Class AlertRuleScheduledArgs
Inherited Members
Namespace: Pulumi.Azure.Sentinel
Assembly: Pulumi.Azure.dll
Syntax
public sealed class AlertRuleScheduledArgs : ResourceArgsConstructors
View SourceAlertRuleScheduledArgs()
Declaration
public AlertRuleScheduledArgs()Properties
View SourceDescription
The description of this Sentinel Scheduled Alert Rule.
Declaration
public Input<string> Description { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
DisplayName
The friendly name of this Sentinel Scheduled Alert Rule.
Declaration
public Input<string> DisplayName { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
Enabled
Should the Sentinel Scheduled Alert Rule be enabled? Defaults to true.
Declaration
public Input<bool> Enabled { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.Boolean> |
LogAnalyticsWorkspaceId
The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
Declaration
public Input<string> LogAnalyticsWorkspaceId { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
Name
The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
Declaration
public Input<string> Name { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
Query
The query of this Sentinel Scheduled Alert Rule.
Declaration
public Input<string> Query { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
QueryFrequency
The ISO 8601 timespan duration between two consecutive queries. Defaults to PT5H.
Declaration
public Input<string> QueryFrequency { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
QueryPeriod
The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to PT5H.
Declaration
public Input<string> QueryPeriod { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
Severity
The alert severity of this Sentinel Scheduled Alert Rule. Possible values are High, Medium, Low and Informational.
Declaration
public Input<string> Severity { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
SuppressionDuration
If suppression_enabled is true, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to PT5H.
Declaration
public Input<string> SuppressionDuration { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
SuppressionEnabled
Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to false.
Declaration
public Input<bool> SuppressionEnabled { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.Boolean> |
Tactics
A list of categories of attacks by which to classify the rule. Possible values are Collection, CommandAndControl, CredentialAccess, DefenseEvasion, Discovery, Execution, Exfiltration, Impact, InitialAccess, LateralMovement, Persistence and PrivilegeEscalation.
Declaration
public InputList<string> Tactics { get; set; }Property Value
| Type | Description |
|---|---|
| InputList<System.String> |
TriggerOperator
The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are Equal, GreaterThan, LessThan, NotEqual.
Declaration
public Input<string> TriggerOperator { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.String> |
TriggerThreshold
The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule.
Declaration
public Input<int> TriggerThreshold { get; set; }Property Value
| Type | Description |
|---|---|
| Input<System.Int32> |