azurermSentinelAlertRuleThreatIntelligence
Manages a Sentinel Threat Intelligence Alert Rule.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
this,
"example",
{
location: "West Europe",
name: "example-resources",
}
);
const azurermLogAnalyticsWorkspaceExample =
new azurerm.logAnalyticsWorkspace.LogAnalyticsWorkspace(this, "example_2", {
location: azurermResourceGroupExample.location,
name: "example-workspace",
resource_group_name: azurermResourceGroupExample.name,
sku: "pergb2018",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsWorkspaceExample.overrideLogicalId("example");
const azurermLogAnalyticsSolutionExample =
new azurerm.logAnalyticsSolution.LogAnalyticsSolution(this, "example_3", {
location: azurermResourceGroupExample.location,
plan: [
{
product: "OMSGallery/SecurityInsights",
publisher: "Microsoft",
},
],
resource_group_name: azurermResourceGroupExample.name,
solution_name: "SecurityInsights",
workspace_name: azurermLogAnalyticsWorkspaceExample.name,
workspace_resource_id: azurermLogAnalyticsWorkspaceExample.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLogAnalyticsSolutionExample.overrideLogicalId("example");
const dataAzurermSentinelAlertRuleTemplateExample =
new azurerm.dataAzurermSentinelAlertRuleTemplate.DataAzurermSentinelAlertRuleTemplate(
this,
"example_4",
{
display_name: "(Preview) Microsoft Threat Intelligence Analytics",
log_analytics_workspace_id:
azurermLogAnalyticsSolutionExample.workspaceResourceId,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermSentinelAlertRuleTemplateExample.overrideLogicalId("example");
const azurermSentinelAlertRuleThreatIntelligenceExample =
new azurerm.sentinelAlertRuleThreatIntelligence.SentinelAlertRuleThreatIntelligence(
this,
"example_5",
{
alert_rule_template_guid:
dataAzurermSentinelAlertRuleTemplateExample.name,
log_analytics_workspace_id:
azurermLogAnalyticsSolutionExample.workspaceResourceId,
name: "example-rule",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSentinelAlertRuleThreatIntelligenceExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
name
- (Required) The name which should be used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created. -
logAnalyticsWorkspaceId
- (Required) The ID of the Log Analytics Workspace this Sentinel Threat Intelligence Alert Rule belongs to. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created. -
alertRuleTemplateGuid
- (Required) The GUID of the alert rule template which is used for this Sentinel Threat Intelligence Alert Rule. Changing this forces a new Sentinel Threat Intelligence Alert Rule to be created. -
enabled
- (Optional) Whether the Threat Intelligence Alert rule enabled? Defaults totrue
.
Attributes Reference
In addition to the Arguments listed above - the following Attributes are exported:
id
- The ID of the Sentinel NRT Alert Rule.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the Sentinel NRT Alert Rule.read
- (Defaults to 5 minutes) Used when retrieving the Sentinel NRT Alert Rule.update
- (Defaults to 30 minutes) Used when updating the Sentinel NRT Alert Rule.delete
- (Defaults to 30 minutes) Used when deleting the Sentinel NRT Alert Rule.
Import
Sentinel Threat Intelligence Alert Rules can be imported using the resourceId
, e.g.