NrtAlertRule Class
Represents NRT alert rule.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Inheritance
-
azure.mgmt.securityinsight.models._models_py3.AlertRuleNrtAlertRule
Constructor
NrtAlertRule(*, etag: Optional[str] = None, alert_rule_template_name: Optional[str] = None, template_version: Optional[str] = None, description: Optional[str] = None, query: Optional[str] = None, tactics: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AttackTactic]]] = None, techniques: Optional[List[str]] = None, display_name: Optional[str] = None, enabled: Optional[bool] = None, suppression_duration: Optional[datetime.timedelta] = None, suppression_enabled: Optional[bool] = None, severity: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertSeverity]] = None, incident_configuration: Optional[azure.mgmt.securityinsight.models._models_py3.IncidentConfiguration] = None, custom_details: Optional[Dict[str, str]] = None, entity_mappings: Optional[List[azure.mgmt.securityinsight.models._models_py3.EntityMapping]] = None, alert_details_override: Optional[azure.mgmt.securityinsight.models._models_py3.AlertDetailsOverride] = None, **kwargs)Variables
- id
- str
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.
- name
- str
The name of the resource.
- type
- str
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".
- system_data
- SystemData
Azure Resource Manager metadata containing createdBy and modifiedBy information.
- etag
- str
Etag of the azure resource.
- kind
- str or AlertRuleKind
Required. The kind of the alert rule.Constant filled by server. Possible values include: "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", "NRT".
- alert_rule_template_name
- str
The Name of the alert rule template used to create this rule.
- template_version
- str
The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>.
- description
- str
The description of the alert rule.
- query
- str
The query that creates alerts for this rule.
- tactics
- list[str or AttackTactic]
The tactics of the alert rule.
- display_name
- str
The display name for alerts created by this alert rule.
- enabled
- bool
Determines whether this alert rule is enabled or disabled.
- last_modified_utc
- datetime
The last time that this alert rule has been modified.
- suppression_duration
- timedelta
The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
- suppression_enabled
- bool
Determines whether the suppression for this alert rule is enabled or disabled.
- severity
- str or AlertSeverity
The severity for alerts created by this alert rule. Possible values include: "High", "Medium", "Low", "Informational".
- incident_configuration
- IncidentConfiguration
The settings of the incidents that created from alerts triggered by this analytics rule.
Dictionary of string key-value pairs of columns to be attached to the alert.
- entity_mappings
- list[EntityMapping]
Array of the entity mappings of the alert rule.
- alert_details_override
- AlertDetailsOverride
The alert details override settings.
Feedback
Submit and view feedback for