Microsoft.Insights alertrules 2016-03-01

The alertrules resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

For a list of changed properties in each API version, see change log.

Template format

To create a Microsoft.Insights/alertrules resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.Insights/alertrules@2016-03-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  properties: {
    action: {
      'odata.type': 'string'
      // For remaining properties, see RuleAction objects
    }
    actions: [
      {
        'odata.type': 'string'
        // For remaining properties, see RuleAction objects
      }
    ]
    condition: {
      dataSource: {
        legacyResourceId: 'string'
        metricNamespace: 'string'
        resourceLocation: 'string'
        resourceUri: 'string'
        'odata.type': 'string'
        // For remaining properties, see RuleDataSource objects
      }
      'odata.type': 'string'
      // For remaining properties, see RuleCondition objects
    }
    description: 'string'
    isEnabled: bool
    name: 'string'
    provisioningState: 'string'
  }
}

RuleAction objects

Set the odata.type property to specify the type of object.

For Microsoft.Azure.Management.Insights.Models.RuleEmailAction, use:

  'odata.type': 'Microsoft.Azure.Management.Insights.Models.RuleEmailAction'
  customEmails: [
    'string'
  ]
  sendToServiceOwners: bool

For Microsoft.Azure.Management.Insights.Models.RuleWebhookAction, use:

  'odata.type': 'Microsoft.Azure.Management.Insights.Models.RuleWebhookAction'
  properties: {}
  serviceUri: 'string'

RuleCondition objects

Set the odata.type property to specify the type of object.

For Microsoft.Azure.Management.Insights.Models.LocationThresholdRuleCondition, use:

  'odata.type': 'Microsoft.Azure.Management.Insights.Models.LocationThresholdRuleCondition'
  failedLocationCount: int
  windowSize: 'string'

For Microsoft.Azure.Management.Insights.Models.ManagementEventRuleCondition, use:

  'odata.type': 'Microsoft.Azure.Management.Insights.Models.ManagementEventRuleCondition'
  aggregation: {
    operator: 'string'
    threshold: int
    windowSize: 'string'
  }

For Microsoft.Azure.Management.Insights.Models.ThresholdRuleCondition, use:

  'odata.type': 'Microsoft.Azure.Management.Insights.Models.ThresholdRuleCondition'
  operator: 'string'
  threshold: int
  timeAggregation: 'string'
  windowSize: 'string'

RuleDataSource objects

Set the odata.type property to specify the type of object.

For Microsoft.Azure.Management.Insights.Models.RuleManagementEventDataSource, use:

  'odata.type': 'Microsoft.Azure.Management.Insights.Models.RuleManagementEventDataSource'
  claims: {
    emailAddress: 'string'
  }
  eventName: 'string'
  eventSource: 'string'
  level: 'string'
  operationName: 'string'
  resourceGroupName: 'string'
  resourceProviderName: 'string'
  status: 'string'
  subStatus: 'string'

For Microsoft.Azure.Management.Insights.Models.RuleMetricDataSource, use:

  'odata.type': 'Microsoft.Azure.Management.Insights.Models.RuleMetricDataSource'
  metricName: 'string'

Property values

alertrules

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.Insights/alertrules'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2016-03-01'
name The resource name string (required)
location Resource location string (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
properties The alert rule properties of the resource. AlertRule (required)

AlertRule

Name Description Value
action action that is performed when the alert rule becomes active, and when an alert condition is resolved. RuleAction
actions the array of actions that are performed when the alert rule becomes active, and when an alert condition is resolved. RuleAction[]
condition the condition that results in the alert rule being activated. RuleCondition (required)
description the description of the alert rule that will be included in the alert email. string
isEnabled the flag that indicates whether the alert rule is enabled. bool (required)
name the name of the alert rule. string (required)
provisioningState the provisioning state. string

RuleAction

Name Description Value
odata.type Set the object type Microsoft.Azure.Management.Insights.Models.RuleEmailAction
Microsoft.Azure.Management.Insights.Models.RuleWebhookAction

RuleEmailAction

Name Description Value
odata.type specifies the type of the action. There are two types of actions: RuleEmailAction and RuleWebhookAction. 'Microsoft.Azure.Management.Insights.Models.RuleEmailAction'
customEmails the list of administrator's custom email addresses to notify of the activation of the alert. string[]
sendToServiceOwners Whether the administrators (service and co-administrators) of the service should be notified when the alert is activated. bool

RuleWebhookAction

Name Description Value
odata.type specifies the type of the action. There are two types of actions: RuleEmailAction and RuleWebhookAction. 'Microsoft.Azure.Management.Insights.Models.RuleWebhookAction'
properties the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. object
serviceUri the service uri to Post the notification when the alert activates or resolves. string

RuleCondition

Name Description Value
dataSource the resource from which the rule collects its data. For this type dataSource will always be of type RuleMetricDataSource. RuleDataSource
odata.type Set the object type Microsoft.Azure.Management.Insights.Models.LocationThresholdRuleCondition
Microsoft.Azure.Management.Insights.Models.ManagementEventRuleCondition
Microsoft.Azure.Management.Insights.Models.ThresholdRuleCondition

RuleDataSource

Name Description Value
legacyResourceId the legacy resource identifier of the resource the rule monitors. NOTE: this property cannot be updated for an existing rule. string
metricNamespace the namespace of the metric. string
resourceLocation the location of the resource. string
resourceUri the resource identifier of the resource the rule monitors. NOTE: this property cannot be updated for an existing rule. string
odata.type Set the object type Microsoft.Azure.Management.Insights.Models.RuleManagementEventDataSource
Microsoft.Azure.Management.Insights.Models.RuleMetricDataSource

RuleManagementEventDataSource

Name Description Value
odata.type specifies the type of data source. There are two types of rule data sources: RuleMetricDataSource and RuleManagementEventDataSource 'Microsoft.Azure.Management.Insights.Models.RuleManagementEventDataSource'
claims the claims. RuleManagementEventClaimsDataSource
eventName the event name. string
eventSource the event source. string
level the level. string
operationName The name of the operation that should be checked for. If no name is provided, any operation will match. string
resourceGroupName the resource group name. string
resourceProviderName the resource provider name. string
status The status of the operation that should be checked for. If no status is provided, any status will match. string
subStatus the substatus. string

RuleManagementEventClaimsDataSource

Name Description Value
emailAddress the email address. string

RuleMetricDataSource

Name Description Value
odata.type specifies the type of data source. There are two types of rule data sources: RuleMetricDataSource and RuleManagementEventDataSource 'Microsoft.Azure.Management.Insights.Models.RuleMetricDataSource'
metricName the name of the metric that defines what the rule monitors. string

LocationThresholdRuleCondition

Name Description Value
odata.type specifies the type of condition. This can be one of three types: ManagementEventRuleCondition (occurrences of management events), LocationThresholdRuleCondition (based on the number of failures of a web test), and ThresholdRuleCondition (based on the threshold of a metric). 'Microsoft.Azure.Management.Insights.Models.LocationThresholdRuleCondition'
failedLocationCount the number of locations that must fail to activate the alert. int (required)
windowSize the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. If specified then it must be between 5 minutes and 1 day. string

ManagementEventRuleCondition

Name Description Value
odata.type specifies the type of condition. This can be one of three types: ManagementEventRuleCondition (occurrences of management events), LocationThresholdRuleCondition (based on the number of failures of a web test), and ThresholdRuleCondition (based on the threshold of a metric). 'Microsoft.Azure.Management.Insights.Models.ManagementEventRuleCondition'
aggregation How the data that is collected should be combined over time and when the alert is activated. Note that for management event alerts aggregation is optional – if it is not provided then any event will cause the alert to activate. ManagementEventAggregationCondition

ManagementEventAggregationCondition

Name Description Value
operator the condition operator. 'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
threshold The threshold value that activates the alert. int
windowSize the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. If specified then it must be between 5 minutes and 1 day. string

ThresholdRuleCondition

Name Description Value
odata.type specifies the type of condition. This can be one of three types: ManagementEventRuleCondition (occurrences of management events), LocationThresholdRuleCondition (based on the number of failures of a web test), and ThresholdRuleCondition (based on the threshold of a metric). 'Microsoft.Azure.Management.Insights.Models.ThresholdRuleCondition'
operator the operator used to compare the data and the threshold. 'GreaterThan'
'GreaterThanOrEqual'
'LessThan'
'LessThanOrEqual'
threshold the threshold value that activates the alert. int (required)
timeAggregation the time aggregation operator. How the data that are collected should be combined over time. The default value is the PrimaryAggregationType of the Metric. 'Average'
'Last'
'Maximum'
'Minimum'
'Total'
windowSize the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. If specified then it must be between 5 minutes and 1 day. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
DDoS attack on a virtual machine

Deploy to Azure
This will deploy a virtual machine, OMS and other network resources. Perform the DDoS attack by following the guidleines and execute the scenario for detection of a DDoS attack.