com.pulumi.azure.sentinel.AlertRuleScheduledArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure Show documentation
Show all versions of azure Show documentation
A Pulumi package for creating and managing Microsoft Azure cloud resources, based on the Terraform azurerm provider. We recommend using the [Azure Native provider](https://github.com/pulumi/pulumi-azure-native) to provision Azure infrastructure. Azure Native provides complete coverage of Azure resources and same-day access to new resources and resource updates.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azure.sentinel;
import com.pulumi.azure.sentinel.inputs.AlertRuleScheduledAlertDetailsOverrideArgs;
import com.pulumi.azure.sentinel.inputs.AlertRuleScheduledEntityMappingArgs;
import com.pulumi.azure.sentinel.inputs.AlertRuleScheduledEventGroupingArgs;
import com.pulumi.azure.sentinel.inputs.AlertRuleScheduledIncidentArgs;
import com.pulumi.azure.sentinel.inputs.AlertRuleScheduledSentinelEntityMappingArgs;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.exceptions.MissingRequiredPropertyException;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class AlertRuleScheduledArgs extends com.pulumi.resources.ResourceArgs {
public static final AlertRuleScheduledArgs Empty = new AlertRuleScheduledArgs();
/**
* An `alert_details_override` block as defined below.
*
*/
@Import(name="alertDetailsOverrides")
private @Nullable Output> alertDetailsOverrides;
/**
* @return An `alert_details_override` block as defined below.
*
*/
public Optional>> alertDetailsOverrides() {
return Optional.ofNullable(this.alertDetailsOverrides);
}
/**
* The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
@Import(name="alertRuleTemplateGuid")
private @Nullable Output alertRuleTemplateGuid;
/**
* @return The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
public Optional> alertRuleTemplateGuid() {
return Optional.ofNullable(this.alertRuleTemplateGuid);
}
/**
* The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
*
*/
@Import(name="alertRuleTemplateVersion")
private @Nullable Output alertRuleTemplateVersion;
/**
* @return The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
*
*/
public Optional> alertRuleTemplateVersion() {
return Optional.ofNullable(this.alertRuleTemplateVersion);
}
/**
* A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
*
*/
@Import(name="customDetails")
private @Nullable Output> customDetails;
/**
* @return A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
*
*/
public Optional>> customDetails() {
return Optional.ofNullable(this.customDetails);
}
/**
* The description of this Sentinel Scheduled Alert Rule.
*
*/
@Import(name="description")
private @Nullable Output description;
/**
* @return The description of this Sentinel Scheduled Alert Rule.
*
*/
public Optional> description() {
return Optional.ofNullable(this.description);
}
/**
* The friendly name of this Sentinel Scheduled Alert Rule.
*
*/
@Import(name="displayName", required=true)
private Output displayName;
/**
* @return The friendly name of this Sentinel Scheduled Alert Rule.
*
*/
public Output displayName() {
return this.displayName;
}
/**
* Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
*
*/
@Import(name="enabled")
private @Nullable Output enabled;
/**
* @return Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
*
*/
public Optional> enabled() {
return Optional.ofNullable(this.enabled);
}
/**
* A list of `entity_mapping` blocks as defined below.
*
*/
@Import(name="entityMappings")
private @Nullable Output> entityMappings;
/**
* @return A list of `entity_mapping` blocks as defined below.
*
*/
public Optional>> entityMappings() {
return Optional.ofNullable(this.entityMappings);
}
/**
* A `event_grouping` block as defined below.
*
*/
@Import(name="eventGrouping")
private @Nullable Output eventGrouping;
/**
* @return A `event_grouping` block as defined below.
*
*/
public Optional> eventGrouping() {
return Optional.ofNullable(this.eventGrouping);
}
/**
* A `incident` block as defined below.
*
*/
@Import(name="incident")
private @Nullable Output incident;
/**
* @return A `incident` block as defined below.
*
*/
public Optional> incident() {
return Optional.ofNullable(this.incident);
}
/**
* The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
@Import(name="logAnalyticsWorkspaceId", required=true)
private Output logAnalyticsWorkspaceId;
/**
* @return The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
public Output logAnalyticsWorkspaceId() {
return this.logAnalyticsWorkspaceId;
}
/**
* The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
@Import(name="name")
private @Nullable Output name;
/**
* @return The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
public Optional> name() {
return Optional.ofNullable(this.name);
}
/**
* The query of this Sentinel Scheduled Alert Rule.
*
*/
@Import(name="query", required=true)
private Output query;
/**
* @return The query of this Sentinel Scheduled Alert Rule.
*
*/
public Output query() {
return this.query;
}
/**
* The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
*
*/
@Import(name="queryFrequency")
private @Nullable Output queryFrequency;
/**
* @return The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
*
*/
public Optional> queryFrequency() {
return Optional.ofNullable(this.queryFrequency);
}
/**
* The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
*
* > **NOTE** `query_period` must larger than or equal to `query_frequency`, which ensures there is no gaps in the overall query coverage.
*
*/
@Import(name="queryPeriod")
private @Nullable Output queryPeriod;
/**
* @return The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
*
* > **NOTE** `query_period` must larger than or equal to `query_frequency`, which ensures there is no gaps in the overall query coverage.
*
*/
public Optional> queryPeriod() {
return Optional.ofNullable(this.queryPeriod);
}
/**
* A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
*/
@Import(name="sentinelEntityMappings")
private @Nullable Output> sentinelEntityMappings;
/**
* @return A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
*/
public Optional>> sentinelEntityMappings() {
return Optional.ofNullable(this.sentinelEntityMappings);
}
/**
* The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
*
*/
@Import(name="severity", required=true)
private Output severity;
/**
* @return The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
*
*/
public Output severity() {
return this.severity;
}
/**
* If `suppression_enabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
*
* > **NOTE** `suppression_duration` must larger than or equal to `query_frequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
*
*/
@Import(name="suppressionDuration")
private @Nullable Output suppressionDuration;
/**
* @return If `suppression_enabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
*
* > **NOTE** `suppression_duration` must larger than or equal to `query_frequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
*
*/
public Optional> suppressionDuration() {
return Optional.ofNullable(this.suppressionDuration);
}
/**
* Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
*
*/
@Import(name="suppressionEnabled")
private @Nullable Output suppressionEnabled;
/**
* @return Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
*
*/
public Optional> suppressionEnabled() {
return Optional.ofNullable(this.suppressionEnabled);
}
/**
* A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
*
*/
@Import(name="tactics")
private @Nullable Output> tactics;
/**
* @return A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
*
*/
public Optional>> tactics() {
return Optional.ofNullable(this.tactics);
}
/**
* A list of techniques of attacks by which to classify the rule.
*
*/
@Import(name="techniques")
private @Nullable Output> techniques;
/**
* @return A list of techniques of attacks by which to classify the rule.
*
*/
public Optional>> techniques() {
return Optional.ofNullable(this.techniques);
}
/**
* The alert trigger operator, combined with `trigger_threshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
*
*/
@Import(name="triggerOperator")
private @Nullable Output triggerOperator;
/**
* @return The alert trigger operator, combined with `trigger_threshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
*
*/
public Optional> triggerOperator() {
return Optional.ofNullable(this.triggerOperator);
}
/**
* The baseline number of query results generated, combined with `trigger_operator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
*
*/
@Import(name="triggerThreshold")
private @Nullable Output triggerThreshold;
/**
* @return The baseline number of query results generated, combined with `trigger_operator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
*
*/
public Optional> triggerThreshold() {
return Optional.ofNullable(this.triggerThreshold);
}
private AlertRuleScheduledArgs() {}
private AlertRuleScheduledArgs(AlertRuleScheduledArgs $) {
this.alertDetailsOverrides = $.alertDetailsOverrides;
this.alertRuleTemplateGuid = $.alertRuleTemplateGuid;
this.alertRuleTemplateVersion = $.alertRuleTemplateVersion;
this.customDetails = $.customDetails;
this.description = $.description;
this.displayName = $.displayName;
this.enabled = $.enabled;
this.entityMappings = $.entityMappings;
this.eventGrouping = $.eventGrouping;
this.incident = $.incident;
this.logAnalyticsWorkspaceId = $.logAnalyticsWorkspaceId;
this.name = $.name;
this.query = $.query;
this.queryFrequency = $.queryFrequency;
this.queryPeriod = $.queryPeriod;
this.sentinelEntityMappings = $.sentinelEntityMappings;
this.severity = $.severity;
this.suppressionDuration = $.suppressionDuration;
this.suppressionEnabled = $.suppressionEnabled;
this.tactics = $.tactics;
this.techniques = $.techniques;
this.triggerOperator = $.triggerOperator;
this.triggerThreshold = $.triggerThreshold;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(AlertRuleScheduledArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private AlertRuleScheduledArgs $;
public Builder() {
$ = new AlertRuleScheduledArgs();
}
public Builder(AlertRuleScheduledArgs defaults) {
$ = new AlertRuleScheduledArgs(Objects.requireNonNull(defaults));
}
/**
* @param alertDetailsOverrides An `alert_details_override` block as defined below.
*
* @return builder
*
*/
public Builder alertDetailsOverrides(@Nullable Output> alertDetailsOverrides) {
$.alertDetailsOverrides = alertDetailsOverrides;
return this;
}
/**
* @param alertDetailsOverrides An `alert_details_override` block as defined below.
*
* @return builder
*
*/
public Builder alertDetailsOverrides(List alertDetailsOverrides) {
return alertDetailsOverrides(Output.of(alertDetailsOverrides));
}
/**
* @param alertDetailsOverrides An `alert_details_override` block as defined below.
*
* @return builder
*
*/
public Builder alertDetailsOverrides(AlertRuleScheduledAlertDetailsOverrideArgs... alertDetailsOverrides) {
return alertDetailsOverrides(List.of(alertDetailsOverrides));
}
/**
* @param alertRuleTemplateGuid The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
* @return builder
*
*/
public Builder alertRuleTemplateGuid(@Nullable Output alertRuleTemplateGuid) {
$.alertRuleTemplateGuid = alertRuleTemplateGuid;
return this;
}
/**
* @param alertRuleTemplateGuid The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
* @return builder
*
*/
public Builder alertRuleTemplateGuid(String alertRuleTemplateGuid) {
return alertRuleTemplateGuid(Output.of(alertRuleTemplateGuid));
}
/**
* @param alertRuleTemplateVersion The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
*
* @return builder
*
*/
public Builder alertRuleTemplateVersion(@Nullable Output alertRuleTemplateVersion) {
$.alertRuleTemplateVersion = alertRuleTemplateVersion;
return this;
}
/**
* @param alertRuleTemplateVersion The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
*
* @return builder
*
*/
public Builder alertRuleTemplateVersion(String alertRuleTemplateVersion) {
return alertRuleTemplateVersion(Output.of(alertRuleTemplateVersion));
}
/**
* @param customDetails A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
*
* @return builder
*
*/
public Builder customDetails(@Nullable Output> customDetails) {
$.customDetails = customDetails;
return this;
}
/**
* @param customDetails A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
*
* @return builder
*
*/
public Builder customDetails(Map customDetails) {
return customDetails(Output.of(customDetails));
}
/**
* @param description The description of this Sentinel Scheduled Alert Rule.
*
* @return builder
*
*/
public Builder description(@Nullable Output description) {
$.description = description;
return this;
}
/**
* @param description The description of this Sentinel Scheduled Alert Rule.
*
* @return builder
*
*/
public Builder description(String description) {
return description(Output.of(description));
}
/**
* @param displayName The friendly name of this Sentinel Scheduled Alert Rule.
*
* @return builder
*
*/
public Builder displayName(Output displayName) {
$.displayName = displayName;
return this;
}
/**
* @param displayName The friendly name of this Sentinel Scheduled Alert Rule.
*
* @return builder
*
*/
public Builder displayName(String displayName) {
return displayName(Output.of(displayName));
}
/**
* @param enabled Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
*
* @return builder
*
*/
public Builder enabled(@Nullable Output enabled) {
$.enabled = enabled;
return this;
}
/**
* @param enabled Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
*
* @return builder
*
*/
public Builder enabled(Boolean enabled) {
return enabled(Output.of(enabled));
}
/**
* @param entityMappings A list of `entity_mapping` blocks as defined below.
*
* @return builder
*
*/
public Builder entityMappings(@Nullable Output> entityMappings) {
$.entityMappings = entityMappings;
return this;
}
/**
* @param entityMappings A list of `entity_mapping` blocks as defined below.
*
* @return builder
*
*/
public Builder entityMappings(List entityMappings) {
return entityMappings(Output.of(entityMappings));
}
/**
* @param entityMappings A list of `entity_mapping` blocks as defined below.
*
* @return builder
*
*/
public Builder entityMappings(AlertRuleScheduledEntityMappingArgs... entityMappings) {
return entityMappings(List.of(entityMappings));
}
/**
* @param eventGrouping A `event_grouping` block as defined below.
*
* @return builder
*
*/
public Builder eventGrouping(@Nullable Output eventGrouping) {
$.eventGrouping = eventGrouping;
return this;
}
/**
* @param eventGrouping A `event_grouping` block as defined below.
*
* @return builder
*
*/
public Builder eventGrouping(AlertRuleScheduledEventGroupingArgs eventGrouping) {
return eventGrouping(Output.of(eventGrouping));
}
/**
* @param incident A `incident` block as defined below.
*
* @return builder
*
*/
public Builder incident(@Nullable Output incident) {
$.incident = incident;
return this;
}
/**
* @param incident A `incident` block as defined below.
*
* @return builder
*
*/
public Builder incident(AlertRuleScheduledIncidentArgs incident) {
return incident(Output.of(incident));
}
/**
* @param logAnalyticsWorkspaceId The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
* @return builder
*
*/
public Builder logAnalyticsWorkspaceId(Output logAnalyticsWorkspaceId) {
$.logAnalyticsWorkspaceId = logAnalyticsWorkspaceId;
return this;
}
/**
* @param logAnalyticsWorkspaceId The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
* @return builder
*
*/
public Builder logAnalyticsWorkspaceId(String logAnalyticsWorkspaceId) {
return logAnalyticsWorkspaceId(Output.of(logAnalyticsWorkspaceId));
}
/**
* @param name The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
* @return builder
*
*/
public Builder name(@Nullable Output name) {
$.name = name;
return this;
}
/**
* @param name The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
* @return builder
*
*/
public Builder name(String name) {
return name(Output.of(name));
}
/**
* @param query The query of this Sentinel Scheduled Alert Rule.
*
* @return builder
*
*/
public Builder query(Output query) {
$.query = query;
return this;
}
/**
* @param query The query of this Sentinel Scheduled Alert Rule.
*
* @return builder
*
*/
public Builder query(String query) {
return query(Output.of(query));
}
/**
* @param queryFrequency The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
*
* @return builder
*
*/
public Builder queryFrequency(@Nullable Output queryFrequency) {
$.queryFrequency = queryFrequency;
return this;
}
/**
* @param queryFrequency The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
*
* @return builder
*
*/
public Builder queryFrequency(String queryFrequency) {
return queryFrequency(Output.of(queryFrequency));
}
/**
* @param queryPeriod The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
*
* > **NOTE** `query_period` must larger than or equal to `query_frequency`, which ensures there is no gaps in the overall query coverage.
*
* @return builder
*
*/
public Builder queryPeriod(@Nullable Output queryPeriod) {
$.queryPeriod = queryPeriod;
return this;
}
/**
* @param queryPeriod The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
*
* > **NOTE** `query_period` must larger than or equal to `query_frequency`, which ensures there is no gaps in the overall query coverage.
*
* @return builder
*
*/
public Builder queryPeriod(String queryPeriod) {
return queryPeriod(Output.of(queryPeriod));
}
/**
* @param sentinelEntityMappings A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
* @return builder
*
*/
public Builder sentinelEntityMappings(@Nullable Output> sentinelEntityMappings) {
$.sentinelEntityMappings = sentinelEntityMappings;
return this;
}
/**
* @param sentinelEntityMappings A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
* @return builder
*
*/
public Builder sentinelEntityMappings(List sentinelEntityMappings) {
return sentinelEntityMappings(Output.of(sentinelEntityMappings));
}
/**
* @param sentinelEntityMappings A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
* @return builder
*
*/
public Builder sentinelEntityMappings(AlertRuleScheduledSentinelEntityMappingArgs... sentinelEntityMappings) {
return sentinelEntityMappings(List.of(sentinelEntityMappings));
}
/**
* @param severity The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
*
* @return builder
*
*/
public Builder severity(Output severity) {
$.severity = severity;
return this;
}
/**
* @param severity The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
*
* @return builder
*
*/
public Builder severity(String severity) {
return severity(Output.of(severity));
}
/**
* @param suppressionDuration If `suppression_enabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
*
* > **NOTE** `suppression_duration` must larger than or equal to `query_frequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
*
* @return builder
*
*/
public Builder suppressionDuration(@Nullable Output suppressionDuration) {
$.suppressionDuration = suppressionDuration;
return this;
}
/**
* @param suppressionDuration If `suppression_enabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
*
* > **NOTE** `suppression_duration` must larger than or equal to `query_frequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
*
* @return builder
*
*/
public Builder suppressionDuration(String suppressionDuration) {
return suppressionDuration(Output.of(suppressionDuration));
}
/**
* @param suppressionEnabled Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
*
* @return builder
*
*/
public Builder suppressionEnabled(@Nullable Output suppressionEnabled) {
$.suppressionEnabled = suppressionEnabled;
return this;
}
/**
* @param suppressionEnabled Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
*
* @return builder
*
*/
public Builder suppressionEnabled(Boolean suppressionEnabled) {
return suppressionEnabled(Output.of(suppressionEnabled));
}
/**
* @param tactics A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
*
* @return builder
*
*/
public Builder tactics(@Nullable Output> tactics) {
$.tactics = tactics;
return this;
}
/**
* @param tactics A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
*
* @return builder
*
*/
public Builder tactics(List tactics) {
return tactics(Output.of(tactics));
}
/**
* @param tactics A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
*
* @return builder
*
*/
public Builder tactics(String... tactics) {
return tactics(List.of(tactics));
}
/**
* @param techniques A list of techniques of attacks by which to classify the rule.
*
* @return builder
*
*/
public Builder techniques(@Nullable Output> techniques) {
$.techniques = techniques;
return this;
}
/**
* @param techniques A list of techniques of attacks by which to classify the rule.
*
* @return builder
*
*/
public Builder techniques(List techniques) {
return techniques(Output.of(techniques));
}
/**
* @param techniques A list of techniques of attacks by which to classify the rule.
*
* @return builder
*
*/
public Builder techniques(String... techniques) {
return techniques(List.of(techniques));
}
/**
* @param triggerOperator The alert trigger operator, combined with `trigger_threshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
*
* @return builder
*
*/
public Builder triggerOperator(@Nullable Output triggerOperator) {
$.triggerOperator = triggerOperator;
return this;
}
/**
* @param triggerOperator The alert trigger operator, combined with `trigger_threshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
*
* @return builder
*
*/
public Builder triggerOperator(String triggerOperator) {
return triggerOperator(Output.of(triggerOperator));
}
/**
* @param triggerThreshold The baseline number of query results generated, combined with `trigger_operator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
*
* @return builder
*
*/
public Builder triggerThreshold(@Nullable Output triggerThreshold) {
$.triggerThreshold = triggerThreshold;
return this;
}
/**
* @param triggerThreshold The baseline number of query results generated, combined with `trigger_operator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
*
* @return builder
*
*/
public Builder triggerThreshold(Integer triggerThreshold) {
return triggerThreshold(Output.of(triggerThreshold));
}
public AlertRuleScheduledArgs build() {
if ($.displayName == null) {
throw new MissingRequiredPropertyException("AlertRuleScheduledArgs", "displayName");
}
if ($.logAnalyticsWorkspaceId == null) {
throw new MissingRequiredPropertyException("AlertRuleScheduledArgs", "logAnalyticsWorkspaceId");
}
if ($.query == null) {
throw new MissingRequiredPropertyException("AlertRuleScheduledArgs", "query");
}
if ($.severity == null) {
throw new MissingRequiredPropertyException("AlertRuleScheduledArgs", "severity");
}
return $;
}
}
}