Docs Home
Packages
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi
azure-native.securityinsights.Incident
Explore with Pulumi AI
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi
Represents an incident in Azure Security Insights. API Version: 2020-01-01.
Example Usage
Creates or updates an incident.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var incident = new AzureNative.SecurityInsights.Incident("incident", new()
{
Classification = "FalsePositive",
ClassificationComment = "Not a malicious activity",
ClassificationReason = "IncorrectAlertLogic",
Description = "This is a demo incident",
FirstActivityTimeUtc = "2019-01-01T13:00:30Z",
IncidentId = "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
LastActivityTimeUtc = "2019-01-01T13:05:30Z",
Owner = new AzureNative.SecurityInsights.Inputs.IncidentOwnerInfoArgs
{
ObjectId = "2046feea-040d-4a46-9e2b-91c2941bfa70",
},
ResourceGroupName = "myRg",
Severity = "High",
Status = "Closed",
Title = "My incident",
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewIncident(ctx, "incident", &securityinsights.IncidentArgs{
Classification: pulumi.String("FalsePositive"),
ClassificationComment: pulumi.String("Not a malicious activity"),
ClassificationReason: pulumi.String("IncorrectAlertLogic"),
Description: pulumi.String("This is a demo incident"),
FirstActivityTimeUtc: pulumi.String("2019-01-01T13:00:30Z"),
IncidentId: pulumi.String("73e01a99-5cd7-4139-a149-9f2736ff2ab5"),
LastActivityTimeUtc: pulumi.String("2019-01-01T13:05:30Z"),
Owner: &securityinsights.IncidentOwnerInfoArgs{
ObjectId: pulumi.String("2046feea-040d-4a46-9e2b-91c2941bfa70"),
},
ResourceGroupName: pulumi.String("myRg"),
Severity: pulumi.String("High"),
Status: pulumi.String("Closed"),
Title: pulumi.String("My incident"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.Incident;
import com.pulumi.azurenative.securityinsights.IncidentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var incident = new Incident("incident", IncidentArgs.builder()
.classification("FalsePositive")
.classificationComment("Not a malicious activity")
.classificationReason("IncorrectAlertLogic")
.description("This is a demo incident")
.firstActivityTimeUtc("2019-01-01T13:00:30Z")
.incidentId("73e01a99-5cd7-4139-a149-9f2736ff2ab5")
.lastActivityTimeUtc("2019-01-01T13:05:30Z")
.owner(Map.of("objectId", "2046feea-040d-4a46-9e2b-91c2941bfa70"))
.resourceGroupName("myRg")
.severity("High")
.status("Closed")
.title("My incident")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
incident = azure_native.securityinsights.Incident("incident",
classification="FalsePositive",
classification_comment="Not a malicious activity",
classification_reason="IncorrectAlertLogic",
description="This is a demo incident",
first_activity_time_utc="2019-01-01T13:00:30Z",
incident_id="73e01a99-5cd7-4139-a149-9f2736ff2ab5",
last_activity_time_utc="2019-01-01T13:05:30Z",
owner=azure_native.securityinsights.IncidentOwnerInfoArgs(
object_id="2046feea-040d-4a46-9e2b-91c2941bfa70",
),
resource_group_name="myRg",
severity="High",
status="Closed",
title="My incident",
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const incident = new azure_native.securityinsights.Incident("incident", {
classification: "FalsePositive",
classificationComment: "Not a malicious activity",
classificationReason: "IncorrectAlertLogic",
description: "This is a demo incident",
firstActivityTimeUtc: "2019-01-01T13:00:30Z",
incidentId: "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
lastActivityTimeUtc: "2019-01-01T13:05:30Z",
owner: {
objectId: "2046feea-040d-4a46-9e2b-91c2941bfa70",
},
resourceGroupName: "myRg",
severity: "High",
status: "Closed",
title: "My incident",
workspaceName: "myWorkspace",
});
resources:
incident:
type: azure-native:securityinsights:Incident
properties:
classification: FalsePositive
classificationComment: Not a malicious activity
classificationReason: IncorrectAlertLogic
description: This is a demo incident
firstActivityTimeUtc: 2019-01-01T13:00:30Z
incidentId: 73e01a99-5cd7-4139-a149-9f2736ff2ab5
lastActivityTimeUtc: 2019-01-01T13:05:30Z
owner:
objectId: 2046feea-040d-4a46-9e2b-91c2941bfa70
resourceGroupName: myRg
severity: High
status: Closed
title: My incident
workspaceName: myWorkspace
Create Incident Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Incident(name: string, args: IncidentArgs, opts?: CustomResourceOptions);@overload
def Incident(resource_name: str,
args: IncidentArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Incident(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
workspace_name: Optional[str] = None,
title: Optional[str] = None,
status: Optional[Union[str, IncidentStatus]] = None,
severity: Optional[Union[str, IncidentSeverity]] = None,
description: Optional[str] = None,
labels: Optional[Sequence[IncidentLabelArgs]] = None,
last_activity_time_utc: Optional[str] = None,
owner: Optional[IncidentOwnerInfoArgs] = None,
incident_id: Optional[str] = None,
first_activity_time_utc: Optional[str] = None,
classification: Optional[Union[str, IncidentClassification]] = None,
classification_reason: Optional[Union[str, IncidentClassificationReason]] = None,
classification_comment: Optional[str] = None)func NewIncident(ctx *Context, name string, args IncidentArgs, opts ...ResourceOption) (*Incident, error)public Incident(string name, IncidentArgs args, CustomResourceOptions? opts = null)
public Incident(String name, IncidentArgs args)
public Incident(String name, IncidentArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:Incident
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IncidentArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var incidentResource = new AzureNative.Securityinsights.Incident("incidentResource", new()
{
ResourceGroupName = "string",
WorkspaceName = "string",
Title = "string",
Status = "string",
Severity = "string",
Description = "string",
Labels = new[]
{
{
{ "labelName", "string" },
},
},
LastActivityTimeUtc = "string",
Owner =
{
{ "assignedTo", "string" },
{ "email", "string" },
{ "objectId", "string" },
{ "userPrincipalName", "string" },
},
IncidentId = "string",
FirstActivityTimeUtc = "string",
Classification = "string",
ClassificationReason = "string",
ClassificationComment = "string",
});
example, err := securityinsights.NewIncident(ctx, "incidentResource", &securityinsights.IncidentArgs{
ResourceGroupName: "string",
WorkspaceName: "string",
Title: "string",
Status: "string",
Severity: "string",
Description: "string",
Labels: []map[string]interface{}{
map[string]interface{}{
"labelName": "string",
},
},
LastActivityTimeUtc: "string",
Owner: map[string]interface{}{
"assignedTo": "string",
"email": "string",
"objectId": "string",
"userPrincipalName": "string",
},
IncidentId: "string",
FirstActivityTimeUtc: "string",
Classification: "string",
ClassificationReason: "string",
ClassificationComment: "string",
})
var incidentResource = new Incident("incidentResource", IncidentArgs.builder()
.resourceGroupName("string")
.workspaceName("string")
.title("string")
.status("string")
.severity("string")
.description("string")
.labels(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.lastActivityTimeUtc("string")
.owner(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.incidentId("string")
.firstActivityTimeUtc("string")
.classification("string")
.classificationReason("string")
.classificationComment("string")
.build());
incident_resource = azure_native.securityinsights.Incident("incidentResource",
resource_group_name=string,
workspace_name=string,
title=string,
status=string,
severity=string,
description=string,
labels=[{
labelName: string,
}],
last_activity_time_utc=string,
owner={
assignedTo: string,
email: string,
objectId: string,
userPrincipalName: string,
},
incident_id=string,
first_activity_time_utc=string,
classification=string,
classification_reason=string,
classification_comment=string)
const incidentResource = new azure_native.securityinsights.Incident("incidentResource", {
resourceGroupName: "string",
workspaceName: "string",
title: "string",
status: "string",
severity: "string",
description: "string",
labels: [{
labelName: "string",
}],
lastActivityTimeUtc: "string",
owner: {
assignedTo: "string",
email: "string",
objectId: "string",
userPrincipalName: "string",
},
incidentId: "string",
firstActivityTimeUtc: "string",
classification: "string",
classificationReason: "string",
classificationComment: "string",
});
type: azure-native:securityinsights:Incident
properties:
classification: string
classificationComment: string
classificationReason: string
description: string
firstActivityTimeUtc: string
incidentId: string
labels:
- labelName: string
lastActivityTimeUtc: string
owner:
assignedTo: string
email: string
objectId: string
userPrincipalName: string
resourceGroupName: string
severity: string
status: string
title: string
workspaceName: string
Incident Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Incident resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Severity
string | Pulumi.
Azure Native. Security Insights. Incident Severity - The severity of the incident
- Status
string | Pulumi.
Azure Native. Security Insights. Incident Status - The status of the incident
- Title string
- The title of the incident
- Workspace
Name string - The name of the workspace.
- Classification
string | Pulumi.
Azure Native. Security Insights. Incident Classification - The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string | Pulumi.Azure Native. Security Insights. Incident Classification Reason - The classification reason the incident was closed with
- Description string
- The description of the incident
- First
Activity stringTime Utc - The time of the first activity in the incident
- Incident
Id string - Incident ID
- Labels
List<Pulumi.
Azure Native. Security Insights. Inputs. Incident Label> - List of labels relevant to this incident
- Last
Activity stringTime Utc - The time of the last activity in the incident
- Owner
Pulumi.
Azure Native. Security Insights. Inputs. Incident Owner Info - Describes a user that the incident is assigned to
- Resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- Severity
string | Incident
Severity - The severity of the incident
- Status
string | Incident
Status - The status of the incident
- Title string
- The title of the incident
- Workspace
Name string - The name of the workspace.
- Classification
string | Incident
Classification - The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string | IncidentClassification Reason - The classification reason the incident was closed with
- Description string
- The description of the incident
- First
Activity stringTime Utc - The time of the first activity in the incident
- Incident
Id string - Incident ID
- Labels
[]Incident
Label Args - List of labels relevant to this incident
- Last
Activity stringTime Utc - The time of the last activity in the incident
- Owner
Incident
Owner Info Args - Describes a user that the incident is assigned to
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- severity
String | Incident
Severity - The severity of the incident
- status
String | Incident
Status - The status of the incident
- title String
- The title of the incident
- workspace
Name String - The name of the workspace.
- classification
String | Incident
Classification - The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String | IncidentClassification Reason - The classification reason the incident was closed with
- description String
- The description of the incident
- first
Activity StringTime Utc - The time of the first activity in the incident
- incident
Id String - Incident ID
- labels
List<Incident
Label> - List of labels relevant to this incident
- last
Activity StringTime Utc - The time of the last activity in the incident
- owner
Incident
Owner Info - Describes a user that the incident is assigned to
- resource
Group stringName - The name of the resource group within the user's subscription. The name is case insensitive.
- severity
string | Incident
Severity - The severity of the incident
- status
string | Incident
Status - The status of the incident
- title string
- The title of the incident
- workspace
Name string - The name of the workspace.
- classification
string | Incident
Classification - The reason the incident was closed
- classification
Comment string - Describes the reason the incident was closed
- classification
Reason string | IncidentClassification Reason - The classification reason the incident was closed with
- description string
- The description of the incident
- first
Activity stringTime Utc - The time of the first activity in the incident
- incident
Id string - Incident ID
- labels
Incident
Label[] - List of labels relevant to this incident
- last
Activity stringTime Utc - The time of the last activity in the incident
- owner
Incident
Owner Info - Describes a user that the incident is assigned to
- resource_
group_ strname - The name of the resource group within the user's subscription. The name is case insensitive.
- severity
str | Incident
Severity - The severity of the incident
- status
str | Incident
Status - The status of the incident
- title str
- The title of the incident
- workspace_
name str - The name of the workspace.
- classification
str | Incident
Classification - The reason the incident was closed
- classification_
comment str - Describes the reason the incident was closed
- classification_
reason str | IncidentClassification Reason - The classification reason the incident was closed with
- description str
- The description of the incident
- first_
activity_ strtime_ utc - The time of the first activity in the incident
- incident_
id str - Incident ID
- labels
Sequence[Incident
Label Args] - List of labels relevant to this incident
- last_
activity_ strtime_ utc - The time of the last activity in the incident
- owner
Incident
Owner Info Args - Describes a user that the incident is assigned to
- resource
Group StringName - The name of the resource group within the user's subscription. The name is case insensitive.
- severity String | "High" | "Medium" | "Low" | "Informational"
- The severity of the incident
- status String | "New" | "Active" | "Closed"
- The status of the incident
- title String
- The title of the incident
- workspace
Name String - The name of the workspace.
- classification
String | "Undetermined" | "True
Positive" | "Benign Positive" | "False Positive" - The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String | "SuspiciousActivity" | "Suspicious But Expected" | "Incorrect Alert Logic" | "Inaccurate Data" - The classification reason the incident was closed with
- description String
- The description of the incident
- first
Activity StringTime Utc - The time of the first activity in the incident
- incident
Id String - Incident ID
- labels List<Property Map>
- List of labels relevant to this incident
- last
Activity StringTime Utc - The time of the last activity in the incident
- owner Property Map
- Describes a user that the incident is assigned to
Outputs
All input properties are implicitly available as output properties. Additionally, the Incident resource produces the following output properties:
- Additional
Data Pulumi.Azure Native. Security Insights. Outputs. Incident Additional Data Response - Additional data on the incident
- Created
Time stringUtc - The time the incident was created
- Id string
- The provider-assigned unique ID for this managed resource.
- Incident
Number int - A sequential number
- Incident
Url string - The deep-link url to the incident in Azure portal
- Last
Modified stringTime Utc - The last time the incident was updated
- Name string
- Azure resource name
- List<string>
- List of resource ids of Analytic rules related to the incident
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- Additional
Data IncidentAdditional Data Response - Additional data on the incident
- Created
Time stringUtc - The time the incident was created
- Id string
- The provider-assigned unique ID for this managed resource.
- Incident
Number int - A sequential number
- Incident
Url string - The deep-link url to the incident in Azure portal
- Last
Modified stringTime Utc - The last time the incident was updated
- Name string
- Azure resource name
- []string
- List of resource ids of Analytic rules related to the incident
- Type string
- Azure resource type
- Etag string
- Etag of the azure resource
- additional
Data IncidentAdditional Data Response - Additional data on the incident
- created
Time StringUtc - The time the incident was created
- id String
- The provider-assigned unique ID for this managed resource.
- incident
Number Integer - A sequential number
- incident
Url String - The deep-link url to the incident in Azure portal
- last
Modified StringTime Utc - The last time the incident was updated
- name String
- Azure resource name
- List<String>
- List of resource ids of Analytic rules related to the incident
- type String
- Azure resource type
- etag String
- Etag of the azure resource
- additional
Data IncidentAdditional Data Response - Additional data on the incident
- created
Time stringUtc - The time the incident was created
- id string
- The provider-assigned unique ID for this managed resource.
- incident
Number number - A sequential number
- incident
Url string - The deep-link url to the incident in Azure portal
- last
Modified stringTime Utc - The last time the incident was updated
- name string
- Azure resource name
- string[]
- List of resource ids of Analytic rules related to the incident
- type string
- Azure resource type
- etag string
- Etag of the azure resource
- additional_
data IncidentAdditional Data Response - Additional data on the incident
- created_
time_ strutc - The time the incident was created
- id str
- The provider-assigned unique ID for this managed resource.
- incident_
number int - A sequential number
- incident_
url str - The deep-link url to the incident in Azure portal
- last_
modified_ strtime_ utc - The last time the incident was updated
- name str
- Azure resource name
- Sequence[str]
- List of resource ids of Analytic rules related to the incident
- type str
- Azure resource type
- etag str
- Etag of the azure resource
- additional
Data Property Map - Additional data on the incident
- created
Time StringUtc - The time the incident was created
- id String
- The provider-assigned unique ID for this managed resource.
- incident
Number Number - A sequential number
- incident
Url String - The deep-link url to the incident in Azure portal
- last
Modified StringTime Utc - The last time the incident was updated
- name String
- Azure resource name
- List<String>
- List of resource ids of Analytic rules related to the incident
- type String
- Azure resource type
- etag String
- Etag of the azure resource
Supporting Types
IncidentAdditionalDataResponse, IncidentAdditionalDataResponseArgs
- Alert
Product List<string>Names - List of product names of alerts in the incident
- Alerts
Count int - The number of alerts in the incident
- Bookmarks
Count int - The number of bookmarks in the incident
- Comments
Count int - The number of comments in the incident
- Tactics List<string>
- The tactics associated with incident
- Alert
Product []stringNames - List of product names of alerts in the incident
- Alerts
Count int - The number of alerts in the incident
- Bookmarks
Count int - The number of bookmarks in the incident
- Comments
Count int - The number of comments in the incident
- Tactics []string
- The tactics associated with incident
- alert
Product List<String>Names - List of product names of alerts in the incident
- alerts
Count Integer - The number of alerts in the incident
- bookmarks
Count Integer - The number of bookmarks in the incident
- comments
Count Integer - The number of comments in the incident
- tactics List<String>
- The tactics associated with incident
- alert
Product string[]Names - List of product names of alerts in the incident
- alerts
Count number - The number of alerts in the incident
- bookmarks
Count number - The number of bookmarks in the incident
- comments
Count number - The number of comments in the incident
- tactics string[]
- The tactics associated with incident
- alert_
product_ Sequence[str]names - List of product names of alerts in the incident
- alerts_
count int - The number of alerts in the incident
- bookmarks_
count int - The number of bookmarks in the incident
- comments_
count int - The number of comments in the incident
- tactics Sequence[str]
- The tactics associated with incident
- alert
Product List<String>Names - List of product names of alerts in the incident
- alerts
Count Number - The number of alerts in the incident
- bookmarks
Count Number - The number of bookmarks in the incident
- comments
Count Number - The number of comments in the incident
- tactics List<String>
- The tactics associated with incident
IncidentClassification, IncidentClassificationArgs
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- Incident
Classification Undetermined - UndeterminedIncident classification was undetermined
- Incident
Classification True Positive - TruePositiveIncident was true positive
- Incident
Classification Benign Positive - BenignPositiveIncident was benign positive
- Incident
Classification False Positive - FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- Undetermined
- UndeterminedIncident classification was undetermined
- True
Positive - TruePositiveIncident was true positive
- Benign
Positive - BenignPositiveIncident was benign positive
- False
Positive - FalsePositiveIncident was false positive
- UNDETERMINED
- UndeterminedIncident classification was undetermined
- TRUE_POSITIVE
- TruePositiveIncident was true positive
- BENIGN_POSITIVE
- BenignPositiveIncident was benign positive
- FALSE_POSITIVE
- FalsePositiveIncident was false positive
- "Undetermined"
- UndeterminedIncident classification was undetermined
- "True
Positive" - TruePositiveIncident was true positive
- "Benign
Positive" - BenignPositiveIncident was benign positive
- "False
Positive" - FalsePositiveIncident was false positive
IncidentClassificationReason, IncidentClassificationReasonArgs
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- Incident
Classification Reason Suspicious Activity - SuspiciousActivityClassification reason was suspicious activity
- Incident
Classification Reason Suspicious But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incident
Classification Reason Incorrect Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Incident
Classification Reason Inaccurate Data - InaccurateDataClassification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- Suspicious
Activity - SuspiciousActivityClassification reason was suspicious activity
- Suspicious
But Expected - SuspiciousButExpectedClassification reason was suspicious but expected
- Incorrect
Alert Logic - IncorrectAlertLogicClassification reason was incorrect alert logic
- Inaccurate
Data - InaccurateDataClassification reason was inaccurate data
- SUSPICIOUS_ACTIVITY
- SuspiciousActivityClassification reason was suspicious activity
- SUSPICIOUS_BUT_EXPECTED
- SuspiciousButExpectedClassification reason was suspicious but expected
- INCORRECT_ALERT_LOGIC
- IncorrectAlertLogicClassification reason was incorrect alert logic
- INACCURATE_DATA
- InaccurateDataClassification reason was inaccurate data
- "Suspicious
Activity" - SuspiciousActivityClassification reason was suspicious activity
- "Suspicious
But Expected" - SuspiciousButExpectedClassification reason was suspicious but expected
- "Incorrect
Alert Logic" - IncorrectAlertLogicClassification reason was incorrect alert logic
- "Inaccurate
Data" - InaccurateDataClassification reason was inaccurate data
IncidentLabel, IncidentLabelArgs
- Label
Name string - The name of the label
- Label
Name string - The name of the label
- label
Name String - The name of the label
- label
Name string - The name of the label
- label_
name str - The name of the label
- label
Name String - The name of the label
IncidentLabelResponse, IncidentLabelResponseArgs
- label_
name str - The name of the label
- label_
type str - The type of the label
IncidentOwnerInfo, IncidentOwnerInfoArgs
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
IncidentOwnerInfoResponse, IncidentOwnerInfoResponseArgs
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
IncidentSeverity, IncidentSeverityArgs
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- Incident
Severity High - HighHigh severity
- Incident
Severity Medium - MediumMedium severity
- Incident
Severity Low - LowLow severity
- Incident
Severity Informational - InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- High
- HighHigh severity
- Medium
- MediumMedium severity
- Low
- LowLow severity
- Informational
- InformationalInformational severity
- HIGH
- HighHigh severity
- MEDIUM
- MediumMedium severity
- LOW
- LowLow severity
- INFORMATIONAL
- InformationalInformational severity
- "High"
- HighHigh severity
- "Medium"
- MediumMedium severity
- "Low"
- LowLow severity
- "Informational"
- InformationalInformational severity
IncidentStatus, IncidentStatusArgs
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- Incident
Status New - NewAn active incident which isn't being handled currently
- Incident
Status Active - ActiveAn active incident which is being handled
- Incident
Status Closed - ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- New
- NewAn active incident which isn't being handled currently
- Active
- ActiveAn active incident which is being handled
- Closed
- ClosedA non-active incident
- NEW
- NewAn active incident which isn't being handled currently
- ACTIVE
- ActiveAn active incident which is being handled
- CLOSED
- ClosedA non-active incident
- "New"
- NewAn active incident which isn't being handled currently
- "Active"
- ActiveAn active incident which is being handled
- "Closed"
- ClosedA non-active incident
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:Incident 73e01a99-5cd7-4139-a149-9f2736ff2ab5 /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/incidents/73e01a99-5cd7-4139-a149-9f2736ff2ab5
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- azure-native-v1 pulumi/pulumi-azure-native
- License
- Apache-2.0
These are the docs for Azure Native v1. We recommenend using the latest version, Azure Native v2.
Azure Native v1 v1.104.0 published on Thursday, Jul 6, 2023 by Pulumi