We recommend using Azure Native.
azure.securitycenter.Automation
Explore with Pulumi AI
Manages Security Center Automation and Continuous Export. This resource supports three types of destination in the action
, Logic Apps, Log Analytics and Event Hubs
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const current = azure.core.getClientConfig({});
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleEventHubNamespace = new azure.eventhub.EventHubNamespace("example", {
name: "example-namespace",
location: example.location,
resourceGroupName: example.name,
sku: "Standard",
capacity: 2,
});
const exampleEventHub = new azure.eventhub.EventHub("example", {
name: "acceptanceTestEventHub",
namespaceName: exampleEventHubNamespace.name,
resourceGroupName: example.name,
partitionCount: 2,
messageRetention: 2,
});
const exampleAuthorizationRule = new azure.eventhub.AuthorizationRule("example", {
name: "example-rule",
namespaceName: exampleEventHubNamespace.name,
eventhubName: exampleEventHub.name,
resourceGroupName: example.name,
listen: true,
send: false,
manage: false,
});
const exampleAutomation = new azure.securitycenter.Automation("example", {
name: "example-automation",
location: example.location,
resourceGroupName: example.name,
actions: [{
type: "eventhub",
resourceId: exampleEventHub.id,
connectionString: exampleAuthorizationRule.primaryConnectionString,
}],
sources: [{
eventSource: "Alerts",
ruleSets: [{
rules: [{
propertyPath: "properties.metadata.severity",
operator: "Equals",
expectedValue: "High",
propertyType: "String",
}],
}],
}],
scopes: [current.then(current => `/subscriptions/${current.subscriptionId}`)],
});
import pulumi
import pulumi_azure as azure
current = azure.core.get_client_config()
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_event_hub_namespace = azure.eventhub.EventHubNamespace("example",
name="example-namespace",
location=example.location,
resource_group_name=example.name,
sku="Standard",
capacity=2)
example_event_hub = azure.eventhub.EventHub("example",
name="acceptanceTestEventHub",
namespace_name=example_event_hub_namespace.name,
resource_group_name=example.name,
partition_count=2,
message_retention=2)
example_authorization_rule = azure.eventhub.AuthorizationRule("example",
name="example-rule",
namespace_name=example_event_hub_namespace.name,
eventhub_name=example_event_hub.name,
resource_group_name=example.name,
listen=True,
send=False,
manage=False)
example_automation = azure.securitycenter.Automation("example",
name="example-automation",
location=example.location,
resource_group_name=example.name,
actions=[{
"type": "eventhub",
"resource_id": example_event_hub.id,
"connection_string": example_authorization_rule.primary_connection_string,
}],
sources=[{
"event_source": "Alerts",
"rule_sets": [{
"rules": [{
"property_path": "properties.metadata.severity",
"operator": "Equals",
"expected_value": "High",
"property_type": "String",
}],
}],
}],
scopes=[f"/subscriptions/{current.subscription_id}"])
package main
import (
"fmt"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/eventhub"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/securitycenter"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := core.GetClientConfig(ctx, nil, nil)
if err != nil {
return err
}
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleEventHubNamespace, err := eventhub.NewEventHubNamespace(ctx, "example", &eventhub.EventHubNamespaceArgs{
Name: pulumi.String("example-namespace"),
Location: example.Location,
ResourceGroupName: example.Name,
Sku: pulumi.String("Standard"),
Capacity: pulumi.Int(2),
})
if err != nil {
return err
}
exampleEventHub, err := eventhub.NewEventHub(ctx, "example", &eventhub.EventHubArgs{
Name: pulumi.String("acceptanceTestEventHub"),
NamespaceName: exampleEventHubNamespace.Name,
ResourceGroupName: example.Name,
PartitionCount: pulumi.Int(2),
MessageRetention: pulumi.Int(2),
})
if err != nil {
return err
}
exampleAuthorizationRule, err := eventhub.NewAuthorizationRule(ctx, "example", &eventhub.AuthorizationRuleArgs{
Name: pulumi.String("example-rule"),
NamespaceName: exampleEventHubNamespace.Name,
EventhubName: exampleEventHub.Name,
ResourceGroupName: example.Name,
Listen: pulumi.Bool(true),
Send: pulumi.Bool(false),
Manage: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = securitycenter.NewAutomation(ctx, "example", &securitycenter.AutomationArgs{
Name: pulumi.String("example-automation"),
Location: example.Location,
ResourceGroupName: example.Name,
Actions: securitycenter.AutomationActionArray{
&securitycenter.AutomationActionArgs{
Type: pulumi.String("eventhub"),
ResourceId: exampleEventHub.ID(),
ConnectionString: exampleAuthorizationRule.PrimaryConnectionString,
},
},
Sources: securitycenter.AutomationSourceArray{
&securitycenter.AutomationSourceArgs{
EventSource: pulumi.String("Alerts"),
RuleSets: securitycenter.AutomationSourceRuleSetArray{
&securitycenter.AutomationSourceRuleSetArgs{
Rules: securitycenter.AutomationSourceRuleSetRuleArray{
&securitycenter.AutomationSourceRuleSetRuleArgs{
PropertyPath: pulumi.String("properties.metadata.severity"),
Operator: pulumi.String("Equals"),
ExpectedValue: pulumi.String("High"),
PropertyType: pulumi.String("String"),
},
},
},
},
},
},
Scopes: pulumi.StringArray{
pulumi.Sprintf("/subscriptions/%v", current.SubscriptionId),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var current = Azure.Core.GetClientConfig.Invoke();
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleEventHubNamespace = new Azure.EventHub.EventHubNamespace("example", new()
{
Name = "example-namespace",
Location = example.Location,
ResourceGroupName = example.Name,
Sku = "Standard",
Capacity = 2,
});
var exampleEventHub = new Azure.EventHub.EventHub("example", new()
{
Name = "acceptanceTestEventHub",
NamespaceName = exampleEventHubNamespace.Name,
ResourceGroupName = example.Name,
PartitionCount = 2,
MessageRetention = 2,
});
var exampleAuthorizationRule = new Azure.EventHub.AuthorizationRule("example", new()
{
Name = "example-rule",
NamespaceName = exampleEventHubNamespace.Name,
EventhubName = exampleEventHub.Name,
ResourceGroupName = example.Name,
Listen = true,
Send = false,
Manage = false,
});
var exampleAutomation = new Azure.SecurityCenter.Automation("example", new()
{
Name = "example-automation",
Location = example.Location,
ResourceGroupName = example.Name,
Actions = new[]
{
new Azure.SecurityCenter.Inputs.AutomationActionArgs
{
Type = "eventhub",
ResourceId = exampleEventHub.Id,
ConnectionString = exampleAuthorizationRule.PrimaryConnectionString,
},
},
Sources = new[]
{
new Azure.SecurityCenter.Inputs.AutomationSourceArgs
{
EventSource = "Alerts",
RuleSets = new[]
{
new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetArgs
{
Rules = new[]
{
new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetRuleArgs
{
PropertyPath = "properties.metadata.severity",
Operator = "Equals",
ExpectedValue = "High",
PropertyType = "String",
},
},
},
},
},
},
Scopes = new[]
{
$"/subscriptions/{current.Apply(getClientConfigResult => getClientConfigResult.SubscriptionId)}",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.eventhub.EventHubNamespace;
import com.pulumi.azure.eventhub.EventHubNamespaceArgs;
import com.pulumi.azure.eventhub.EventHub;
import com.pulumi.azure.eventhub.EventHubArgs;
import com.pulumi.azure.eventhub.AuthorizationRule;
import com.pulumi.azure.eventhub.AuthorizationRuleArgs;
import com.pulumi.azure.securitycenter.Automation;
import com.pulumi.azure.securitycenter.AutomationArgs;
import com.pulumi.azure.securitycenter.inputs.AutomationActionArgs;
import com.pulumi.azure.securitycenter.inputs.AutomationSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = CoreFunctions.getClientConfig();
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleEventHubNamespace = new EventHubNamespace("exampleEventHubNamespace", EventHubNamespaceArgs.builder()
.name("example-namespace")
.location(example.location())
.resourceGroupName(example.name())
.sku("Standard")
.capacity(2)
.build());
var exampleEventHub = new EventHub("exampleEventHub", EventHubArgs.builder()
.name("acceptanceTestEventHub")
.namespaceName(exampleEventHubNamespace.name())
.resourceGroupName(example.name())
.partitionCount(2)
.messageRetention(2)
.build());
var exampleAuthorizationRule = new AuthorizationRule("exampleAuthorizationRule", AuthorizationRuleArgs.builder()
.name("example-rule")
.namespaceName(exampleEventHubNamespace.name())
.eventhubName(exampleEventHub.name())
.resourceGroupName(example.name())
.listen(true)
.send(false)
.manage(false)
.build());
var exampleAutomation = new Automation("exampleAutomation", AutomationArgs.builder()
.name("example-automation")
.location(example.location())
.resourceGroupName(example.name())
.actions(AutomationActionArgs.builder()
.type("eventhub")
.resourceId(exampleEventHub.id())
.connectionString(exampleAuthorizationRule.primaryConnectionString())
.build())
.sources(AutomationSourceArgs.builder()
.eventSource("Alerts")
.ruleSets(AutomationSourceRuleSetArgs.builder()
.rules(AutomationSourceRuleSetRuleArgs.builder()
.propertyPath("properties.metadata.severity")
.operator("Equals")
.expectedValue("High")
.propertyType("String")
.build())
.build())
.build())
.scopes(String.format("/subscriptions/%s", current.applyValue(getClientConfigResult -> getClientConfigResult.subscriptionId())))
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleEventHubNamespace:
type: azure:eventhub:EventHubNamespace
name: example
properties:
name: example-namespace
location: ${example.location}
resourceGroupName: ${example.name}
sku: Standard
capacity: 2
exampleEventHub:
type: azure:eventhub:EventHub
name: example
properties:
name: acceptanceTestEventHub
namespaceName: ${exampleEventHubNamespace.name}
resourceGroupName: ${example.name}
partitionCount: 2
messageRetention: 2
exampleAuthorizationRule:
type: azure:eventhub:AuthorizationRule
name: example
properties:
name: example-rule
namespaceName: ${exampleEventHubNamespace.name}
eventhubName: ${exampleEventHub.name}
resourceGroupName: ${example.name}
listen: true
send: false
manage: false
exampleAutomation:
type: azure:securitycenter:Automation
name: example
properties:
name: example-automation
location: ${example.location}
resourceGroupName: ${example.name}
actions:
- type: eventhub
resourceId: ${exampleEventHub.id}
connectionString: ${exampleAuthorizationRule.primaryConnectionString}
sources:
- eventSource: Alerts
ruleSets:
- rules:
- propertyPath: properties.metadata.severity
operator: Equals
expectedValue: High
propertyType: String
scopes:
- /subscriptions/${current.subscriptionId}
variables:
current:
fn::invoke:
Function: azure:core:getClientConfig
Arguments: {}
Create Automation Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Automation(name: string, args: AutomationArgs, opts?: CustomResourceOptions);
@overload
def Automation(resource_name: str,
args: AutomationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Automation(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[AutomationActionArgs]] = None,
resource_group_name: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
sources: Optional[Sequence[AutomationSourceArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
location: Optional[str] = None,
name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewAutomation(ctx *Context, name string, args AutomationArgs, opts ...ResourceOption) (*Automation, error)
public Automation(string name, AutomationArgs args, CustomResourceOptions? opts = null)
public Automation(String name, AutomationArgs args)
public Automation(String name, AutomationArgs args, CustomResourceOptions options)
type: azure:securitycenter:Automation
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AutomationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AutomationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AutomationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AutomationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var automationResource = new Azure.SecurityCenter.Automation("automationResource", new()
{
Actions = new[]
{
new Azure.SecurityCenter.Inputs.AutomationActionArgs
{
ResourceId = "string",
Type = "string",
ConnectionString = "string",
TriggerUrl = "string",
},
},
ResourceGroupName = "string",
Scopes = new[]
{
"string",
},
Sources = new[]
{
new Azure.SecurityCenter.Inputs.AutomationSourceArgs
{
EventSource = "string",
RuleSets = new[]
{
new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetArgs
{
Rules = new[]
{
new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetRuleArgs
{
ExpectedValue = "string",
Operator = "string",
PropertyPath = "string",
PropertyType = "string",
},
},
},
},
},
},
Description = "string",
Enabled = false,
Location = "string",
Name = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := securitycenter.NewAutomation(ctx, "automationResource", &securitycenter.AutomationArgs{
Actions: securitycenter.AutomationActionArray{
&securitycenter.AutomationActionArgs{
ResourceId: pulumi.String("string"),
Type: pulumi.String("string"),
ConnectionString: pulumi.String("string"),
TriggerUrl: pulumi.String("string"),
},
},
ResourceGroupName: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
Sources: securitycenter.AutomationSourceArray{
&securitycenter.AutomationSourceArgs{
EventSource: pulumi.String("string"),
RuleSets: securitycenter.AutomationSourceRuleSetArray{
&securitycenter.AutomationSourceRuleSetArgs{
Rules: securitycenter.AutomationSourceRuleSetRuleArray{
&securitycenter.AutomationSourceRuleSetRuleArgs{
ExpectedValue: pulumi.String("string"),
Operator: pulumi.String("string"),
PropertyPath: pulumi.String("string"),
PropertyType: pulumi.String("string"),
},
},
},
},
},
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Location: pulumi.String("string"),
Name: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var automationResource = new Automation("automationResource", AutomationArgs.builder()
.actions(AutomationActionArgs.builder()
.resourceId("string")
.type("string")
.connectionString("string")
.triggerUrl("string")
.build())
.resourceGroupName("string")
.scopes("string")
.sources(AutomationSourceArgs.builder()
.eventSource("string")
.ruleSets(AutomationSourceRuleSetArgs.builder()
.rules(AutomationSourceRuleSetRuleArgs.builder()
.expectedValue("string")
.operator("string")
.propertyPath("string")
.propertyType("string")
.build())
.build())
.build())
.description("string")
.enabled(false)
.location("string")
.name("string")
.tags(Map.of("string", "string"))
.build());
automation_resource = azure.securitycenter.Automation("automationResource",
actions=[{
"resourceId": "string",
"type": "string",
"connectionString": "string",
"triggerUrl": "string",
}],
resource_group_name="string",
scopes=["string"],
sources=[{
"eventSource": "string",
"ruleSets": [{
"rules": [{
"expectedValue": "string",
"operator": "string",
"propertyPath": "string",
"propertyType": "string",
}],
}],
}],
description="string",
enabled=False,
location="string",
name="string",
tags={
"string": "string",
})
const automationResource = new azure.securitycenter.Automation("automationResource", {
actions: [{
resourceId: "string",
type: "string",
connectionString: "string",
triggerUrl: "string",
}],
resourceGroupName: "string",
scopes: ["string"],
sources: [{
eventSource: "string",
ruleSets: [{
rules: [{
expectedValue: "string",
operator: "string",
propertyPath: "string",
propertyType: "string",
}],
}],
}],
description: "string",
enabled: false,
location: "string",
name: "string",
tags: {
string: "string",
},
});
type: azure:securitycenter:Automation
properties:
actions:
- connectionString: string
resourceId: string
triggerUrl: string
type: string
description: string
enabled: false
location: string
name: string
resourceGroupName: string
scopes:
- string
sources:
- eventSource: string
ruleSets:
- rules:
- expectedValue: string
operator: string
propertyPath: string
propertyType: string
tags:
string: string
Automation Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Automation resource accepts the following input properties:
- Actions
List<Automation
Action> - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - Resource
Group stringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- Scopes List<string>
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - Sources
List<Automation
Source> - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - Description string
- Specifies the description for the Security Center Automation.
- Enabled bool
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - Location string
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- Name string
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- Dictionary<string, string>
- A mapping of tags assigned to the resource.
- Actions
[]Automation
Action Args - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - Resource
Group stringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- Scopes []string
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - Sources
[]Automation
Source Args - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - Description string
- Specifies the description for the Security Center Automation.
- Enabled bool
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - Location string
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- Name string
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- map[string]string
- A mapping of tags assigned to the resource.
- actions
List<Automation
Action> - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - resource
Group StringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- scopes List<String>
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - sources
List<Automation
Source> - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - description String
- Specifies the description for the Security Center Automation.
- enabled Boolean
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - location String
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- name String
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- Map<String,String>
- A mapping of tags assigned to the resource.
- actions
Automation
Action[] - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - resource
Group stringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- scopes string[]
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - sources
Automation
Source[] - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - description string
- Specifies the description for the Security Center Automation.
- enabled boolean
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - location string
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- name string
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- {[key: string]: string}
- A mapping of tags assigned to the resource.
- actions
Sequence[Automation
Action Args] - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - resource_
group_ strname - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- scopes Sequence[str]
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - sources
Sequence[Automation
Source Args] - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - description str
- Specifies the description for the Security Center Automation.
- enabled bool
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - location str
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- name str
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- Mapping[str, str]
- A mapping of tags assigned to the resource.
- actions List<Property Map>
- One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - resource
Group StringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- scopes List<String>
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - sources List<Property Map>
- One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - description String
- Specifies the description for the Security Center Automation.
- enabled Boolean
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - location String
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- name String
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- Map<String>
- A mapping of tags assigned to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Automation resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Automation Resource
Get an existing Automation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AutomationState, opts?: CustomResourceOptions): Automation
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[AutomationActionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
location: Optional[str] = None,
name: Optional[str] = None,
resource_group_name: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
sources: Optional[Sequence[AutomationSourceArgs]] = None,
tags: Optional[Mapping[str, str]] = None) -> Automation
func GetAutomation(ctx *Context, name string, id IDInput, state *AutomationState, opts ...ResourceOption) (*Automation, error)
public static Automation Get(string name, Input<string> id, AutomationState? state, CustomResourceOptions? opts = null)
public static Automation get(String name, Output<String> id, AutomationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Automation
Action> - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - Description string
- Specifies the description for the Security Center Automation.
- Enabled bool
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - Location string
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- Name string
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- Resource
Group stringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- Scopes List<string>
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - Sources
List<Automation
Source> - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - Dictionary<string, string>
- A mapping of tags assigned to the resource.
- Actions
[]Automation
Action Args - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - Description string
- Specifies the description for the Security Center Automation.
- Enabled bool
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - Location string
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- Name string
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- Resource
Group stringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- Scopes []string
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - Sources
[]Automation
Source Args - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - map[string]string
- A mapping of tags assigned to the resource.
- actions
List<Automation
Action> - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - description String
- Specifies the description for the Security Center Automation.
- enabled Boolean
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - location String
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- name String
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- resource
Group StringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- scopes List<String>
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - sources
List<Automation
Source> - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - Map<String,String>
- A mapping of tags assigned to the resource.
- actions
Automation
Action[] - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - description string
- Specifies the description for the Security Center Automation.
- enabled boolean
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - location string
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- name string
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- resource
Group stringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- scopes string[]
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - sources
Automation
Source[] - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - {[key: string]: string}
- A mapping of tags assigned to the resource.
- actions
Sequence[Automation
Action Args] - One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - description str
- Specifies the description for the Security Center Automation.
- enabled bool
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - location str
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- name str
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- resource_
group_ strname - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- scopes Sequence[str]
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - sources
Sequence[Automation
Source Args] - One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - Mapping[str, str]
- A mapping of tags assigned to the resource.
- actions List<Property Map>
- One or more
action
blocks as defined below. Anaction
tells this automation where the data is to be sent to upon being evaluated by the rules in thesource
. - description String
- Specifies the description for the Security Center Automation.
- enabled Boolean
- Boolean to enable or disable this Security Center Automation. Defaults to
true
. - location String
- The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- name String
The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.
NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either
ExportToWorkspace
orExportToEventHub
must be used.- resource
Group StringName - The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
- scopes List<String>
- A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format
/subscriptions/00000000-0000-0000-0000-000000000000
) or a resource group under that subscription (in the format/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example
). The automation will only apply on defined scopes. - sources List<Property Map>
- One or more
source
blocks as defined below. Asource
defines what data types will be processed and a set of rules to filter that data. - Map<String>
- A mapping of tags assigned to the resource.
Supporting Types
AutomationAction, AutomationActionArgs
- Resource
Id string - The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
- Type string
- Type of Azure resource to send data to. Must be set to one of:
logicapp
,eventhub
orloganalytics
. - Connection
String string - (Optional, but required when
type
iseventhub
) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions. - Trigger
Url string - (Optional, but required when
type
islogicapp
) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
- Resource
Id string - The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
- Type string
- Type of Azure resource to send data to. Must be set to one of:
logicapp
,eventhub
orloganalytics
. - Connection
String string - (Optional, but required when
type
iseventhub
) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions. - Trigger
Url string - (Optional, but required when
type
islogicapp
) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
- resource
Id String - The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
- type String
- Type of Azure resource to send data to. Must be set to one of:
logicapp
,eventhub
orloganalytics
. - connection
String String - (Optional, but required when
type
iseventhub
) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions. - trigger
Url String - (Optional, but required when
type
islogicapp
) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
- resource
Id string - The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
- type string
- Type of Azure resource to send data to. Must be set to one of:
logicapp
,eventhub
orloganalytics
. - connection
String string - (Optional, but required when
type
iseventhub
) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions. - trigger
Url string - (Optional, but required when
type
islogicapp
) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
- resource_
id str - The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
- type str
- Type of Azure resource to send data to. Must be set to one of:
logicapp
,eventhub
orloganalytics
. - connection_
string str - (Optional, but required when
type
iseventhub
) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions. - trigger_
url str - (Optional, but required when
type
islogicapp
) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
- resource
Id String - The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
- type String
- Type of Azure resource to send data to. Must be set to one of:
logicapp
,eventhub
orloganalytics
. - connection
String String - (Optional, but required when
type
iseventhub
) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions. - trigger
Url String - (Optional, but required when
type
islogicapp
) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
AutomationSource, AutomationSourceArgs
- Event
Source string - Type of data that will trigger this automation. Must be one of
Alerts
,Assessments
,AssessmentsSnapshot
,RegulatoryComplianceAssessment
,RegulatoryComplianceAssessmentSnapshot
,SecureScoreControls
,SecureScoreControlsSnapshot
,SecureScores
,SecureScoresSnapshot
,SubAssessments
orSubAssessmentsSnapshot
. Note. assessments are also referred to as recommendations - Rule
Sets List<AutomationSource Rule Set> A set of rules which evaluate upon event and data interception. This is defined in one or more
rule_set
blocks as defined below.NOTE: When multiple
rule_set
block are provided, a logical 'OR' is applied to the evaluation of them.
- Event
Source string - Type of data that will trigger this automation. Must be one of
Alerts
,Assessments
,AssessmentsSnapshot
,RegulatoryComplianceAssessment
,RegulatoryComplianceAssessmentSnapshot
,SecureScoreControls
,SecureScoreControlsSnapshot
,SecureScores
,SecureScoresSnapshot
,SubAssessments
orSubAssessmentsSnapshot
. Note. assessments are also referred to as recommendations - Rule
Sets []AutomationSource Rule Set A set of rules which evaluate upon event and data interception. This is defined in one or more
rule_set
blocks as defined below.NOTE: When multiple
rule_set
block are provided, a logical 'OR' is applied to the evaluation of them.
- event
Source String - Type of data that will trigger this automation. Must be one of
Alerts
,Assessments
,AssessmentsSnapshot
,RegulatoryComplianceAssessment
,RegulatoryComplianceAssessmentSnapshot
,SecureScoreControls
,SecureScoreControlsSnapshot
,SecureScores
,SecureScoresSnapshot
,SubAssessments
orSubAssessmentsSnapshot
. Note. assessments are also referred to as recommendations - rule
Sets List<AutomationSource Rule Set> A set of rules which evaluate upon event and data interception. This is defined in one or more
rule_set
blocks as defined below.NOTE: When multiple
rule_set
block are provided, a logical 'OR' is applied to the evaluation of them.
- event
Source string - Type of data that will trigger this automation. Must be one of
Alerts
,Assessments
,AssessmentsSnapshot
,RegulatoryComplianceAssessment
,RegulatoryComplianceAssessmentSnapshot
,SecureScoreControls
,SecureScoreControlsSnapshot
,SecureScores
,SecureScoresSnapshot
,SubAssessments
orSubAssessmentsSnapshot
. Note. assessments are also referred to as recommendations - rule
Sets AutomationSource Rule Set[] A set of rules which evaluate upon event and data interception. This is defined in one or more
rule_set
blocks as defined below.NOTE: When multiple
rule_set
block are provided, a logical 'OR' is applied to the evaluation of them.
- event_
source str - Type of data that will trigger this automation. Must be one of
Alerts
,Assessments
,AssessmentsSnapshot
,RegulatoryComplianceAssessment
,RegulatoryComplianceAssessmentSnapshot
,SecureScoreControls
,SecureScoreControlsSnapshot
,SecureScores
,SecureScoresSnapshot
,SubAssessments
orSubAssessmentsSnapshot
. Note. assessments are also referred to as recommendations - rule_
sets Sequence[AutomationSource Rule Set] A set of rules which evaluate upon event and data interception. This is defined in one or more
rule_set
blocks as defined below.NOTE: When multiple
rule_set
block are provided, a logical 'OR' is applied to the evaluation of them.
- event
Source String - Type of data that will trigger this automation. Must be one of
Alerts
,Assessments
,AssessmentsSnapshot
,RegulatoryComplianceAssessment
,RegulatoryComplianceAssessmentSnapshot
,SecureScoreControls
,SecureScoreControlsSnapshot
,SecureScores
,SecureScoresSnapshot
,SubAssessments
orSubAssessmentsSnapshot
. Note. assessments are also referred to as recommendations - rule
Sets List<Property Map> A set of rules which evaluate upon event and data interception. This is defined in one or more
rule_set
blocks as defined below.NOTE: When multiple
rule_set
block are provided, a logical 'OR' is applied to the evaluation of them.
AutomationSourceRuleSet, AutomationSourceRuleSetArgs
- Rules
List<Automation
Source Rule Set Rule> One or more
rule
blocks as defined below.NOTE: This automation will trigger when all of the
rule
s in thisrule_set
are evaluated as 'true'. This is equivalent to a logical 'AND'.
- Rules
[]Automation
Source Rule Set Rule One or more
rule
blocks as defined below.NOTE: This automation will trigger when all of the
rule
s in thisrule_set
are evaluated as 'true'. This is equivalent to a logical 'AND'.
- rules
List<Automation
Source Rule Set Rule> One or more
rule
blocks as defined below.NOTE: This automation will trigger when all of the
rule
s in thisrule_set
are evaluated as 'true'. This is equivalent to a logical 'AND'.
- rules
Automation
Source Rule Set Rule[] One or more
rule
blocks as defined below.NOTE: This automation will trigger when all of the
rule
s in thisrule_set
are evaluated as 'true'. This is equivalent to a logical 'AND'.
- rules
Sequence[Automation
Source Rule Set Rule] One or more
rule
blocks as defined below.NOTE: This automation will trigger when all of the
rule
s in thisrule_set
are evaluated as 'true'. This is equivalent to a logical 'AND'.
- rules List<Property Map>
One or more
rule
blocks as defined below.NOTE: This automation will trigger when all of the
rule
s in thisrule_set
are evaluated as 'true'. This is equivalent to a logical 'AND'.
AutomationSourceRuleSetRule, AutomationSourceRuleSetRuleArgs
- Expected
Value string - A value that will be compared with the value in
property_path
. - Operator string
- The comparison operator to use, must be one of:
Contains
,EndsWith
,Equals
,GreaterThan
,GreaterThanOrEqualTo
,LesserThan
,LesserThanOrEqualTo
,NotEquals
,StartsWith
- Property
Path string - The JPath of the entity model property that should be checked.
- Property
Type string The data type of the compared operands, must be one of:
Integer
,String
,Boolean
orNumber
.NOTE: The schema for Security Center alerts (when
event_source
is "Alerts") can be found here
- Expected
Value string - A value that will be compared with the value in
property_path
. - Operator string
- The comparison operator to use, must be one of:
Contains
,EndsWith
,Equals
,GreaterThan
,GreaterThanOrEqualTo
,LesserThan
,LesserThanOrEqualTo
,NotEquals
,StartsWith
- Property
Path string - The JPath of the entity model property that should be checked.
- Property
Type string The data type of the compared operands, must be one of:
Integer
,String
,Boolean
orNumber
.NOTE: The schema for Security Center alerts (when
event_source
is "Alerts") can be found here
- expected
Value String - A value that will be compared with the value in
property_path
. - operator String
- The comparison operator to use, must be one of:
Contains
,EndsWith
,Equals
,GreaterThan
,GreaterThanOrEqualTo
,LesserThan
,LesserThanOrEqualTo
,NotEquals
,StartsWith
- property
Path String - The JPath of the entity model property that should be checked.
- property
Type String The data type of the compared operands, must be one of:
Integer
,String
,Boolean
orNumber
.NOTE: The schema for Security Center alerts (when
event_source
is "Alerts") can be found here
- expected
Value string - A value that will be compared with the value in
property_path
. - operator string
- The comparison operator to use, must be one of:
Contains
,EndsWith
,Equals
,GreaterThan
,GreaterThanOrEqualTo
,LesserThan
,LesserThanOrEqualTo
,NotEquals
,StartsWith
- property
Path string - The JPath of the entity model property that should be checked.
- property
Type string The data type of the compared operands, must be one of:
Integer
,String
,Boolean
orNumber
.NOTE: The schema for Security Center alerts (when
event_source
is "Alerts") can be found here
- expected_
value str - A value that will be compared with the value in
property_path
. - operator str
- The comparison operator to use, must be one of:
Contains
,EndsWith
,Equals
,GreaterThan
,GreaterThanOrEqualTo
,LesserThan
,LesserThanOrEqualTo
,NotEquals
,StartsWith
- property_
path str - The JPath of the entity model property that should be checked.
- property_
type str The data type of the compared operands, must be one of:
Integer
,String
,Boolean
orNumber
.NOTE: The schema for Security Center alerts (when
event_source
is "Alerts") can be found here
- expected
Value String - A value that will be compared with the value in
property_path
. - operator String
- The comparison operator to use, must be one of:
Contains
,EndsWith
,Equals
,GreaterThan
,GreaterThanOrEqualTo
,LesserThan
,LesserThanOrEqualTo
,NotEquals
,StartsWith
- property
Path String - The JPath of the entity model property that should be checked.
- property
Type String The data type of the compared operands, must be one of:
Integer
,String
,Boolean
orNumber
.NOTE: The schema for Security Center alerts (when
event_source
is "Alerts") can be found here
Import
Security Center Automations can be imported using the resource id
, e.g.
$ pulumi import azure:securitycenter/automation:Automation example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Security/automations/automation1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.