ScheduledAlertRuleTemplate Class
Represents scheduled alert rule template.
Variables are only populated by the server, and will be ignored when sending a request.
All required parameters must be populated in order to send to Azure.
- Inheritance
-
azure.mgmt.securityinsight.models._models_py3.AlertRuleTemplateScheduledAlertRuleTemplate
Constructor
ScheduledAlertRuleTemplate(*, alert_rules_created_by_template_count: Optional[int] = None, description: Optional[str] = None, display_name: Optional[str] = None, required_data_connectors: Optional[List[azure.mgmt.securityinsight.models._models_py3.AlertRuleTemplateDataSource]] = None, status: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.TemplateStatus]] = None, query: Optional[str] = None, query_frequency: Optional[datetime.timedelta] = None, query_period: Optional[datetime.timedelta] = None, severity: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AlertSeverity]] = None, trigger_operator: Optional[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.TriggerOperator]] = None, trigger_threshold: Optional[int] = None, tactics: Optional[List[Union[str, azure.mgmt.securityinsight.models._security_insights_enums.AttackTactic]]] = None, techniques: Optional[List[str]] = None, version: Optional[str] = None, event_grouping_settings: Optional[azure.mgmt.securityinsight.models._models_py3.EventGroupingSettings] = None, custom_details: Optional[Dict[str, str]] = None, entity_mappings: Optional[List[azure.mgmt.securityinsight.models._models_py3.EntityMapping]] = None, alert_details_override: Optional[azure.mgmt.securityinsight.models._models_py3.AlertDetailsOverride] = None, **kwargs)Variables
- id
- str
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}.
- name
- str
The name of the resource.
- type
- str
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts".
- system_data
- SystemData
Azure Resource Manager metadata containing createdBy and modifiedBy information.
- kind
- str or AlertRuleKind
Required. The kind of the alert rule.Constant filled by server. Possible values include: "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", "NRT".
- alert_rules_created_by_template_count
- int
the number of alert rules that were created by this template.
- created_date_utc
- datetime
The time that this alert rule template has been added.
- last_updated_date_utc
- datetime
The time that this alert rule template was last updated.
- description
- str
The description of the alert rule template.
- display_name
- str
The display name for alert rule template.
- required_data_connectors
- list[AlertRuleTemplateDataSource]
The required data connectors for this template.
- status
- str or TemplateStatus
The alert rule template status. Possible values include: "Installed", "Available", "NotAvailable".
- query
- str
The query that creates alerts for this rule.
- query_frequency
- timedelta
The frequency (in ISO 8601 duration format) for this alert rule to run.
- query_period
- timedelta
The period (in ISO 8601 duration format) that this alert rule looks at.
- severity
- str or AlertSeverity
The severity for alerts created by this alert rule. Possible values include: "High", "Medium", "Low", "Informational".
- trigger_operator
- str or TriggerOperator
The operation against the threshold that triggers alert rule. Possible values include: "GreaterThan", "LessThan", "Equal", "NotEqual".
- trigger_threshold
- int
The threshold triggers this alert rule.
- tactics
- list[str or AttackTactic]
The tactics of the alert rule template.
- version
- str
The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.
- event_grouping_settings
- EventGroupingSettings
The event grouping settings.
Dictionary of string key-value pairs of columns to be attached to the alert.
- entity_mappings
- list[EntityMapping]
Array of the entity mappings of the alert rule.
- alert_details_override
- AlertDetailsOverride
The alert details override settings.
Feedback
Submit and view feedback for