Azure Sentinel Alert Rule Ms Security Incident
This page shows how to write Terraform and Azure Resource Manager for Sentinel Alert Rule Ms Security Incident and write them securely.
azurerm_sentinel_alert_rule_ms_security_incident (Terraform)
The Alert Rule Ms Security Incident in Sentinel can be configured in Terraform with the resource name azurerm_sentinel_alert_rule_ms_security_incident
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_sentinel_alert_rule_ms_security_incident" "this" {
description = var.description
display_name = var.display_name
enabled = var.enabled
log_analytics_workspace_id = var.log_analytics_workspace_id
name = var.name
Parameters
-
alert_rule_template_guid
optional - string -
description
optional - string -
display_name
required - string -
display_name_exclude_filter
optional - set of string -
display_name_filter
optional computed - set of string -
enabled
optional - bool -
id
optional computed - string -
log_analytics_workspace_id
required - string -
name
required - string -
product_filter
required - string -
severity_filter
required - set of string -
text_whitelist
optional computed - set of string -
timeouts
single block
Explanation in Terraform Registry
Manages a Sentinel MS Security Incident Alert Rule.
Microsoft.OperationalInsights/workspaces (Azure Resource Manager)
The workspaces in Microsoft.OperationalInsights can be configured in Azure Resource Manager with the resource name Microsoft.OperationalInsights/workspaces
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookSourceId": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
Parameters
apiVersion
required - stringeTag
optional - stringThe ETag of the workspace.
location
required - stringThe geo-location where the resource lives
name
required - stringThe name of the workspace.
properties
requiredfeatures
optionaladditionalProperties
optional - objectUnmatched properties from the message are deserialized this collection
clusterResourceId
optional - stringDedicated LA cluster resourceId that is linked to the workspaces.
disableLocalAuth
optional - booleanDisable Non-AAD based Auth.
enableDataExport
optional - booleanFlag that indicate if data should be exported.
enableLogAccessUsingOnlyResourcePermissions
optional - booleanFlag that indicate which permission to use - resource or workspace or both.
immediatePurgeDataOn30Days
optional - booleanFlag that describes if we want to remove the data after 30 days.
forceCmkForQuery
optional - booleanIndicates whether customer managed storage is mandatory for query management.
provisioningState
optional - stringThe provisioning state of the workspace.
publicNetworkAccessForIngestion
optional - stringThe network access type for accessing Log Analytics ingestion.
publicNetworkAccessForQuery
optional - stringThe network access type for accessing Log Analytics query.
retentionInDays
optional - integerThe workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.
sku
optionalcapacityReservationLevel
optional - integerThe capacity reservation level in GB for this workspace, when CapacityReservation sku is selected.
name
required - stringThe name of the SKU.
workspaceCapping
optionaldailyQuotaGb
optional - numberThe workspace daily quota for ingestion.
tags
optional - stringResource tags.
type
required - string
Frequently asked questions
What is Azure Sentinel Alert Rule Ms Security Incident?
Azure Sentinel Alert Rule Ms Security Incident is a resource for Sentinel of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Sentinel Alert Rule Ms Security Incident?
For Terraform, the niveklabs/azurerm source code example is useful. See the Terraform Example section for further details.
For Azure Resource Manager, the pkhabazi/sentineldevops, ObjectivityLtd/jmeter_simple_test and ObjectivityLtd/jmeter_simple_test source code examples are useful. See the Azure Resource Manager Example section for further details.