Feedback Edit

MicrosoftSecurityIncidentCreationAlertRule Class

  • Reference

Represents MicrosoftSecurityIncidentCreation rule.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Inheritance
azure.mgmt.securityinsight.models._models_py3.AlertRule
MicrosoftSecurityIncidentCreationAlertRule

Constructor

MicrosoftSecurityIncidentCreationAlertRule(*, etag: Optional[str] = None, display_names_filter: Optional[List[str]] = None, display_names_exclude_filter: Optional[List[str]] = None, product_filter: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.MicrosoftSecurityProductName]] = None, severities_filter: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertSeverity]]] = None, alert_rule_template_name: Optional[str] = None, description: Optional[str] = None, display_name: Optional[str] = None, enabled: Optional[bool] = None, **kwargs)

Variables

id
str

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

name
str

The name of the resource.

type
str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

system_data
SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

etag
str

Etag of the azure resource.

kind
str or AlertRuleKind

Required. The kind of the alert rule.Constant filled by server. Possible values include: "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", "NRT".

display_names_filter
list[str]

the alerts' displayNames on which the cases will be generated.

display_names_exclude_filter
list[str]

the alerts' displayNames on which the cases will not be generated.

product_filter
str or MicrosoftSecurityProductName

The alerts' productName on which the cases will be generated. Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", "Office 365 Advanced Threat Protection", "Microsoft Defender Advanced Threat Protection".

severities_filter
list[str or AlertSeverity]

the alerts' severities on which the cases will be generated.

alert_rule_template_name
str

The Name of the alert rule template used to create this rule.

description
str

The description of the alert rule.

display_name
str

The display name for alerts created by this alert rule.

enabled
bool

Determines whether this alert rule is enabled or disabled.

last_modified_utc
datetime

The last time that this alert has been modified.