ScheduledAlertRuleProperties Class
Scheduled alert rule base property bag.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Inheritance
-
azure.mgmt.securityinsight.models._models_py3.ScheduledAlertRuleCommonPropertiesScheduledAlertRuleProperties
Constructor
ScheduledAlertRuleProperties(*, display_name: str, enabled: bool, suppression_duration: datetime.timedelta, suppression_enabled: bool, query: Optional[str] = None, query_frequency: Optional[datetime.timedelta] = None, query_period: Optional[datetime.timedelta] = None, severity: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertSeverity]] = None, trigger_operator: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.TriggerOperator]] = None, trigger_threshold: Optional[int] = None, event_grouping_settings: Optional[azure.mgmt.securityinsight.models._models_py3.EventGroupingSettings] = None, custom_details: Optional[Dict[str, str]] = None, entity_mappings: Optional[List[azure.mgmt.securityinsight.models._models_py3.EntityMapping]] = None, alert_details_override: Optional[azure.mgmt.securityinsight.models._models_py3.AlertDetailsOverride] = None, alert_rule_template_name: Optional[str] = None, template_version: Optional[str] = None, description: Optional[str] = None, tactics: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AttackTactic]]] = None, techniques: Optional[List[str]] = None, incident_configuration: Optional[azure.mgmt.securityinsight.models._models_py3.IncidentConfiguration] = None, **kwargs)Variables
- query
- str
The query that creates alerts for this rule.
- query_frequency
- timedelta
The frequency (in ISO 8601 duration format) for this alert rule to run.
- query_period
- timedelta
The period (in ISO 8601 duration format) that this alert rule looks at.
- severity
- str or AlertSeverity
The severity for alerts created by this alert rule. Possible values include: "High", "Medium", "Low", "Informational".
- trigger_operator
- str or TriggerOperator
The operation against the threshold that triggers alert rule. Possible values include: "GreaterThan", "LessThan", "Equal", "NotEqual".
- trigger_threshold
- int
The threshold triggers this alert rule.
- event_grouping_settings
- EventGroupingSettings
The event grouping settings.
Dictionary of string key-value pairs of columns to be attached to the alert.
- entity_mappings
- list[EntityMapping]
Array of the entity mappings of the alert rule.
- alert_details_override
- AlertDetailsOverride
The alert details override settings.
- alert_rule_template_name
- str
The Name of the alert rule template used to create this rule.
- template_version
- str
The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>.
- description
- str
The description of the alert rule.
- display_name
- str
Required. The display name for alerts created by this alert rule.
- enabled
- bool
Required. Determines whether this alert rule is enabled or disabled.
- last_modified_utc
- datetime
The last time that this alert rule has been modified.
- suppression_duration
- timedelta
Required. The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
- suppression_enabled
- bool
Required. Determines whether the suppression for this alert rule is enabled or disabled.
- tactics
- list[str or AttackTactic]
The tactics of the alert rule.
- incident_configuration
- IncidentConfiguration
The settings of the incidents that created from alerts triggered by this analytics rule.
Feedback
Submit and view feedback for