Azure Sentinel Alert Rule Scheduled
This page shows how to write Terraform and Azure Resource Manager for Sentinel Alert Rule Scheduled and write them securely.
azurerm_sentinel_alert_rule_scheduled (Terraform)
The Alert Rule Scheduled in Sentinel can be configured in Terraform with the resource name azurerm_sentinel_alert_rule_scheduled
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_sentinel_alert_rule_scheduled" "schedule_01" {
name = var.name
log_analytics_workspace_id = azurerm_log_analytics_solution.solution_sentine_01.workspace_resource_id
display_name = var.display_name
severity = var.severity
query = <<QUERY
Parameters
-
alert_rule_template_guid
optional - string -
description
optional - string -
display_name
required - string -
enabled
optional - bool -
id
optional computed - string -
log_analytics_workspace_id
required - string -
name
required - string -
query
required - string -
query_frequency
optional - string -
query_period
optional - string -
severity
required - string -
suppression_duration
optional - string -
suppression_enabled
optional - bool -
tactics
optional - set of string -
trigger_operator
optional - string -
trigger_threshold
optional - number -
event_grouping
list block-
aggregation_method
required - string
-
-
incident_configuration
list block-
create_incident
required - bool -
grouping
list block-
enabled
optional - bool -
entity_matching_method
optional - string -
group_by
optional - set of string -
lookback_duration
optional - string -
reopen_closed_incidents
optional - bool
-
-
-
timeouts
single block
Explanation in Terraform Registry
Manages a Sentinel Scheduled Alert Rule.
Microsoft.OperationalInsights/workspaces (Azure Resource Manager)
The workspaces in Microsoft.OperationalInsights can be configured in Azure Resource Manager with the resource name Microsoft.OperationalInsights/workspaces
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookSourceId": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
{
"contentVersion": "1.0.0.0",
"parameters": {
"workbookDisplayName": {
"type": "string",
Parameters
apiVersion
required - stringeTag
optional - stringThe ETag of the workspace.
location
required - stringThe geo-location where the resource lives
name
required - stringThe name of the workspace.
properties
requiredfeatures
optionaladditionalProperties
optional - objectUnmatched properties from the message are deserialized this collection
clusterResourceId
optional - stringDedicated LA cluster resourceId that is linked to the workspaces.
disableLocalAuth
optional - booleanDisable Non-AAD based Auth.
enableDataExport
optional - booleanFlag that indicate if data should be exported.
enableLogAccessUsingOnlyResourcePermissions
optional - booleanFlag that indicate which permission to use - resource or workspace or both.
immediatePurgeDataOn30Days
optional - booleanFlag that describes if we want to remove the data after 30 days.
forceCmkForQuery
optional - booleanIndicates whether customer managed storage is mandatory for query management.
provisioningState
optional - stringThe provisioning state of the workspace.
publicNetworkAccessForIngestion
optional - stringThe network access type for accessing Log Analytics ingestion.
publicNetworkAccessForQuery
optional - stringThe network access type for accessing Log Analytics query.
retentionInDays
optional - integerThe workspace data retention in days. Allowed values are per pricing plan. See pricing tiers documentation for details.
sku
optionalcapacityReservationLevel
optional - integerThe capacity reservation level in GB for this workspace, when CapacityReservation sku is selected.
name
required - stringThe name of the SKU.
workspaceCapping
optionaldailyQuotaGb
optional - numberThe workspace daily quota for ingestion.
tags
optional - stringResource tags.
type
required - string
Frequently asked questions
What is Azure Sentinel Alert Rule Scheduled?
Azure Sentinel Alert Rule Scheduled is a resource for Sentinel of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Sentinel Alert Rule Scheduled?
For Terraform, the AnikG-Org/devops-practice source code example is useful. See the Terraform Example section for further details.
For Azure Resource Manager, the pkhabazi/sentineldevops, ObjectivityLtd/jmeter_simple_test and ObjectivityLtd/jmeter_simple_test source code examples are useful. See the Azure Resource Manager Example section for further details.