Feedback Edit

FusionAlertRule Class

  • Reference

Represents Fusion alert rule.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Inheritance
azure.mgmt.securityinsight.models._models_py3.AlertRule
FusionAlertRule

Constructor

FusionAlertRule(*, etag: Optional[str] = None, alert_rule_template_name: Optional[str] = None, enabled: Optional[bool] = None, source_settings: Optional[List[azure.mgmt.securityinsight.models._models_py3.FusionSourceSettings]] = None, scenario_exclusion_patterns: Optional[List[azure.mgmt.securityinsight.models._models_py3.FusionScenarioExclusionPattern]] = None, **kwargs)

Variables

id
str

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

name
str

The name of the resource.

type
str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

system_data
SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

etag
str

Etag of the azure resource.

kind
str or AlertRuleKind

Required. The kind of the alert rule.Constant filled by server. Possible values include: "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", "NRT".

alert_rule_template_name
str

The Name of the alert rule template used to create this rule.

description
str

The description of the alert rule.

display_name
str

The display name for alerts created by this alert rule.

enabled
bool

Determines whether this alert rule is enabled or disabled.

source_settings
list[FusionSourceSettings]

Configuration for all supported source signals in fusion detection.

scenario_exclusion_patterns
list[FusionScenarioExclusionPattern]

Configuration to exclude scenarios in fusion detection.

last_modified_utc
datetime

The last time that this alert has been modified.

severity
str or AlertSeverity

The severity for alerts created by this alert rule. Possible values include: "High", "Medium", "Low", "Informational".

tactics
list[str or AttackTactic]

The tactics of the alert rule.

techniques
list[str]

The techniques of the alert rule.