Skip to content

azurermSentinelAlertRuleThreatIntelligence

Manages a Sentinel Threat Intelligence Alert Rule.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermLogAnalyticsWorkspaceExample =
  new azurerm.logAnalyticsWorkspace.LogAnalyticsWorkspace(this, "example_2", {
    location: azurermResourceGroupExample.location,
    name: "example-workspace",
    resource_group_name: azurermResourceGroupExample.name,
    sku: "pergb2018",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsWorkspaceExample.overrideLogicalId("example");
const azurermLogAnalyticsSolutionExample =
  new azurerm.logAnalyticsSolution.LogAnalyticsSolution(this, "example_3", {
    location: azurermResourceGroupExample.location,
    plan: [
      {
        product: "OMSGallery/SecurityInsights",
        publisher: "Microsoft",
      },
    ],
    resource_group_name: azurermResourceGroupExample.name,
    solution_name: "SecurityInsights",
    workspace_name: azurermLogAnalyticsWorkspaceExample.name,
    workspace_resource_id: azurermLogAnalyticsWorkspaceExample.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsSolutionExample.overrideLogicalId("example");
const dataAzurermSentinelAlertRuleTemplateExample =
  new azurerm.dataAzurermSentinelAlertRuleTemplate.DataAzurermSentinelAlertRuleTemplate(
    this,
    "example_4",
    {
      display_name: "(Preview) Microsoft Threat Intelligence Analytics",
      log_analytics_workspace_id:
        azurermLogAnalyticsSolutionExample.workspaceResourceId,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermSentinelAlertRuleTemplateExample.overrideLogicalId("example");
const azurermSentinelAlertRuleThreatIntelligenceExample =
  new azurerm.sentinelAlertRuleThreatIntelligence.SentinelAlertRuleThreatIntelligence(
    this,
    "example_5",
    {
      alert_rule_template_guid:
        dataAzurermSentinelAlertRuleTemplateExample.name,
      log_analytics_workspace_id:
        azurermLogAnalyticsSolutionExample.workspaceResourceId,
      name: "example-rule",
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSentinelAlertRuleThreatIntelligenceExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • name - (Required) The name which should be used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.

  • logAnalyticsWorkspaceId - (Required) The ID of the Log Analytics Workspace this Sentinel Threat Intelligence Alert Rule belongs to. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.

  • alertRuleTemplateGuid - (Required) The GUID of the alert rule template which is used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created.

  • enabled - (Optional) Whether the Threat Intelligence Alert rule enabled? Defaults to true.

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

  • id - The ID of the Sentinel NRT Alert Rule.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the Sentinel NRT Alert Rule.
  • read - (Defaults to 5 minutes) Used when retrieving the Sentinel NRT Alert Rule.
  • update - (Defaults to 30 minutes) Used when updating the Sentinel NRT Alert Rule.
  • delete - (Defaults to 30 minutes) Used when deleting the Sentinel NRT Alert Rule.

Import

Sentinel Threat Intelligence Alert Rules can be imported using the resourceId, e.g.

terraform import azurerm_sentinel_alert_rule_threat_intelligence.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1