Feedback Edit

NrtAlertRuleTemplateProperties Class

  • Reference

NRT alert rule template properties.

Variables are only populated by the server, and will be ignored when sending a request.

Inheritance
azure.mgmt.securityinsight.models._models_py3.AlertRuleTemplateWithMitreProperties
NrtAlertRuleTemplateProperties
azure.mgmt.securityinsight.models._models_py3.QueryBasedAlertRuleTemplateProperties
NrtAlertRuleTemplateProperties

Constructor

NrtAlertRuleTemplateProperties(*, query: Optional[str] = None, severity: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertSeverity]] = None, version: Optional[str] = None, custom_details: Optional[Dict[str, str]] = None, entity_mappings: Optional[List[azure.mgmt.securityinsight.models._models_py3.EntityMapping]] = None, alert_details_override: Optional[azure.mgmt.securityinsight.models._models_py3.AlertDetailsOverride] = None, alert_rules_created_by_template_count: Optional[int] = None, description: Optional[str] = None, display_name: Optional[str] = None, required_data_connectors: Optional[List[azure.mgmt.securityinsight.models._models_py3.AlertRuleTemplateDataSource]] = None, status: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.TemplateStatus]] = None, tactics: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AttackTactic]]] = None, techniques: Optional[List[str]] = None, **kwargs)

Variables

query
str

The query that creates alerts for this rule.

severity
str or AlertSeverity

The severity for alerts created by this alert rule. Possible values include: "High", "Medium", "Low", "Informational".

version
str

The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.

custom_details
dict[str, str]

Dictionary of string key-value pairs of columns to be attached to the alert.

entity_mappings
list[EntityMapping]

Array of the entity mappings of the alert rule.

alert_details_override
AlertDetailsOverride

The alert details override settings.

alert_rules_created_by_template_count
int

the number of alert rules that were created by this template.

last_updated_date_utc
datetime

The last time that this alert rule template has been updated.

created_date_utc
datetime

The time that this alert rule template has been added.

description
str

The description of the alert rule template.

display_name
str

The display name for alert rule template.

required_data_connectors
list[AlertRuleTemplateDataSource]

The required data sources for this template.

status
str or TemplateStatus

The alert rule template status. Possible values include: "Installed", "Available", "NotAvailable".

tactics
list[str or AttackTactic]

The tactics of the alert rule.

techniques
list[str]

The techniques of the alert rule.