Feedback Edit

NrtAlertRuleTemplate Class

  • Reference

Represents NRT alert rule template.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Inheritance
azure.mgmt.securityinsight.models._models_py3.AlertRuleTemplate
NrtAlertRuleTemplate

Constructor

NrtAlertRuleTemplate(*, alert_rules_created_by_template_count: Optional[int] = None, description: Optional[str] = None, display_name: Optional[str] = None, required_data_connectors: Optional[List[azure.mgmt.securityinsight.models._models_py3.AlertRuleTemplateDataSource]] = None, status: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.TemplateStatus]] = None, tactics: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AttackTactic]]] = None, techniques: Optional[List[str]] = None, query: Optional[str] = None, severity: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertSeverity]] = None, version: Optional[str] = None, custom_details: Optional[Dict[str, str]] = None, entity_mappings: Optional[List[azure.mgmt.securityinsight.models._models_py3.EntityMapping]] = None, alert_details_override: Optional[azure.mgmt.securityinsight.models._models_py3.AlertDetailsOverride] = None, **kwargs)

Variables

id
str

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.

name
str

The name of the resource.

type
str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".

system_data
SystemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.

kind
str or AlertRuleKind

Required. The kind of the alert rule.Constant filled by server. Possible values include: "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", "NRT".

alert_rules_created_by_template_count
int

the number of alert rules that were created by this template.

last_updated_date_utc
datetime

The last time that this alert rule template has been updated.

created_date_utc
datetime

The time that this alert rule template has been added.

description
str

The description of the alert rule template.

display_name
str

The display name for alert rule template.

required_data_connectors
list[AlertRuleTemplateDataSource]

The required data sources for this template.

status
str or TemplateStatus

The alert rule template status. Possible values include: "Installed", "Available", "NotAvailable".

tactics
list[str or AttackTactic]

The tactics of the alert rule.

techniques
list[str]

The techniques of the alert rule.

query
str

The query that creates alerts for this rule.

severity
str or AlertSeverity

The severity for alerts created by this alert rule. Possible values include: "High", "Medium", "Low", "Informational".

version
str

The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.

custom_details
dict[str, str]

Dictionary of string key-value pairs of columns to be attached to the alert.

entity_mappings
list[EntityMapping]

Array of the entity mappings of the alert rule.

alert_details_override
AlertDetailsOverride

The alert details override settings.