azure-native.security.AlertsSuppressionRule
Explore with Pulumi AI
Describes the suppression rule
Uses Azure REST API version 2019-01-01-preview. In version 2.x of the Azure Native provider, it used API version 2019-01-01-preview.
Example Usage
Update or create suppression rule for subscription
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var alertsSuppressionRule = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRule", new()
    {
        AlertType = "IpAnomaly",
        AlertsSuppressionRuleName = "dismissIpAnomalyAlerts",
        Comment = "Test VM",
        ExpirationDateUtc = "2019-12-01T19:50:47.083633Z",
        Reason = "FalsePositive",
        State = AzureNative.Security.RuleState.Enabled,
        SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
        {
            AllOf = new[]
            {
                new AzureNative.Security.Inputs.ScopeElementArgs
                {
                    Field = "entities.ip.address",
                },
                new AzureNative.Security.Inputs.ScopeElementArgs
                {
                    Field = "entities.process.commandline",
                },
            },
        },
    });
});
package main
import (
	security "github.com/pulumi/pulumi-azure-native-sdk/security/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRule", &security.AlertsSuppressionRuleArgs{
			AlertType:                 pulumi.String("IpAnomaly"),
			AlertsSuppressionRuleName: pulumi.String("dismissIpAnomalyAlerts"),
			Comment:                   pulumi.String("Test VM"),
			ExpirationDateUtc:         pulumi.String("2019-12-01T19:50:47.083633Z"),
			Reason:                    pulumi.String("FalsePositive"),
			State:                     pulumi.String(security.RuleStateEnabled),
			SuppressionAlertsScope: &security.SuppressionAlertsScopeArgs{
				AllOf: security.ScopeElementArray{
					&security.ScopeElementArgs{
						Field: pulumi.String("entities.ip.address"),
					},
					&security.ScopeElementArgs{
						Field: pulumi.String("entities.process.commandline"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.AlertsSuppressionRule;
import com.pulumi.azurenative.security.AlertsSuppressionRuleArgs;
import com.pulumi.azurenative.security.inputs.SuppressionAlertsScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var alertsSuppressionRule = new AlertsSuppressionRule("alertsSuppressionRule", AlertsSuppressionRuleArgs.builder()
            .alertType("IpAnomaly")
            .alertsSuppressionRuleName("dismissIpAnomalyAlerts")
            .comment("Test VM")
            .expirationDateUtc("2019-12-01T19:50:47.083633Z")
            .reason("FalsePositive")
            .state("Enabled")
            .suppressionAlertsScope(SuppressionAlertsScopeArgs.builder()
                .allOf(                
                    ScopeElementArgs.builder()
                        .field("entities.ip.address")
                        .build(),
                    ScopeElementArgs.builder()
                        .field("entities.process.commandline")
                        .build())
                .build())
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const alertsSuppressionRule = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRule", {
    alertType: "IpAnomaly",
    alertsSuppressionRuleName: "dismissIpAnomalyAlerts",
    comment: "Test VM",
    expirationDateUtc: "2019-12-01T19:50:47.083633Z",
    reason: "FalsePositive",
    state: azure_native.security.RuleState.Enabled,
    suppressionAlertsScope: {
        allOf: [
            {
                field: "entities.ip.address",
            },
            {
                field: "entities.process.commandline",
            },
        ],
    },
});
import pulumi
import pulumi_azure_native as azure_native
alerts_suppression_rule = azure_native.security.AlertsSuppressionRule("alertsSuppressionRule",
    alert_type="IpAnomaly",
    alerts_suppression_rule_name="dismissIpAnomalyAlerts",
    comment="Test VM",
    expiration_date_utc="2019-12-01T19:50:47.083633Z",
    reason="FalsePositive",
    state=azure_native.security.RuleState.ENABLED,
    suppression_alerts_scope={
        "all_of": [
            {
                "field": "entities.ip.address",
            },
            {
                "field": "entities.process.commandline",
            },
        ],
    })
resources:
  alertsSuppressionRule:
    type: azure-native:security:AlertsSuppressionRule
    properties:
      alertType: IpAnomaly
      alertsSuppressionRuleName: dismissIpAnomalyAlerts
      comment: Test VM
      expirationDateUtc: 2019-12-01T19:50:47.083633Z
      reason: FalsePositive
      state: Enabled
      suppressionAlertsScope:
        allOf:
          - field: entities.ip.address
          - field: entities.process.commandline
Create AlertsSuppressionRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AlertsSuppressionRule(name: string, args: AlertsSuppressionRuleArgs, opts?: CustomResourceOptions);@overload
def AlertsSuppressionRule(resource_name: str,
                          args: AlertsSuppressionRuleArgs,
                          opts: Optional[ResourceOptions] = None)
@overload
def AlertsSuppressionRule(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          alert_type: Optional[str] = None,
                          reason: Optional[str] = None,
                          state: Optional[Union[str, RuleState]] = None,
                          alerts_suppression_rule_name: Optional[str] = None,
                          comment: Optional[str] = None,
                          expiration_date_utc: Optional[str] = None,
                          suppression_alerts_scope: Optional[SuppressionAlertsScopeArgs] = None)func NewAlertsSuppressionRule(ctx *Context, name string, args AlertsSuppressionRuleArgs, opts ...ResourceOption) (*AlertsSuppressionRule, error)public AlertsSuppressionRule(string name, AlertsSuppressionRuleArgs args, CustomResourceOptions? opts = null)
public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args)
public AlertsSuppressionRule(String name, AlertsSuppressionRuleArgs args, CustomResourceOptions options)
type: azure-native:security:AlertsSuppressionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertsSuppressionRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var alertsSuppressionRuleResource = new AzureNative.Security.AlertsSuppressionRule("alertsSuppressionRuleResource", new()
{
    AlertType = "string",
    Reason = "string",
    State = "string",
    AlertsSuppressionRuleName = "string",
    Comment = "string",
    ExpirationDateUtc = "string",
    SuppressionAlertsScope = new AzureNative.Security.Inputs.SuppressionAlertsScopeArgs
    {
        AllOf = new[]
        {
            new AzureNative.Security.Inputs.ScopeElementArgs
            {
                Field = "string",
            },
        },
    },
});
example, err := security.NewAlertsSuppressionRule(ctx, "alertsSuppressionRuleResource", &security.AlertsSuppressionRuleArgs{
	AlertType:                 pulumi.String("string"),
	Reason:                    pulumi.String("string"),
	State:                     pulumi.String("string"),
	AlertsSuppressionRuleName: pulumi.String("string"),
	Comment:                   pulumi.String("string"),
	ExpirationDateUtc:         pulumi.String("string"),
	SuppressionAlertsScope: &security.SuppressionAlertsScopeArgs{
		AllOf: security.ScopeElementArray{
			&security.ScopeElementArgs{
				Field: pulumi.String("string"),
			},
		},
	},
})
var alertsSuppressionRuleResource = new AlertsSuppressionRule("alertsSuppressionRuleResource", AlertsSuppressionRuleArgs.builder()
    .alertType("string")
    .reason("string")
    .state("string")
    .alertsSuppressionRuleName("string")
    .comment("string")
    .expirationDateUtc("string")
    .suppressionAlertsScope(SuppressionAlertsScopeArgs.builder()
        .allOf(ScopeElementArgs.builder()
            .field("string")
            .build())
        .build())
    .build());
alerts_suppression_rule_resource = azure_native.security.AlertsSuppressionRule("alertsSuppressionRuleResource",
    alert_type="string",
    reason="string",
    state="string",
    alerts_suppression_rule_name="string",
    comment="string",
    expiration_date_utc="string",
    suppression_alerts_scope={
        "all_of": [{
            "field": "string",
        }],
    })
const alertsSuppressionRuleResource = new azure_native.security.AlertsSuppressionRule("alertsSuppressionRuleResource", {
    alertType: "string",
    reason: "string",
    state: "string",
    alertsSuppressionRuleName: "string",
    comment: "string",
    expirationDateUtc: "string",
    suppressionAlertsScope: {
        allOf: [{
            field: "string",
        }],
    },
});
type: azure-native:security:AlertsSuppressionRule
properties:
    alertType: string
    alertsSuppressionRuleName: string
    comment: string
    expirationDateUtc: string
    reason: string
    state: string
    suppressionAlertsScope:
        allOf:
            - field: string
AlertsSuppressionRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AlertsSuppressionRule resource accepts the following input properties:
- AlertType string
- Type of the alert to automatically suppress. For all alert types, use '*'
- Reason string
- The reason for dismissing the alert
- State
string | Pulumi.Azure Native. Security. Rule State 
- Possible states of the rule
- AlertsSuppression stringRule Name 
- The unique name of the suppression alert rule
- Comment string
- Any comment regarding the rule
- ExpirationDate stringUtc 
- Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- SuppressionAlerts Pulumi.Scope Azure Native. Security. Inputs. Suppression Alerts Scope 
- The suppression conditions
- AlertType string
- Type of the alert to automatically suppress. For all alert types, use '*'
- Reason string
- The reason for dismissing the alert
- State
string | RuleState 
- Possible states of the rule
- AlertsSuppression stringRule Name 
- The unique name of the suppression alert rule
- Comment string
- Any comment regarding the rule
- ExpirationDate stringUtc 
- Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- SuppressionAlerts SuppressionScope Alerts Scope Args 
- The suppression conditions
- alertType String
- Type of the alert to automatically suppress. For all alert types, use '*'
- reason String
- The reason for dismissing the alert
- state
String | RuleState 
- Possible states of the rule
- alertsSuppression StringRule Name 
- The unique name of the suppression alert rule
- comment String
- Any comment regarding the rule
- expirationDate StringUtc 
- Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- suppressionAlerts SuppressionScope Alerts Scope 
- The suppression conditions
- alertType string
- Type of the alert to automatically suppress. For all alert types, use '*'
- reason string
- The reason for dismissing the alert
- state
string | RuleState 
- Possible states of the rule
- alertsSuppression stringRule Name 
- The unique name of the suppression alert rule
- comment string
- Any comment regarding the rule
- expirationDate stringUtc 
- Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- suppressionAlerts SuppressionScope Alerts Scope 
- The suppression conditions
- alert_type str
- Type of the alert to automatically suppress. For all alert types, use '*'
- reason str
- The reason for dismissing the alert
- state
str | RuleState 
- Possible states of the rule
- alerts_suppression_ strrule_ name 
- The unique name of the suppression alert rule
- comment str
- Any comment regarding the rule
- expiration_date_ strutc 
- Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- suppression_alerts_ Suppressionscope Alerts Scope Args 
- The suppression conditions
- alertType String
- Type of the alert to automatically suppress. For all alert types, use '*'
- reason String
- The reason for dismissing the alert
- state String | "Enabled" | "Disabled" | "Expired"
- Possible states of the rule
- alertsSuppression StringRule Name 
- The unique name of the suppression alert rule
- comment String
- Any comment regarding the rule
- expirationDate StringUtc 
- Expiration date of the rule, if value is not provided or provided as null there will no expiration at all
- suppressionAlerts Property MapScope 
- The suppression conditions
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertsSuppressionRule resource produces the following output properties:
- AzureApi stringVersion 
- The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- LastModified stringUtc 
- The last time this rule was modified
- Name string
- Resource name
- Type string
- Resource type
- AzureApi stringVersion 
- The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- LastModified stringUtc 
- The last time this rule was modified
- Name string
- Resource name
- Type string
- Resource type
- azureApi StringVersion 
- The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- lastModified StringUtc 
- The last time this rule was modified
- name String
- Resource name
- type String
- Resource type
- azureApi stringVersion 
- The Azure API version of the resource.
- id string
- The provider-assigned unique ID for this managed resource.
- lastModified stringUtc 
- The last time this rule was modified
- name string
- Resource name
- type string
- Resource type
- azure_api_ strversion 
- The Azure API version of the resource.
- id str
- The provider-assigned unique ID for this managed resource.
- last_modified_ strutc 
- The last time this rule was modified
- name str
- Resource name
- type str
- Resource type
- azureApi StringVersion 
- The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- lastModified StringUtc 
- The last time this rule was modified
- name String
- Resource name
- type String
- Resource type
Supporting Types
RuleState, RuleStateArgs    
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- RuleState Enabled 
- Enabled
- RuleState Disabled 
- Disabled
- RuleState Expired 
- Expired
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- Enabled
- Enabled
- Disabled
- Disabled
- Expired
- Expired
- ENABLED
- Enabled
- DISABLED
- Disabled
- EXPIRED
- Expired
- "Enabled"
- Enabled
- "Disabled"
- Disabled
- "Expired"
- Expired
ScopeElement, ScopeElementArgs    
- Field string
- The alert entity type to suppress by.
- Field string
- The alert entity type to suppress by.
- field String
- The alert entity type to suppress by.
- field string
- The alert entity type to suppress by.
- field str
- The alert entity type to suppress by.
- field String
- The alert entity type to suppress by.
ScopeElementResponse, ScopeElementResponseArgs      
- Field string
- The alert entity type to suppress by.
- Field string
- The alert entity type to suppress by.
- field String
- The alert entity type to suppress by.
- field string
- The alert entity type to suppress by.
- field str
- The alert entity type to suppress by.
- field String
- The alert entity type to suppress by.
SuppressionAlertsScope, SuppressionAlertsScopeArgs      
- AllOf List<Pulumi.Azure Native. Security. Inputs. Scope Element> 
- All the conditions inside need to be true in order to suppress the alert
- AllOf []ScopeElement 
- All the conditions inside need to be true in order to suppress the alert
- allOf List<ScopeElement> 
- All the conditions inside need to be true in order to suppress the alert
- allOf ScopeElement[] 
- All the conditions inside need to be true in order to suppress the alert
- all_of Sequence[ScopeElement] 
- All the conditions inside need to be true in order to suppress the alert
- allOf List<Property Map>
- All the conditions inside need to be true in order to suppress the alert
SuppressionAlertsScopeResponse, SuppressionAlertsScopeResponseArgs        
- AllOf List<Pulumi.Azure Native. Security. Inputs. Scope Element Response> 
- All the conditions inside need to be true in order to suppress the alert
- AllOf []ScopeElement Response 
- All the conditions inside need to be true in order to suppress the alert
- allOf List<ScopeElement Response> 
- All the conditions inside need to be true in order to suppress the alert
- allOf ScopeElement Response[] 
- All the conditions inside need to be true in order to suppress the alert
- all_of Sequence[ScopeElement Response] 
- All the conditions inside need to be true in order to suppress the alert
- allOf List<Property Map>
- All the conditions inside need to be true in order to suppress the alert
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:security:AlertsSuppressionRule dismissIpAnomalyAlerts /subscriptions/{subscriptionId}/providers/Microsoft.Security/alertsSuppressionRules/{alertsSuppressionRuleName} 
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0