MicrosoftSecurityIncidentCreationAlertRuleTemplate Class

Reference

Represents MicrosoftSecurityIncidentCreation rule template.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Inheritance: azure.mgmt.securityinsight.models._models_py3.AlertRuleTemplate

MicrosoftSecurityIncidentCreationAlertRuleTemplate

Constructor

MicrosoftSecurityIncidentCreationAlertRuleTemplate(*, alert_rules_created_by_template_count: Optional[int] = None, description: Optional[str] = None, display_name: Optional[str] = None, required_data_connectors: Optional[List[azure.mgmt.securityinsight.models._models_py3.AlertRuleTemplateDataSource]] = None, status: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.TemplateStatus]] = None, display_names_filter: Optional[List[str]] = None, display_names_exclude_filter: Optional[List[str]] = None, product_filter: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.MicrosoftSecurityProductName]] = None, severities_filter: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertSeverity]]] = None, **kwargs)

Variables

id: str

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

name: str

The name of the resource.

type: str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

system_data: SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

kind: str or AlertRuleKind

Required. The kind of the alert rule.Constant filled by server. Possible values include: "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", "NRT".

alert_rules_created_by_template_count: int

the number of alert rules that were created by this template.

last_updated_date_utc: datetime

The last time that this alert rule template has been updated.

created_date_utc: datetime

The time that this alert rule template has been added.

description: str

The description of the alert rule template.

display_name: str

The display name for alert rule template.

required_data_connectors: list[AlertRuleTemplateDataSource]

The required data sources for this template.

status: str or TemplateStatus

The alert rule template status. Possible values include: "Installed", "Available", "NotAvailable".

display_names_filter: list[str]

the alerts' displayNames on which the cases will be generated.

display_names_exclude_filter: list[str]

the alerts' displayNames on which the cases will not be generated.

product_filter: str or MicrosoftSecurityProductName

The alerts' productName on which the cases will be generated. Possible values include: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", "Office 365 Advanced Threat Protection", "Microsoft Defender Advanced Threat Protection".

severities_filter: list[str or AlertSeverity]

the alerts' severities on which the cases will be generated.

MicrosoftSecurityIncidentCreationAlertRuleTemplate Class

Constructor

Variables

Feedback