azurermSentinelAlertRuleFusion
Manages a Sentinel Fusion Alert Rule.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermLogAnalyticsWorkspaceExample =
new azurerm.logAnalyticsWorkspace.LogAnalyticsWorkspace(this, "example_1", {
location: azurermResourceGroupExample.location,
name: "example-workspace",
resource_group_name: azurermResourceGroupExample.name,
sku: "PerGB2018",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsWorkspaceExample.overrideLogicalId("example");
const azurermLogAnalyticsSolutionExample =
new azurerm.logAnalyticsSolution.LogAnalyticsSolution(this, "example_2", {
location: azurermResourceGroupExample.location,
plan: [
{
product: "OMSGallery/SecurityInsights",
publisher: "Microsoft",
},
],
resource_group_name: azurermResourceGroupExample.name,
solution_name: "SecurityInsights",
workspace_name: azurermLogAnalyticsWorkspaceExample.name,
workspace_resource_id: azurermLogAnalyticsWorkspaceExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsSolutionExample.overrideLogicalId("example");
const azurermSentinelAlertRuleFusionExample =
new azurerm.sentinelAlertRuleFusion.SentinelAlertRuleFusion(
this,
"example_3",
{
alert_rule_template_guid: "f71aba3d-28fb-450b-b192-4e76a83015c8",
log_analytics_workspace_id:
azurermLogAnalyticsSolutionExample.workspaceResourceId,
name: "example-fusion-alert-rule",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSentinelAlertRuleFusionExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
name
- (Required) The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created. -
logAnalyticsWorkspaceId
- (Required) The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created. -
alertRuleTemplateGuid
- (Required) The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created. -
enabled
- (Optional) Should this Sentinel Fusion Alert Rule be enabled? Defaults totrue
. -
source
- (Optional) One or moresource
blocks as defined below.
A source
block supports the following:
-
name
- (Required) The name of the Fusion source signal. Refer to Fusion alert rule template for supported values. -
enabled
- (Optional) Whether this source signal is enabled or disabled in Fusion detection? Defaults totrue
. -
subType
- (Optional) One or moresubType
blocks as defined below.
A subType
block supports the following:
-
name
- (Required) The Name of the source subtype under a given source signal in Fusion detection. Refer to Fusion alert rule template for supported values. -
enabled
- (Optional) Whether this source subtype under source signal is enabled or disabled in Fusion detection. Defaults totrue
. -
severitiesAllowed
- (Required) A list of severities that are enabled for this source subtype consumed in Fusion detection. Possible values for each element arehigh
,medium
,low
,informational
.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Sentinel Fusion Alert Rule.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Sentinel Fusion Alert Rule.read
- (Defaults to 5 minutes) Used when retrieving the Sentinel Fusion Alert Rule.update
- (Defaults to 30 minutes) Used when updating the Sentinel Fusion Alert Rule.delete
- (Defaults to 30 minutes) Used when deleting the Sentinel Fusion Alert Rule.
Import
Sentinel Fusion Alert Rules can be imported using the resourceId
, e.g.