert details override settings
*
*/
@Export(name="alertDetailsOverride", refs={AlertDetailsOverrideResponse.class}, tree="[0]")
private Output alertDetailsOverride;
/**
* @return The alert details override settings
*
*/
public Output> alertDetailsOverride() {
return Codegen.optional(this.alertDetailsOverride);
}
/**
* The Name of the alert rule template used to create this rule.
*
*/
@Export(name="alertRuleTemplateName", refs={String.class}, tree="[0]")
private Output alertRuleTemplateName;
/**
* @return The Name of the alert rule template used to create this rule.
*
*/
public Output> alertRuleTemplateName() {
return Codegen.optional(this.alertRuleTemplateName);
}
/**
* Dictionary of string key-value pairs of columns to be attached to the alert
*
*/
@Export(name="customDetails", refs={Map.class,String.class}, tree="[0,1,1]")
private Output> customDetails;
/**
* @return Dictionary of string key-value pairs of columns to be attached to the alert
*
*/
public Output>> customDetails() {
return Codegen.optional(this.customDetails);
}
/**
* The description of the alert rule.
*
*/
@Export(name="description", refs={String.class}, tree="[0]")
private Output description;
/**
* @return The description of the alert rule.
*
*/
public Output> description() {
return Codegen.optional(this.description);
}
/**
* The display name for alerts created by this alert rule.
*
*/
@Export(name="displayName", refs={String.class}, tree="[0]")
private Output displayName;
/**
* @return The display name for alerts created by this alert rule.
*
*/
public Output displayName() {
return this.displayName;
}
/**
* Determines whether this alert rule is enabled or disabled.
*
*/
@Export(name="enabled", refs={Boolean.class}, tree="[0]")
private Output enabled;
/**
* @return Determines whether this alert rule is enabled or disabled.
*
*/
public Output enabled() {
return this.enabled;
}
/**
* Array of the entity mappings of the alert rule
*
*/
@Export(name="entityMappings", refs={List.class,EntityMappingResponse.class}, tree="[0,1]")
private Output> entityMappings;
/**
* @return Array of the entity mappings of the alert rule
*
*/
public Output>> entityMappings() {
return Codegen.optional(this.entityMappings);
}
/**
* Etag of the azure resource
*
*/
@Export(name="etag", refs={String.class}, tree="[0]")
private Output etag;
/**
* @return Etag of the azure resource
*
*/
public Output> etag() {
return Codegen.optional(this.etag);
}
/**
* The event grouping settings.
*
*/
@Export(name="eventGroupingSettings", refs={EventGroupingSettingsResponse.class}, tree="[0]")
private Output eventGroupingSettings;
/**
* @return The event grouping settings.
*
*/
public Output> eventGroupingSettings() {
return Codegen.optional(this.eventGroupingSettings);
}
/**
* The settings of the incidents that created from alerts triggered by this analytics rule
*
*/
@Export(name="incidentConfiguration", refs={IncidentConfigurationResponse.class}, tree="[0]")
private Output incidentConfiguration;
/**
* @return The settings of the incidents that created from alerts triggered by this analytics rule
*
*/
public Output> incidentConfiguration() {
return Codegen.optional(this.incidentConfiguration);
}
/**
* The kind of the alert rule
* Expected value is 'Scheduled'.
*
*/
@Export(name="kind", refs={String.class}, tree="[0]")
private Output kind;
/**
* @return The kind of the alert rule
* Expected value is 'Scheduled'.
*
*/
public Output kind() {
return this.kind;
}
/**
* The last time that this alert rule has been modified.
*
*/
@Export(name="lastModifiedUtc", refs={String.class}, tree="[0]")
private Output lastModifiedUtc;
/**
* @return The last time that this alert rule has been modified.
*
*/
public Output lastModifiedUtc() {
return this.lastModifiedUtc;
}
/**
* The name of the resource
*
*/
@Export(name="name", refs={String.class}, tree="[0]")
private Output name;
/**
* @return The name of the resource
*
*/
public Output name() {
return this.name;
}
/**
* The query that creates alerts for this rule.
*
*/
@Export(name="query", refs={String.class}, tree="[0]")
private Output query;
/**
* @return The query that creates alerts for this rule.
*
*/
public Output query() {
return this.query;
}
/**
* The frequency (in ISO 8601 duration format) for this alert rule to run.
*
*/
@Export(name="queryFrequency", refs={String.class}, tree="[0]")
private Output queryFrequency;
/**
* @return The frequency (in ISO 8601 duration format) for this alert rule to run.
*
*/
public Output queryFrequency() {
return this.queryFrequency;
}
/**
* The period (in ISO 8601 duration format) that this alert rule looks at.
*
*/
@Export(name="queryPeriod", refs={String.class}, tree="[0]")
private Output queryPeriod;
/**
* @return The period (in ISO 8601 duration format) that this alert rule looks at.
*
*/
public Output queryPeriod() {
return this.queryPeriod;
}
/**
* The severity for alerts created by this alert rule.
*
*/
@Export(name="severity", refs={String.class}, tree="[0]")
private Output severity;
/**
* @return The severity for alerts created by this alert rule.
*
*/
public Output severity() {
return this.severity;
}
/**
* The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
*
*/
@Export(name="suppressionDuration", refs={String.class}, tree="[0]")
private Output suppressionDuration;
/**
* @return The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
*
*/
public Output suppressionDuration() {
return this.suppressionDuration;
}
/**
* Determines whether the suppression for this alert rule is enabled or disabled.
*
*/
@Export(name="suppressionEnabled", refs={Boolean.class}, tree="[0]")
private Output suppressionEnabled;
/**
* @return Determines whether the suppression for this alert rule is enabled or disabled.
*
*/
public Output suppressionEnabled() {
return this.suppressionEnabled;
}
/**
* Azure Resource Manager metadata containing createdBy and modifiedBy information.
*
*/
@Export(name="systemData", refs={SystemDataResponse.class}, tree="[0]")
private Output systemData;
/**
* @return Azure Resource Manager metadata containing createdBy and modifiedBy information.
*
*/
public Output systemData() {
return this.systemData;
}
/**
* The tactics of the alert rule
*
*/
@Export(name="tactics", refs={List.class,String.class}, tree="[0,1]")
private Output> tactics;
/**
* @return The tactics of the alert rule
*
*/
public Output>> tactics() {
return Codegen.optional(this.tactics);
}
/**
* The techniques of the alert rule
*
*/
@Export(name="techniques", refs={List.class,String.class}, tree="[0,1]")
private Output> techniques;
/**
* @return The techniques of the alert rule
*
*/
public Output>> techniques() {
return Codegen.optional(this.techniques);
}
/**
* The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
*
*/
@Export(name="templateVersion", refs={String.class}, tree="[0]")
private Output templateVersion;
/**
* @return The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
*
*/
public Output> templateVersion() {
return Codegen.optional(this.templateVersion);
}
/**
* The operation against the threshold that triggers alert rule.
*
*/
@Export(name="triggerOperator", refs={String.class}, tree="[0]")
private Output triggerOperator;
/**
* @return The operation against the threshold that triggers alert rule.
*
*/
public Output triggerOperator() {
return this.triggerOperator;
}
/**
* The threshold triggers this alert rule.
*
*/
@Export(name="triggerThreshold", refs={Integer.class}, tree="[0]")
private Output triggerThreshold;
/**
* @return The threshold triggers this alert rule.
*
*/
public Output triggerThreshold() {
return this.triggerThreshold;
}
/**
* The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
*
*/
@Export(name="type", refs={String.class}, tree="[0]")
private Output type;
/**
* @return The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
*
*/
public Output type() {
return this.type;
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public ScheduledAlertRule(java.lang.String name) {
this(name, ScheduledAlertRuleArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public ScheduledAlertRule(java.lang.String name, ScheduledAlertRuleArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public ScheduledAlertRule(java.lang.String name, ScheduledAlertRuleArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure-native:securityinsights:ScheduledAlertRule", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
}
private ScheduledAlertRule(java.lang.String name, Output id, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure-native:securityinsights:ScheduledAlertRule", name, null, makeResourceOptions(options, id), false);
}
private static ScheduledAlertRuleArgs makeArgs(ScheduledAlertRuleArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
if (options != null && options.getUrn().isPresent()) {
return null;
}
var builder = args == null ? ScheduledAlertRuleArgs.builder() : ScheduledAlertRuleArgs.builder(args);
return builder
.kind("Scheduled")
.build();
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.aliases(List.of(
Output.of(Alias.builder().type("azure-native:securityinsights/v20190101preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20200101:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20210301preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20210901preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20211001:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20211001preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220101preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220401preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220501preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220601preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220701preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220801:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220801preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220901preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20221001preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20221101:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20221101preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20221201preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230201:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230201preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230301preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230401preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230501preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230601preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230701preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230801preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230901preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20231001preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20231101:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20231201preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20240101preview:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20240301:ScheduledAlertRule").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20240401preview:ScheduledAlertRule").build())
))
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static ScheduledAlertRule get(java.lang.String name, Output id, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new ScheduledAlertRule(name, id, options);
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy