Class AlertRuleScheduled

Manages a Sentinel Scheduled Alert Rule.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
public MyStack()
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
    {
        Location = "West Europe",
    });
    var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("exampleAnalyticsWorkspace", new Azure.OperationalInsights.AnalyticsWorkspaceArgs
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        Sku = "pergb2018",
    });
    var exampleAlertRuleScheduled = new Azure.Sentinel.AlertRuleScheduled("exampleAlertRuleScheduled", new Azure.Sentinel.AlertRuleScheduledArgs
    {
        LogAnalyticsWorkspaceId = exampleAnalyticsWorkspace.Id,
        DisplayName = "example",
        Severity = "High",
        Query = @"AzureActivity |
where OperationName == ""Create or Update Virtual Machine"" or OperationName ==""Create Deployment"" |
where ActivityStatus == ""Succeeded"" |
make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller
",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
AlertRuleScheduled
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Azure.Sentinel
Assembly: Pulumi.Azure.dll
Syntax
public class AlertRuleScheduled : CustomResource

Constructors

View Source

AlertRuleScheduled(String, AlertRuleScheduledArgs, CustomResourceOptions)

Create a AlertRuleScheduled resource with the given unique name, arguments, and options.

Declaration
public AlertRuleScheduled(string name, AlertRuleScheduledArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
AlertRuleScheduledArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Description

The description of this Sentinel Scheduled Alert Rule.

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

DisplayName

The friendly name of this Sentinel Scheduled Alert Rule.

Declaration
public Output<string> DisplayName { get; }
Property Value
Type Description
Output<System.String>
View Source

Enabled

Should the Sentinel Scheduled Alert Rule be enabled? Defaults to true.

Declaration
public Output<bool?> Enabled { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

LogAnalyticsWorkspaceId

The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

Declaration
public Output<string> LogAnalyticsWorkspaceId { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

Query

The query of this Sentinel Scheduled Alert Rule.

Declaration
public Output<string> Query { get; }
Property Value
Type Description
Output<System.String>
View Source

QueryFrequency

The ISO 8601 timespan duration between two consecutive queries. Defaults to PT5H.

Declaration
public Output<string> QueryFrequency { get; }
Property Value
Type Description
Output<System.String>
View Source

QueryPeriod

The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to PT5H.

Declaration
public Output<string> QueryPeriod { get; }
Property Value
Type Description
Output<System.String>
View Source

Severity

The alert severity of this Sentinel Scheduled Alert Rule. Possible values are High, Medium, Low and Informational.

Declaration
public Output<string> Severity { get; }
Property Value
Type Description
Output<System.String>
View Source

SuppressionDuration

If suppression_enabled is true, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to PT5H.

Declaration
public Output<string> SuppressionDuration { get; }
Property Value
Type Description
Output<System.String>
View Source

SuppressionEnabled

Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to false.

Declaration
public Output<bool?> SuppressionEnabled { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Tactics

A list of categories of attacks by which to classify the rule. Possible values are Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence and PrivilegeEscalation.

Declaration
public Output<ImmutableArray<string>> Tactics { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

TriggerOperator

The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are Equal, GreaterThan, LessThan, NotEqual.

Declaration
public Output<string> TriggerOperator { get; }
Property Value
Type Description
Output<System.String>
View Source

TriggerThreshold

The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule.

Declaration
public Output<int?> TriggerThreshold { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>

Methods

View Source

Get(String, Input<String>, AlertRuleScheduledState, CustomResourceOptions)

Get an existing AlertRuleScheduled resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static AlertRuleScheduled Get(string name, Input<string> id, AlertRuleScheduledState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
AlertRuleScheduledState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
AlertRuleScheduled