com.pulumi.azure.sentinel.AlertRuleNrt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure Show documentation
Show all versions of azure Show documentation
A Pulumi package for creating and managing Microsoft Azure cloud resources, based on the Terraform azurerm provider. We recommend using the [Azure Native provider](https://github.com/pulumi/pulumi-azure-native) to provision Azure infrastructure. Azure Native provides complete coverage of Azure resources and same-day access to new resources and resource updates.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azure.sentinel;
import com.pulumi.azure.Utilities;
import com.pulumi.azure.sentinel.AlertRuleNrtArgs;
import com.pulumi.azure.sentinel.inputs.AlertRuleNrtState;
import com.pulumi.azure.sentinel.outputs.AlertRuleNrtAlertDetailsOverride;
import com.pulumi.azure.sentinel.outputs.AlertRuleNrtEntityMapping;
import com.pulumi.azure.sentinel.outputs.AlertRuleNrtEventGrouping;
import com.pulumi.azure.sentinel.outputs.AlertRuleNrtIncident;
import com.pulumi.azure.sentinel.outputs.AlertRuleNrtSentinelEntityMapping;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.Boolean;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* Manages a Sentinel NRT Alert Rule.
*
* ## Example Usage
*
* <!--Start PulumiCodeChooser -->
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
* import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
* import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
* import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
* import com.pulumi.azure.sentinel.AlertRuleNrt;
* import com.pulumi.azure.sentinel.AlertRuleNrtArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-resources")
* .location("West Europe")
* .build());
*
* var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
* .name("example-workspace")
* .location(example.location())
* .resourceGroupName(example.name())
* .sku("pergb2018")
* .build());
*
* var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
* .workspaceId(exampleAnalyticsWorkspace.id())
* .build());
*
* var exampleAlertRuleNrt = new AlertRuleNrt("exampleAlertRuleNrt", AlertRuleNrtArgs.builder()
* .name("example")
* .logAnalyticsWorkspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
* .displayName("example")
* .severity("High")
* .query("""
* AzureActivity |
* where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
* where ActivityStatus == "Succeeded" |
* make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
* """)
* .build());
*
* }
* }
* }
*
* <!--End PulumiCodeChooser -->
*
* ## Import
*
* Sentinel NRT Alert Rules can be imported using the `resource id`, e.g.
*
* ```sh
* $ pulumi import azure:sentinel/alertRuleNrt:AlertRuleNrt example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1
* ```
*
*/
@ResourceType(type="azure:sentinel/alertRuleNrt:AlertRuleNrt")
public class AlertRuleNrt extends com.pulumi.resources.CustomResource {
/**
* An `alert_details_override` block as defined below.
*
*/
@Export(name="alertDetailsOverrides", refs={List.class,AlertRuleNrtAlertDetailsOverride.class}, tree="[0,1]")
private Output> alertDetailsOverrides;
/**
* @return An `alert_details_override` block as defined below.
*
*/
public Output>> alertDetailsOverrides() {
return Codegen.optional(this.alertDetailsOverrides);
}
/**
* The GUID of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
*
*/
@Export(name="alertRuleTemplateGuid", refs={String.class}, tree="[0]")
private Output alertRuleTemplateGuid;
/**
* @return The GUID of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
*
*/
public Output> alertRuleTemplateGuid() {
return Codegen.optional(this.alertRuleTemplateGuid);
}
/**
* The version of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
*
*/
@Export(name="alertRuleTemplateVersion", refs={String.class}, tree="[0]")
private Output alertRuleTemplateVersion;
/**
* @return The version of the alert rule template which is used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
*
*/
public Output> alertRuleTemplateVersion() {
return Codegen.optional(this.alertRuleTemplateVersion);
}
/**
* A map of string key-value pairs of columns to be attached to this Sentinel NRT Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
*
*/
@Export(name="customDetails", refs={Map.class,String.class}, tree="[0,1,1]")
private Output> customDetails;
/**
* @return A map of string key-value pairs of columns to be attached to this Sentinel NRT Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
*
*/
public Output>> customDetails() {
return Codegen.optional(this.customDetails);
}
/**
* The description of this Sentinel NRT Alert Rule.
*
*/
@Export(name="description", refs={String.class}, tree="[0]")
private Output description;
/**
* @return The description of this Sentinel NRT Alert Rule.
*
*/
public Output> description() {
return Codegen.optional(this.description);
}
/**
* The friendly name of this Sentinel NRT Alert Rule.
*
*/
@Export(name="displayName", refs={String.class}, tree="[0]")
private Output displayName;
/**
* @return The friendly name of this Sentinel NRT Alert Rule.
*
*/
public Output displayName() {
return this.displayName;
}
/**
* Should the Sentinel NRT Alert Rule be enabled? Defaults to `true`.
*
*/
@Export(name="enabled", refs={Boolean.class}, tree="[0]")
private Output enabled;
/**
* @return Should the Sentinel NRT Alert Rule be enabled? Defaults to `true`.
*
*/
public Output> enabled() {
return Codegen.optional(this.enabled);
}
/**
* A list of `entity_mapping` blocks as defined below.
*
*/
@Export(name="entityMappings", refs={List.class,AlertRuleNrtEntityMapping.class}, tree="[0,1]")
private Output> entityMappings;
/**
* @return A list of `entity_mapping` blocks as defined below.
*
*/
public Output>> entityMappings() {
return Codegen.optional(this.entityMappings);
}
/**
* A `event_grouping` block as defined below.
*
*/
@Export(name="eventGrouping", refs={AlertRuleNrtEventGrouping.class}, tree="[0]")
private Output eventGrouping;
/**
* @return A `event_grouping` block as defined below.
*
*/
public Output eventGrouping() {
return this.eventGrouping;
}
/**
* A `incident` block as defined below.
*
*/
@Export(name="incident", refs={AlertRuleNrtIncident.class}, tree="[0]")
private Output incident;
/**
* @return A `incident` block as defined below.
*
*/
public Output incident() {
return this.incident;
}
/**
* The ID of the Log Analytics Workspace this Sentinel NRT Alert Rule belongs to. Changing this forces a new Sentinel NRT Alert Rule to be created.
*
*/
@Export(name="logAnalyticsWorkspaceId", refs={String.class}, tree="[0]")
private Output logAnalyticsWorkspaceId;
/**
* @return The ID of the Log Analytics Workspace this Sentinel NRT Alert Rule belongs to. Changing this forces a new Sentinel NRT Alert Rule to be created.
*
*/
public Output logAnalyticsWorkspaceId() {
return this.logAnalyticsWorkspaceId;
}
/**
* The name which should be used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
*
*/
@Export(name="name", refs={String.class}, tree="[0]")
private Output name;
/**
* @return The name which should be used for this Sentinel NRT Alert Rule. Changing this forces a new Sentinel NRT Alert Rule to be created.
*
*/
public Output name() {
return this.name;
}
/**
* The query of this Sentinel NRT Alert Rule.
*
*/
@Export(name="query", refs={String.class}, tree="[0]")
private Output query;
/**
* @return The query of this Sentinel NRT Alert Rule.
*
*/
public Output query() {
return this.query;
}
/**
* A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
*/
@Export(name="sentinelEntityMappings", refs={List.class,AlertRuleNrtSentinelEntityMapping.class}, tree="[0,1]")
private Output> sentinelEntityMappings;
/**
* @return A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
*/
public Output>> sentinelEntityMappings() {
return Codegen.optional(this.sentinelEntityMappings);
}
/**
* The alert severity of this Sentinel NRT Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
*
*/
@Export(name="severity", refs={String.class}, tree="[0]")
private Output severity;
/**
* @return The alert severity of this Sentinel NRT Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
*
*/
public Output severity() {
return this.severity;
}
/**
* If `suppression_enabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
*
*/
@Export(name="suppressionDuration", refs={String.class}, tree="[0]")
private Output suppressionDuration;
/**
* @return If `suppression_enabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
*
*/
public Output> suppressionDuration() {
return Codegen.optional(this.suppressionDuration);
}
/**
* Should the Sentinel NRT Alert Rulea stop running query after alert is generated? Defaults to `false`.
*
*/
@Export(name="suppressionEnabled", refs={Boolean.class}, tree="[0]")
private Output suppressionEnabled;
/**
* @return Should the Sentinel NRT Alert Rulea stop running query after alert is generated? Defaults to `false`.
*
*/
public Output> suppressionEnabled() {
return Codegen.optional(this.suppressionEnabled);
}
/**
* A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `ImpairProcessControl`, `InhibitResponseFunction`, `InitialAccess`, `LateralMovement`, `Persistence`, `PreAttack`, `PrivilegeEscalation`, `Reconnaissance` and `ResourceDevelopment`.
*
*/
@Export(name="tactics", refs={List.class,String.class}, tree="[0,1]")
private Output> tactics;
/**
* @return A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `ImpairProcessControl`, `InhibitResponseFunction`, `InitialAccess`, `LateralMovement`, `Persistence`, `PreAttack`, `PrivilegeEscalation`, `Reconnaissance` and `ResourceDevelopment`.
*
*/
public Output>> tactics() {
return Codegen.optional(this.tactics);
}
/**
* A list of techniques of attacks by which to classify the rule.
*
*/
@Export(name="techniques", refs={List.class,String.class}, tree="[0,1]")
private Output> techniques;
/**
* @return A list of techniques of attacks by which to classify the rule.
*
*/
public Output>> techniques() {
return Codegen.optional(this.techniques);
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public AlertRuleNrt(java.lang.String name) {
this(name, AlertRuleNrtArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public AlertRuleNrt(java.lang.String name, AlertRuleNrtArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public AlertRuleNrt(java.lang.String name, AlertRuleNrtArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure:sentinel/alertRuleNrt:AlertRuleNrt", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
}
private AlertRuleNrt(java.lang.String name, Output id, @Nullable AlertRuleNrtState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure:sentinel/alertRuleNrt:AlertRuleNrt", name, state, makeResourceOptions(options, id), false);
}
private static AlertRuleNrtArgs makeArgs(AlertRuleNrtArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
if (options != null && options.getUrn().isPresent()) {
return null;
}
return args == null ? AlertRuleNrtArgs.Empty : args;
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static AlertRuleNrt get(java.lang.String name, Output id, @Nullable AlertRuleNrtState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new AlertRuleNrt(name, id, state, options);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy