GroupingConfiguration Class

Grouping configuration property bag.

All required parameters must be populated in order to send to Azure.

Inheritance

Model

GroupingConfiguration

Constructor

GroupingConfiguration(*, enabled: bool, reopen_closed_incident: bool, lookback_duration: datetime.timedelta, matching_method: Union[str, azure.mgmt.securityinsight.models._security_insights_enums.MatchingMethod], group_by_entities: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.EntityMappingType]]] = None, group_by_alert_details: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertDetail]]] = None, group_by_custom_details: Optional[List[str]] = None, **kwargs)

Variables

enabled

bool

Required. Grouping enabled.

reopen_closed_incident

bool

Required. Re-open closed matching incidents.

lookback_duration

timedelta

Required. Limit the group to alerts created within the lookback duration (in ISO 8601 duration format).

matching_method

str or MatchingMethod

Required. Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. Possible values include: "AllEntities", "AnyAlert", "Selected".

group_by_entities

list[str or EntityMappingType]

A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used.

group_by_alert_details

list[str or AlertDetail]

A list of alert details to group by (when matchingMethod is Selected).

group_by_custom_details

list[str]

A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used.