1. Packages
  2. Azure Classic
  3. API Docs
  4. securitycenter
  5. Automation

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi

azure.securitycenter.Automation

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi

    Manages Security Center Automation and Continuous Export. This resource supports three types of destination in the action, Logic Apps, Log Analytics and Event Hubs

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const current = azure.core.getClientConfig({});
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resources",
        location: "West Europe",
    });
    const exampleEventHubNamespace = new azure.eventhub.EventHubNamespace("example", {
        name: "example-namespace",
        location: example.location,
        resourceGroupName: example.name,
        sku: "Standard",
        capacity: 2,
    });
    const exampleEventHub = new azure.eventhub.EventHub("example", {
        name: "acceptanceTestEventHub",
        namespaceName: exampleEventHubNamespace.name,
        resourceGroupName: example.name,
        partitionCount: 2,
        messageRetention: 2,
    });
    const exampleAuthorizationRule = new azure.eventhub.AuthorizationRule("example", {
        name: "example-rule",
        namespaceName: exampleEventHubNamespace.name,
        eventhubName: exampleEventHub.name,
        resourceGroupName: example.name,
        listen: true,
        send: false,
        manage: false,
    });
    const exampleAutomation = new azure.securitycenter.Automation("example", {
        name: "example-automation",
        location: example.location,
        resourceGroupName: example.name,
        actions: [{
            type: "eventhub",
            resourceId: exampleEventHub.id,
            connectionString: exampleAuthorizationRule.primaryConnectionString,
        }],
        sources: [{
            eventSource: "Alerts",
            ruleSets: [{
                rules: [{
                    propertyPath: "properties.metadata.severity",
                    operator: "Equals",
                    expectedValue: "High",
                    propertyType: "String",
                }],
            }],
        }],
        scopes: [current.then(current => `/subscriptions/${current.subscriptionId}`)],
    });
    
    import pulumi
    import pulumi_azure as azure
    
    current = azure.core.get_client_config()
    example = azure.core.ResourceGroup("example",
        name="example-resources",
        location="West Europe")
    example_event_hub_namespace = azure.eventhub.EventHubNamespace("example",
        name="example-namespace",
        location=example.location,
        resource_group_name=example.name,
        sku="Standard",
        capacity=2)
    example_event_hub = azure.eventhub.EventHub("example",
        name="acceptanceTestEventHub",
        namespace_name=example_event_hub_namespace.name,
        resource_group_name=example.name,
        partition_count=2,
        message_retention=2)
    example_authorization_rule = azure.eventhub.AuthorizationRule("example",
        name="example-rule",
        namespace_name=example_event_hub_namespace.name,
        eventhub_name=example_event_hub.name,
        resource_group_name=example.name,
        listen=True,
        send=False,
        manage=False)
    example_automation = azure.securitycenter.Automation("example",
        name="example-automation",
        location=example.location,
        resource_group_name=example.name,
        actions=[azure.securitycenter.AutomationActionArgs(
            type="eventhub",
            resource_id=example_event_hub.id,
            connection_string=example_authorization_rule.primary_connection_string,
        )],
        sources=[azure.securitycenter.AutomationSourceArgs(
            event_source="Alerts",
            rule_sets=[azure.securitycenter.AutomationSourceRuleSetArgs(
                rules=[azure.securitycenter.AutomationSourceRuleSetRuleArgs(
                    property_path="properties.metadata.severity",
                    operator="Equals",
                    expected_value="High",
                    property_type="String",
                )],
            )],
        )],
        scopes=[f"/subscriptions/{current.subscription_id}"])
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/eventhub"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/securitycenter"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		current, err := core.GetClientConfig(ctx, nil, nil)
    		if err != nil {
    			return err
    		}
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resources"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleEventHubNamespace, err := eventhub.NewEventHubNamespace(ctx, "example", &eventhub.EventHubNamespaceArgs{
    			Name:              pulumi.String("example-namespace"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			Sku:               pulumi.String("Standard"),
    			Capacity:          pulumi.Int(2),
    		})
    		if err != nil {
    			return err
    		}
    		exampleEventHub, err := eventhub.NewEventHub(ctx, "example", &eventhub.EventHubArgs{
    			Name:              pulumi.String("acceptanceTestEventHub"),
    			NamespaceName:     exampleEventHubNamespace.Name,
    			ResourceGroupName: example.Name,
    			PartitionCount:    pulumi.Int(2),
    			MessageRetention:  pulumi.Int(2),
    		})
    		if err != nil {
    			return err
    		}
    		exampleAuthorizationRule, err := eventhub.NewAuthorizationRule(ctx, "example", &eventhub.AuthorizationRuleArgs{
    			Name:              pulumi.String("example-rule"),
    			NamespaceName:     exampleEventHubNamespace.Name,
    			EventhubName:      exampleEventHub.Name,
    			ResourceGroupName: example.Name,
    			Listen:            pulumi.Bool(true),
    			Send:              pulumi.Bool(false),
    			Manage:            pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = securitycenter.NewAutomation(ctx, "example", &securitycenter.AutomationArgs{
    			Name:              pulumi.String("example-automation"),
    			Location:          example.Location,
    			ResourceGroupName: example.Name,
    			Actions: securitycenter.AutomationActionArray{
    				&securitycenter.AutomationActionArgs{
    					Type:             pulumi.String("eventhub"),
    					ResourceId:       exampleEventHub.ID(),
    					ConnectionString: exampleAuthorizationRule.PrimaryConnectionString,
    				},
    			},
    			Sources: securitycenter.AutomationSourceArray{
    				&securitycenter.AutomationSourceArgs{
    					EventSource: pulumi.String("Alerts"),
    					RuleSets: securitycenter.AutomationSourceRuleSetArray{
    						&securitycenter.AutomationSourceRuleSetArgs{
    							Rules: securitycenter.AutomationSourceRuleSetRuleArray{
    								&securitycenter.AutomationSourceRuleSetRuleArgs{
    									PropertyPath:  pulumi.String("properties.metadata.severity"),
    									Operator:      pulumi.String("Equals"),
    									ExpectedValue: pulumi.String("High"),
    									PropertyType:  pulumi.String("String"),
    								},
    							},
    						},
    					},
    				},
    			},
    			Scopes: pulumi.StringArray{
    				pulumi.String(fmt.Sprintf("/subscriptions/%v", current.SubscriptionId)),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var current = Azure.Core.GetClientConfig.Invoke();
    
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resources",
            Location = "West Europe",
        });
    
        var exampleEventHubNamespace = new Azure.EventHub.EventHubNamespace("example", new()
        {
            Name = "example-namespace",
            Location = example.Location,
            ResourceGroupName = example.Name,
            Sku = "Standard",
            Capacity = 2,
        });
    
        var exampleEventHub = new Azure.EventHub.EventHub("example", new()
        {
            Name = "acceptanceTestEventHub",
            NamespaceName = exampleEventHubNamespace.Name,
            ResourceGroupName = example.Name,
            PartitionCount = 2,
            MessageRetention = 2,
        });
    
        var exampleAuthorizationRule = new Azure.EventHub.AuthorizationRule("example", new()
        {
            Name = "example-rule",
            NamespaceName = exampleEventHubNamespace.Name,
            EventhubName = exampleEventHub.Name,
            ResourceGroupName = example.Name,
            Listen = true,
            Send = false,
            Manage = false,
        });
    
        var exampleAutomation = new Azure.SecurityCenter.Automation("example", new()
        {
            Name = "example-automation",
            Location = example.Location,
            ResourceGroupName = example.Name,
            Actions = new[]
            {
                new Azure.SecurityCenter.Inputs.AutomationActionArgs
                {
                    Type = "eventhub",
                    ResourceId = exampleEventHub.Id,
                    ConnectionString = exampleAuthorizationRule.PrimaryConnectionString,
                },
            },
            Sources = new[]
            {
                new Azure.SecurityCenter.Inputs.AutomationSourceArgs
                {
                    EventSource = "Alerts",
                    RuleSets = new[]
                    {
                        new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetArgs
                        {
                            Rules = new[]
                            {
                                new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetRuleArgs
                                {
                                    PropertyPath = "properties.metadata.severity",
                                    Operator = "Equals",
                                    ExpectedValue = "High",
                                    PropertyType = "String",
                                },
                            },
                        },
                    },
                },
            },
            Scopes = new[]
            {
                $"/subscriptions/{current.Apply(getClientConfigResult => getClientConfigResult.SubscriptionId)}",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.CoreFunctions;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.eventhub.EventHubNamespace;
    import com.pulumi.azure.eventhub.EventHubNamespaceArgs;
    import com.pulumi.azure.eventhub.EventHub;
    import com.pulumi.azure.eventhub.EventHubArgs;
    import com.pulumi.azure.eventhub.AuthorizationRule;
    import com.pulumi.azure.eventhub.AuthorizationRuleArgs;
    import com.pulumi.azure.securitycenter.Automation;
    import com.pulumi.azure.securitycenter.AutomationArgs;
    import com.pulumi.azure.securitycenter.inputs.AutomationActionArgs;
    import com.pulumi.azure.securitycenter.inputs.AutomationSourceArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var current = CoreFunctions.getClientConfig();
    
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("example-resources")
                .location("West Europe")
                .build());
    
            var exampleEventHubNamespace = new EventHubNamespace("exampleEventHubNamespace", EventHubNamespaceArgs.builder()
                .name("example-namespace")
                .location(example.location())
                .resourceGroupName(example.name())
                .sku("Standard")
                .capacity(2)
                .build());
    
            var exampleEventHub = new EventHub("exampleEventHub", EventHubArgs.builder()
                .name("acceptanceTestEventHub")
                .namespaceName(exampleEventHubNamespace.name())
                .resourceGroupName(example.name())
                .partitionCount(2)
                .messageRetention(2)
                .build());
    
            var exampleAuthorizationRule = new AuthorizationRule("exampleAuthorizationRule", AuthorizationRuleArgs.builder()
                .name("example-rule")
                .namespaceName(exampleEventHubNamespace.name())
                .eventhubName(exampleEventHub.name())
                .resourceGroupName(example.name())
                .listen(true)
                .send(false)
                .manage(false)
                .build());
    
            var exampleAutomation = new Automation("exampleAutomation", AutomationArgs.builder()
                .name("example-automation")
                .location(example.location())
                .resourceGroupName(example.name())
                .actions(AutomationActionArgs.builder()
                    .type("eventhub")
                    .resourceId(exampleEventHub.id())
                    .connectionString(exampleAuthorizationRule.primaryConnectionString())
                    .build())
                .sources(AutomationSourceArgs.builder()
                    .eventSource("Alerts")
                    .ruleSets(AutomationSourceRuleSetArgs.builder()
                        .rules(AutomationSourceRuleSetRuleArgs.builder()
                            .propertyPath("properties.metadata.severity")
                            .operator("Equals")
                            .expectedValue("High")
                            .propertyType("String")
                            .build())
                        .build())
                    .build())
                .scopes(String.format("/subscriptions/%s", current.applyValue(getClientConfigResult -> getClientConfigResult.subscriptionId())))
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resources
          location: West Europe
      exampleEventHubNamespace:
        type: azure:eventhub:EventHubNamespace
        name: example
        properties:
          name: example-namespace
          location: ${example.location}
          resourceGroupName: ${example.name}
          sku: Standard
          capacity: 2
      exampleEventHub:
        type: azure:eventhub:EventHub
        name: example
        properties:
          name: acceptanceTestEventHub
          namespaceName: ${exampleEventHubNamespace.name}
          resourceGroupName: ${example.name}
          partitionCount: 2
          messageRetention: 2
      exampleAuthorizationRule:
        type: azure:eventhub:AuthorizationRule
        name: example
        properties:
          name: example-rule
          namespaceName: ${exampleEventHubNamespace.name}
          eventhubName: ${exampleEventHub.name}
          resourceGroupName: ${example.name}
          listen: true
          send: false
          manage: false
      exampleAutomation:
        type: azure:securitycenter:Automation
        name: example
        properties:
          name: example-automation
          location: ${example.location}
          resourceGroupName: ${example.name}
          actions:
            - type: eventhub
              resourceId: ${exampleEventHub.id}
              connectionString: ${exampleAuthorizationRule.primaryConnectionString}
          sources:
            - eventSource: Alerts
              ruleSets:
                - rules:
                    - propertyPath: properties.metadata.severity
                      operator: Equals
                      expectedValue: High
                      propertyType: String
          scopes:
            - /subscriptions/${current.subscriptionId}
    variables:
      current:
        fn::invoke:
          Function: azure:core:getClientConfig
          Arguments: {}
    

    Create Automation Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Automation(name: string, args: AutomationArgs, opts?: CustomResourceOptions);
    @overload
    def Automation(resource_name: str,
                   args: AutomationArgs,
                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def Automation(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   actions: Optional[Sequence[AutomationActionArgs]] = None,
                   resource_group_name: Optional[str] = None,
                   scopes: Optional[Sequence[str]] = None,
                   sources: Optional[Sequence[AutomationSourceArgs]] = None,
                   description: Optional[str] = None,
                   enabled: Optional[bool] = None,
                   location: Optional[str] = None,
                   name: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None)
    func NewAutomation(ctx *Context, name string, args AutomationArgs, opts ...ResourceOption) (*Automation, error)
    public Automation(string name, AutomationArgs args, CustomResourceOptions? opts = null)
    public Automation(String name, AutomationArgs args)
    public Automation(String name, AutomationArgs args, CustomResourceOptions options)
    
    type: azure:securitycenter:Automation
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AutomationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AutomationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AutomationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AutomationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AutomationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var automationResource = new Azure.SecurityCenter.Automation("automationResource", new()
    {
        Actions = new[]
        {
            new Azure.SecurityCenter.Inputs.AutomationActionArgs
            {
                ResourceId = "string",
                Type = "string",
                ConnectionString = "string",
                TriggerUrl = "string",
            },
        },
        ResourceGroupName = "string",
        Scopes = new[]
        {
            "string",
        },
        Sources = new[]
        {
            new Azure.SecurityCenter.Inputs.AutomationSourceArgs
            {
                EventSource = "string",
                RuleSets = new[]
                {
                    new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetArgs
                    {
                        Rules = new[]
                        {
                            new Azure.SecurityCenter.Inputs.AutomationSourceRuleSetRuleArgs
                            {
                                ExpectedValue = "string",
                                Operator = "string",
                                PropertyPath = "string",
                                PropertyType = "string",
                            },
                        },
                    },
                },
            },
        },
        Description = "string",
        Enabled = false,
        Location = "string",
        Name = "string",
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := securitycenter.NewAutomation(ctx, "automationResource", &securitycenter.AutomationArgs{
    	Actions: securitycenter.AutomationActionArray{
    		&securitycenter.AutomationActionArgs{
    			ResourceId:       pulumi.String("string"),
    			Type:             pulumi.String("string"),
    			ConnectionString: pulumi.String("string"),
    			TriggerUrl:       pulumi.String("string"),
    		},
    	},
    	ResourceGroupName: pulumi.String("string"),
    	Scopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Sources: securitycenter.AutomationSourceArray{
    		&securitycenter.AutomationSourceArgs{
    			EventSource: pulumi.String("string"),
    			RuleSets: securitycenter.AutomationSourceRuleSetArray{
    				&securitycenter.AutomationSourceRuleSetArgs{
    					Rules: securitycenter.AutomationSourceRuleSetRuleArray{
    						&securitycenter.AutomationSourceRuleSetRuleArgs{
    							ExpectedValue: pulumi.String("string"),
    							Operator:      pulumi.String("string"),
    							PropertyPath:  pulumi.String("string"),
    							PropertyType:  pulumi.String("string"),
    						},
    					},
    				},
    			},
    		},
    	},
    	Description: pulumi.String("string"),
    	Enabled:     pulumi.Bool(false),
    	Location:    pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var automationResource = new Automation("automationResource", AutomationArgs.builder()
        .actions(AutomationActionArgs.builder()
            .resourceId("string")
            .type("string")
            .connectionString("string")
            .triggerUrl("string")
            .build())
        .resourceGroupName("string")
        .scopes("string")
        .sources(AutomationSourceArgs.builder()
            .eventSource("string")
            .ruleSets(AutomationSourceRuleSetArgs.builder()
                .rules(AutomationSourceRuleSetRuleArgs.builder()
                    .expectedValue("string")
                    .operator("string")
                    .propertyPath("string")
                    .propertyType("string")
                    .build())
                .build())
            .build())
        .description("string")
        .enabled(false)
        .location("string")
        .name("string")
        .tags(Map.of("string", "string"))
        .build());
    
    automation_resource = azure.securitycenter.Automation("automationResource",
        actions=[azure.securitycenter.AutomationActionArgs(
            resource_id="string",
            type="string",
            connection_string="string",
            trigger_url="string",
        )],
        resource_group_name="string",
        scopes=["string"],
        sources=[azure.securitycenter.AutomationSourceArgs(
            event_source="string",
            rule_sets=[azure.securitycenter.AutomationSourceRuleSetArgs(
                rules=[azure.securitycenter.AutomationSourceRuleSetRuleArgs(
                    expected_value="string",
                    operator="string",
                    property_path="string",
                    property_type="string",
                )],
            )],
        )],
        description="string",
        enabled=False,
        location="string",
        name="string",
        tags={
            "string": "string",
        })
    
    const automationResource = new azure.securitycenter.Automation("automationResource", {
        actions: [{
            resourceId: "string",
            type: "string",
            connectionString: "string",
            triggerUrl: "string",
        }],
        resourceGroupName: "string",
        scopes: ["string"],
        sources: [{
            eventSource: "string",
            ruleSets: [{
                rules: [{
                    expectedValue: "string",
                    operator: "string",
                    propertyPath: "string",
                    propertyType: "string",
                }],
            }],
        }],
        description: "string",
        enabled: false,
        location: "string",
        name: "string",
        tags: {
            string: "string",
        },
    });
    
    type: azure:securitycenter:Automation
    properties:
        actions:
            - connectionString: string
              resourceId: string
              triggerUrl: string
              type: string
        description: string
        enabled: false
        location: string
        name: string
        resourceGroupName: string
        scopes:
            - string
        sources:
            - eventSource: string
              ruleSets:
                - rules:
                    - expectedValue: string
                      operator: string
                      propertyPath: string
                      propertyType: string
        tags:
            string: string
    

    Automation Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Automation resource accepts the following input properties:

    Actions List<AutomationAction>
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    ResourceGroupName string
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    Scopes List<string>
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    Sources List<AutomationSource>
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    Description string
    Specifies the description for the Security Center Automation.
    Enabled bool
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    Location string
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    Name string

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    Tags Dictionary<string, string>
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    Actions []AutomationActionArgs
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    ResourceGroupName string
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    Scopes []string
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    Sources []AutomationSourceArgs
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    Description string
    Specifies the description for the Security Center Automation.
    Enabled bool
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    Location string
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    Name string

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    Tags map[string]string
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    actions List<AutomationAction>
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    resourceGroupName String
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    scopes List<String>
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    sources List<AutomationSource>
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    description String
    Specifies the description for the Security Center Automation.
    enabled Boolean
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    location String
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    name String

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    tags Map<String,String>
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    actions AutomationAction[]
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    resourceGroupName string
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    scopes string[]
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    sources AutomationSource[]
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    description string
    Specifies the description for the Security Center Automation.
    enabled boolean
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    location string
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    name string

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    tags {[key: string]: string}
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    actions Sequence[AutomationActionArgs]
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    resource_group_name str
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    scopes Sequence[str]
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    sources Sequence[AutomationSourceArgs]
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    description str
    Specifies the description for the Security Center Automation.
    enabled bool
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    location str
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    name str

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    tags Mapping[str, str]
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    actions List<Property Map>
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    resourceGroupName String
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    scopes List<String>
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    sources List<Property Map>
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    description String
    Specifies the description for the Security Center Automation.
    enabled Boolean
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    location String
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    name String

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    tags Map<String>
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Automation resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Automation Resource

    Get an existing Automation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AutomationState, opts?: CustomResourceOptions): Automation
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            actions: Optional[Sequence[AutomationActionArgs]] = None,
            description: Optional[str] = None,
            enabled: Optional[bool] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            resource_group_name: Optional[str] = None,
            scopes: Optional[Sequence[str]] = None,
            sources: Optional[Sequence[AutomationSourceArgs]] = None,
            tags: Optional[Mapping[str, str]] = None) -> Automation
    func GetAutomation(ctx *Context, name string, id IDInput, state *AutomationState, opts ...ResourceOption) (*Automation, error)
    public static Automation Get(string name, Input<string> id, AutomationState? state, CustomResourceOptions? opts = null)
    public static Automation get(String name, Output<String> id, AutomationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Actions List<AutomationAction>
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    Description string
    Specifies the description for the Security Center Automation.
    Enabled bool
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    Location string
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    Name string

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    ResourceGroupName string
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    Scopes List<string>
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    Sources List<AutomationSource>
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    Tags Dictionary<string, string>
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    Actions []AutomationActionArgs
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    Description string
    Specifies the description for the Security Center Automation.
    Enabled bool
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    Location string
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    Name string

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    ResourceGroupName string
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    Scopes []string
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    Sources []AutomationSourceArgs
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    Tags map[string]string
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    actions List<AutomationAction>
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    description String
    Specifies the description for the Security Center Automation.
    enabled Boolean
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    location String
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    name String

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    resourceGroupName String
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    scopes List<String>
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    sources List<AutomationSource>
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    tags Map<String,String>
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    actions AutomationAction[]
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    description string
    Specifies the description for the Security Center Automation.
    enabled boolean
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    location string
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    name string

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    resourceGroupName string
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    scopes string[]
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    sources AutomationSource[]
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    tags {[key: string]: string}
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    actions Sequence[AutomationActionArgs]
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    description str
    Specifies the description for the Security Center Automation.
    enabled bool
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    location str
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    name str

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    resource_group_name str
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    scopes Sequence[str]
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    sources Sequence[AutomationSourceArgs]
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    tags Mapping[str, str]
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.
    actions List<Property Map>
    One or more action blocks as defined below. An action tells this automation where the data is to be sent to upon being evaluated by the rules in the source.
    description String
    Specifies the description for the Security Center Automation.
    enabled Boolean
    Boolean to enable or disable this Security Center Automation. Defaults to true.
    location String
    The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    name String

    The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created.

    NOTE: For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either ExportToWorkspace or ExportToEventHub must be used.

    resourceGroupName String
    The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created.
    scopes List<String>
    A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format /subscriptions/00000000-0000-0000-0000-000000000000) or a resource group under that subscription (in the format /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example). The automation will only apply on defined scopes.
    sources List<Property Map>
    One or more source blocks as defined below. A source defines what data types will be processed and a set of rules to filter that data.
    tags Map<String>
    A mapping of tags assigned to the resource. Changing this forces a new resource to be created.

    Supporting Types

    AutomationAction, AutomationActionArgs

    ResourceId string
    The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
    Type string
    Type of Azure resource to send data to. Must be set to one of: logicapp, eventhub or loganalytics.
    ConnectionString string
    (Optional, but required when type is eventhub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
    TriggerUrl string
    (Optional, but required when type is logicapp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
    ResourceId string
    The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
    Type string
    Type of Azure resource to send data to. Must be set to one of: logicapp, eventhub or loganalytics.
    ConnectionString string
    (Optional, but required when type is eventhub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
    TriggerUrl string
    (Optional, but required when type is logicapp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
    resourceId String
    The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
    type String
    Type of Azure resource to send data to. Must be set to one of: logicapp, eventhub or loganalytics.
    connectionString String
    (Optional, but required when type is eventhub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
    triggerUrl String
    (Optional, but required when type is logicapp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
    resourceId string
    The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
    type string
    Type of Azure resource to send data to. Must be set to one of: logicapp, eventhub or loganalytics.
    connectionString string
    (Optional, but required when type is eventhub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
    triggerUrl string
    (Optional, but required when type is logicapp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
    resource_id str
    The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
    type str
    Type of Azure resource to send data to. Must be set to one of: logicapp, eventhub or loganalytics.
    connection_string str
    (Optional, but required when type is eventhub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
    trigger_url str
    (Optional, but required when type is logicapp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"
    resourceId String
    The resource id of the target Logic App, Event Hub namespace or Log Analytics workspace.
    type String
    Type of Azure resource to send data to. Must be set to one of: logicapp, eventhub or loganalytics.
    connectionString String
    (Optional, but required when type is eventhub) A connection string to send data to the target Event Hub namespace, this should include a key with send permissions.
    triggerUrl String
    (Optional, but required when type is logicapp) The callback URL to trigger the Logic App that will receive and process data sent by this automation. This can be found in the Azure Portal under "See trigger history"

    AutomationSource, AutomationSourceArgs

    EventSource string
    Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
    RuleSets List<AutomationSourceRuleSet>

    A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.

    NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

    EventSource string
    Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
    RuleSets []AutomationSourceRuleSet

    A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.

    NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

    eventSource String
    Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
    ruleSets List<AutomationSourceRuleSet>

    A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.

    NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

    eventSource string
    Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
    ruleSets AutomationSourceRuleSet[]

    A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.

    NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

    event_source str
    Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
    rule_sets Sequence[AutomationSourceRuleSet]

    A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.

    NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

    eventSource String
    Type of data that will trigger this automation. Must be one of Alerts, Assessments, AssessmentsSnapshot, RegulatoryComplianceAssessment, RegulatoryComplianceAssessmentSnapshot, SecureScoreControls, SecureScoreControlsSnapshot, SecureScores, SecureScoresSnapshot, SubAssessments or SubAssessmentsSnapshot. Note. assessments are also referred to as recommendations
    ruleSets List<Property Map>

    A set of rules which evaluate upon event and data interception. This is defined in one or more rule_set blocks as defined below.

    NOTE: When multiple rule_set block are provided, a logical 'OR' is applied to the evaluation of them.

    AutomationSourceRuleSet, AutomationSourceRuleSetArgs

    Rules List<AutomationSourceRuleSetRule>

    One or more rule blocks as defined below.

    NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

    Rules []AutomationSourceRuleSetRule

    One or more rule blocks as defined below.

    NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

    rules List<AutomationSourceRuleSetRule>

    One or more rule blocks as defined below.

    NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

    rules AutomationSourceRuleSetRule[]

    One or more rule blocks as defined below.

    NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

    rules Sequence[AutomationSourceRuleSetRule]

    One or more rule blocks as defined below.

    NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

    rules List<Property Map>

    One or more rule blocks as defined below.

    NOTE: This automation will trigger when all of the rules in this rule_set are evaluated as 'true'. This is equivalent to a logical 'AND'.

    AutomationSourceRuleSetRule, AutomationSourceRuleSetRuleArgs

    ExpectedValue string
    A value that will be compared with the value in property_path.
    Operator string
    The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
    PropertyPath string
    The JPath of the entity model property that should be checked.
    PropertyType string

    The data type of the compared operands, must be one of: Integer, String, Boolean or Number.

    NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

    ExpectedValue string
    A value that will be compared with the value in property_path.
    Operator string
    The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
    PropertyPath string
    The JPath of the entity model property that should be checked.
    PropertyType string

    The data type of the compared operands, must be one of: Integer, String, Boolean or Number.

    NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

    expectedValue String
    A value that will be compared with the value in property_path.
    operator String
    The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
    propertyPath String
    The JPath of the entity model property that should be checked.
    propertyType String

    The data type of the compared operands, must be one of: Integer, String, Boolean or Number.

    NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

    expectedValue string
    A value that will be compared with the value in property_path.
    operator string
    The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
    propertyPath string
    The JPath of the entity model property that should be checked.
    propertyType string

    The data type of the compared operands, must be one of: Integer, String, Boolean or Number.

    NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

    expected_value str
    A value that will be compared with the value in property_path.
    operator str
    The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
    property_path str
    The JPath of the entity model property that should be checked.
    property_type str

    The data type of the compared operands, must be one of: Integer, String, Boolean or Number.

    NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

    expectedValue String
    A value that will be compared with the value in property_path.
    operator String
    The comparison operator to use, must be one of: Contains, EndsWith, Equals, GreaterThan, GreaterThanOrEqualTo, LesserThan, LesserThanOrEqualTo, NotEquals, StartsWith
    propertyPath String
    The JPath of the entity model property that should be checked.
    propertyType String

    The data type of the compared operands, must be one of: Integer, String, Boolean or Number.

    NOTE: The schema for Security Center alerts (when event_source is "Alerts") can be found here

    Import

    Security Center Automations can be imported using the resource id, e.g.

    $ pulumi import azure:securitycenter/automation:Automation example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Security/automations/automation1
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v5.81.0 published on Monday, Jun 24, 2024 by Pulumi