Azure Sentinel Alert Rule Scheduled

This page shows how to write Terraform and Azure Resource Manager for Sentinel Alert Rule Scheduled and write them securely.

azurerm_sentinel_alert_rule_scheduled (Terraform)

The Alert Rule Scheduled in Sentinel can be configured in Terraform with the resource name azurerm_sentinel_alert_rule_scheduled. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L13
resource "azurerm_sentinel_alert_rule_scheduled" "schedule_01" {
  name                       = var.name
  log_analytics_workspace_id = azurerm_log_analytics_solution.solution_sentine_01.workspace_resource_id
  display_name               = var.display_name
  severity                   = var.severity
  query                      = <<QUERY

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Manages a Sentinel Scheduled Alert Rule.

Microsoft.OperationalInsights/workspaces (Azure Resource Manager)

The workspaces in Microsoft.OperationalInsights can be configured in Azure Resource Manager with the resource name Microsoft.OperationalInsights/workspaces. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
workbooks.arm.template.statistics.detailed.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
workbooks.arm.template.statistics.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
workbook.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
        "workbookSourceId": {
            "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
application-gw-firewall-events.json
{
    "contentVersion": "1.0.0.0",
    "parameters": {
      "workbookDisplayName": {
        "type": "string",
template.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
AWS_User_Activities.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",
workbooks.arm.template.rag.json
{
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workbookDisplayName": {
      "type": "string",

Parameters

  • apiVersion required - string
  • eTag optional - string

    The ETag of the workspace.

  • location required - string

    The geo-location where the resource lives

  • name required - string

    The name of the workspace.

  • properties required
      • features optional
          • additionalProperties optional - object

            Unmatched properties from the message are deserialized this collection

          • clusterResourceId optional - string

            Dedicated LA cluster resourceId that is linked to the workspaces.

          • disableLocalAuth optional - boolean

            Disable Non-AAD based Auth.

          • enableDataExport optional - boolean

            Flag that indicate if data should be exported.

          • enableLogAccessUsingOnlyResourcePermissions optional - boolean

            Flag that indicate which permission to use - resource or workspace or both.

          • immediatePurgeDataOn30Days optional - boolean

            Flag that describes if we want to remove the data after 30 days.

      • forceCmkForQuery optional - boolean

        Indicates whether customer managed storage is mandatory for query management.

      • provisioningState optional - string

        The provisioning state of the workspace.

      • publicNetworkAccessForIngestion optional - string

        The network access type for accessing Log Analytics ingestion.

      • publicNetworkAccessForQuery optional - string

        The network access type for accessing Log Analytics query.

      • retentionInDays optional - integer

        The workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.

      • sku optional
          • capacityReservationLevel optional - integer

            The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected.

          • name required - string

            The name of the SKU.

      • workspaceCapping optional
          • dailyQuotaGb optional - number

            The workspace daily quota for ingestion.

  • tags optional - string

    Resource tags.

  • type required - string

Frequently asked questions

What is Azure Sentinel Alert Rule Scheduled?

Azure Sentinel Alert Rule Scheduled is a resource for Sentinel of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Sentinel Alert Rule Scheduled?

For Terraform, the AnikG-Org/devops-practice source code example is useful. See the Terraform Example section for further details.

For Azure Resource Manager, the pkhabazi/sentineldevops, ObjectivityLtd/jmeter_simple_test and ObjectivityLtd/jmeter_simple_test source code examples are useful. See the Azure Resource Manager Example section for further details.