Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azure.sentinel;
import com.pulumi.azure.Utilities;
import com.pulumi.azure.sentinel.AlertRuleScheduledArgs;
import com.pulumi.azure.sentinel.inputs.AlertRuleScheduledState;
import com.pulumi.azure.sentinel.outputs.AlertRuleScheduledAlertDetailsOverride;
import com.pulumi.azure.sentinel.outputs.AlertRuleScheduledEntityMapping;
import com.pulumi.azure.sentinel.outputs.AlertRuleScheduledEventGrouping;
import com.pulumi.azure.sentinel.outputs.AlertRuleScheduledIncident;
import com.pulumi.azure.sentinel.outputs.AlertRuleScheduledSentinelEntityMapping;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* Manages a Sentinel Scheduled Alert Rule.
*
* ## Example Usage
*
* <!--Start PulumiCodeChooser -->
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
* import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
* import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
* import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
* import com.pulumi.azure.sentinel.AlertRuleScheduled;
* import com.pulumi.azure.sentinel.AlertRuleScheduledArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var example = new ResourceGroup("example", ResourceGroupArgs.builder()
* .name("example-resources")
* .location("West Europe")
* .build());
*
* var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
* .name("example-workspace")
* .location(example.location())
* .resourceGroupName(example.name())
* .sku("PerGB2018")
* .build());
*
* var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
* .workspaceId(exampleAnalyticsWorkspace.id())
* .build());
*
* var exampleAlertRuleScheduled = new AlertRuleScheduled("exampleAlertRuleScheduled", AlertRuleScheduledArgs.builder()
* .name("example")
* .logAnalyticsWorkspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
* .displayName("example")
* .severity("High")
* .query("""
* AzureActivity |
* where OperationName == "Create or Update Virtual Machine" or OperationName =="Create Deployment" |
* where ActivityStatus == "Succeeded" |
* make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
* """)
* .build());
*
* }
* }
* }
*
* <!--End PulumiCodeChooser -->
*
* ## Import
*
* Sentinel Scheduled Alert Rules can be imported using the `resource id`, e.g.
*
* ```sh
* $ pulumi import azure:sentinel/alertRuleScheduled:AlertRuleScheduled example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1
* ```
*
*/
@ResourceType(type="azure:sentinel/alertRuleScheduled:AlertRuleScheduled")
public class AlertRuleScheduled extends com.pulumi.resources.CustomResource {
/**
* An `alert_details_override` block as defined below.
*
*/
@Export(name="alertDetailsOverrides", refs={List.class,AlertRuleScheduledAlertDetailsOverride.class}, tree="[0,1]")
private Output> alertDetailsOverrides;
/**
* @return An `alert_details_override` block as defined below.
*
*/
public Output>> alertDetailsOverrides() {
return Codegen.optional(this.alertDetailsOverrides);
}
/**
* The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
@Export(name="alertRuleTemplateGuid", refs={String.class}, tree="[0]")
private Output alertRuleTemplateGuid;
/**
* @return The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
public Output> alertRuleTemplateGuid() {
return Codegen.optional(this.alertRuleTemplateGuid);
}
/**
* The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
*
*/
@Export(name="alertRuleTemplateVersion", refs={String.class}, tree="[0]")
private Output alertRuleTemplateVersion;
/**
* @return The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule.
*
*/
public Output> alertRuleTemplateVersion() {
return Codegen.optional(this.alertRuleTemplateVersion);
}
/**
* A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
*
*/
@Export(name="customDetails", refs={Map.class,String.class}, tree="[0,1,1]")
private Output> customDetails;
/**
* @return A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
*
*/
public Output>> customDetails() {
return Codegen.optional(this.customDetails);
}
/**
* The description of this Sentinel Scheduled Alert Rule.
*
*/
@Export(name="description", refs={String.class}, tree="[0]")
private Output description;
/**
* @return The description of this Sentinel Scheduled Alert Rule.
*
*/
public Output> description() {
return Codegen.optional(this.description);
}
/**
* The friendly name of this Sentinel Scheduled Alert Rule.
*
*/
@Export(name="displayName", refs={String.class}, tree="[0]")
private Output displayName;
/**
* @return The friendly name of this Sentinel Scheduled Alert Rule.
*
*/
public Output displayName() {
return this.displayName;
}
/**
* Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
*
*/
@Export(name="enabled", refs={Boolean.class}, tree="[0]")
private Output enabled;
/**
* @return Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
*
*/
public Output> enabled() {
return Codegen.optional(this.enabled);
}
/**
* A list of `entity_mapping` blocks as defined below.
*
*/
@Export(name="entityMappings", refs={List.class,AlertRuleScheduledEntityMapping.class}, tree="[0,1]")
private Output> entityMappings;
/**
* @return A list of `entity_mapping` blocks as defined below.
*
*/
public Output>> entityMappings() {
return Codegen.optional(this.entityMappings);
}
/**
* A `event_grouping` block as defined below.
*
*/
@Export(name="eventGrouping", refs={AlertRuleScheduledEventGrouping.class}, tree="[0]")
private Output eventGrouping;
/**
* @return A `event_grouping` block as defined below.
*
*/
public Output> eventGrouping() {
return Codegen.optional(this.eventGrouping);
}
/**
* A `incident` block as defined below.
*
*/
@Export(name="incident", refs={AlertRuleScheduledIncident.class}, tree="[0]")
private Output incident;
/**
* @return A `incident` block as defined below.
*
*/
public Output incident() {
return this.incident;
}
/**
* The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
@Export(name="logAnalyticsWorkspaceId", refs={String.class}, tree="[0]")
private Output logAnalyticsWorkspaceId;
/**
* @return The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
public Output logAnalyticsWorkspaceId() {
return this.logAnalyticsWorkspaceId;
}
/**
* The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
@Export(name="name", refs={String.class}, tree="[0]")
private Output name;
/**
* @return The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
*
*/
public Output name() {
return this.name;
}
/**
* The query of this Sentinel Scheduled Alert Rule.
*
*/
@Export(name="query", refs={String.class}, tree="[0]")
private Output query;
/**
* @return The query of this Sentinel Scheduled Alert Rule.
*
*/
public Output query() {
return this.query;
}
/**
* The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
*
*/
@Export(name="queryFrequency", refs={String.class}, tree="[0]")
private Output queryFrequency;
/**
* @return The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
*
*/
public Output> queryFrequency() {
return Codegen.optional(this.queryFrequency);
}
/**
* The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
*
* > **NOTE** `query_period` must larger than or equal to `query_frequency`, which ensures there is no gaps in the overall query coverage.
*
*/
@Export(name="queryPeriod", refs={String.class}, tree="[0]")
private Output queryPeriod;
/**
* @return The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
*
* > **NOTE** `query_period` must larger than or equal to `query_frequency`, which ensures there is no gaps in the overall query coverage.
*
*/
public Output> queryPeriod() {
return Codegen.optional(this.queryPeriod);
}
/**
* A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
*/
@Export(name="sentinelEntityMappings", refs={List.class,AlertRuleScheduledSentinelEntityMapping.class}, tree="[0,1]")
private Output> sentinelEntityMappings;
/**
* @return A list of `sentinel_entity_mapping` blocks as defined below.
*
* > **NOTE:** `entity_mapping` and `sentinel_entity_mapping` together can't exceed 5.
*
*/
public Output>> sentinelEntityMappings() {
return Codegen.optional(this.sentinelEntityMappings);
}
/**
* The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
*
*/
@Export(name="severity", refs={String.class}, tree="[0]")
private Output severity;
/**
* @return The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
*
*/
public Output severity() {
return this.severity;
}
/**
* If `suppression_enabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
*
* > **NOTE** `suppression_duration` must larger than or equal to `query_frequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
*
*/
@Export(name="suppressionDuration", refs={String.class}, tree="[0]")
private Output suppressionDuration;
/**
* @return If `suppression_enabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
*
* > **NOTE** `suppression_duration` must larger than or equal to `query_frequency`, otherwise the suppression has no actual effect since no query will happen during the suppression duration.
*
*/
public Output> suppressionDuration() {
return Codegen.optional(this.suppressionDuration);
}
/**
* Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
*
*/
@Export(name="suppressionEnabled", refs={Boolean.class}, tree="[0]")
private Output suppressionEnabled;
/**
* @return Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
*
*/
public Output> suppressionEnabled() {
return Codegen.optional(this.suppressionEnabled);
}
/**
* A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
*
*/
@Export(name="tactics", refs={List.class,String.class}, tree="[0,1]")
private Output> tactics;
/**
* @return A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `ImpairProcessControl`, `InhibitResponseFunction`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence`, `PrivilegeEscalation`, `PreAttack`, `Reconnaissance` and `ResourceDevelopment`.
*
*/
public Output>> tactics() {
return Codegen.optional(this.tactics);
}
/**
* A list of techniques of attacks by which to classify the rule.
*
*/
@Export(name="techniques", refs={List.class,String.class}, tree="[0,1]")
private Output> techniques;
/**
* @return A list of techniques of attacks by which to classify the rule.
*
*/
public Output>> techniques() {
return Codegen.optional(this.techniques);
}
/**
* The alert trigger operator, combined with `trigger_threshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
*
*/
@Export(name="triggerOperator", refs={String.class}, tree="[0]")
private Output triggerOperator;
/**
* @return The alert trigger operator, combined with `trigger_threshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`. Defaults to `GreaterThan`.
*
*/
public Output> triggerOperator() {
return Codegen.optional(this.triggerOperator);
}
/**
* The baseline number of query results generated, combined with `trigger_operator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
*
*/
@Export(name="triggerThreshold", refs={Integer.class}, tree="[0]")
private Output triggerThreshold;
/**
* @return The baseline number of query results generated, combined with `trigger_operator`, setting alert threshold of this Sentinel Scheduled Alert Rule. Defaults to `0`.
*
*/
public Output> triggerThreshold() {
return Codegen.optional(this.triggerThreshold);
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public AlertRuleScheduled(java.lang.String name) {
this(name, AlertRuleScheduledArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public AlertRuleScheduled(java.lang.String name, AlertRuleScheduledArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public AlertRuleScheduled(java.lang.String name, AlertRuleScheduledArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure:sentinel/alertRuleScheduled:AlertRuleScheduled", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
}
private AlertRuleScheduled(java.lang.String name, Output id, @Nullable AlertRuleScheduledState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure:sentinel/alertRuleScheduled:AlertRuleScheduled", name, state, makeResourceOptions(options, id), false);
}
private static AlertRuleScheduledArgs makeArgs(AlertRuleScheduledArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
if (options != null && options.getUrn().isPresent()) {
return null;
}
return args == null ? AlertRuleScheduledArgs.Empty : args;
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static AlertRuleScheduled get(java.lang.String name, Output id, @Nullable AlertRuleScheduledState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new AlertRuleScheduled(name, id, state, options);
}
}
