We recommend using Azure Native.
azure.sentinel.getAlertRuleTemplate
Explore with Pulumi AI
Use this data source to access information about an existing Sentinel Alert Rule Template.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = azure.sentinel.getAlertRuleTemplate({
    logAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
    displayName: "Create incidents based on Azure Security Center for IoT alerts",
});
export const id = example.then(example => example.id);
import pulumi
import pulumi_azure as azure
example = azure.sentinel.get_alert_rule_template(log_analytics_workspace_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
    display_name="Create incidents based on Azure Security Center for IoT alerts")
pulumi.export("id", example.id)
package main
import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/sentinel"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
			LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
			DisplayName:             pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", example.Id)
		return nil
	})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() => 
{
    var example = Azure.Sentinel.GetAlertRuleTemplate.Invoke(new()
    {
        LogAnalyticsWorkspaceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
        DisplayName = "Create incidents based on Azure Security Center for IoT alerts",
    });
    return new Dictionary<string, object?>
    {
        ["id"] = example.Apply(getAlertRuleTemplateResult => getAlertRuleTemplateResult.Id),
    };
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.sentinel.SentinelFunctions;
import com.pulumi.azure.sentinel.inputs.GetAlertRuleTemplateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var example = SentinelFunctions.getAlertRuleTemplate(GetAlertRuleTemplateArgs.builder()
            .logAnalyticsWorkspaceId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1")
            .displayName("Create incidents based on Azure Security Center for IoT alerts")
            .build());
        ctx.export("id", example.applyValue(getAlertRuleTemplateResult -> getAlertRuleTemplateResult.id()));
    }
}
variables:
  example:
    fn::invoke:
      function: azure:sentinel:getAlertRuleTemplate
      arguments:
        logAnalyticsWorkspaceId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1
        displayName: Create incidents based on Azure Security Center for IoT alerts
outputs:
  id: ${example.id}
Using getAlertRuleTemplate
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAlertRuleTemplate(args: GetAlertRuleTemplateArgs, opts?: InvokeOptions): Promise<GetAlertRuleTemplateResult>
function getAlertRuleTemplateOutput(args: GetAlertRuleTemplateOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleTemplateResult>def get_alert_rule_template(display_name: Optional[str] = None,
                            log_analytics_workspace_id: Optional[str] = None,
                            name: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetAlertRuleTemplateResult
def get_alert_rule_template_output(display_name: Optional[pulumi.Input[str]] = None,
                            log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
                            name: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleTemplateResult]func GetAlertRuleTemplate(ctx *Context, args *GetAlertRuleTemplateArgs, opts ...InvokeOption) (*GetAlertRuleTemplateResult, error)
func GetAlertRuleTemplateOutput(ctx *Context, args *GetAlertRuleTemplateOutputArgs, opts ...InvokeOption) GetAlertRuleTemplateResultOutput> Note: This function is named GetAlertRuleTemplate in the Go SDK.
public static class GetAlertRuleTemplate 
{
    public static Task<GetAlertRuleTemplateResult> InvokeAsync(GetAlertRuleTemplateArgs args, InvokeOptions? opts = null)
    public static Output<GetAlertRuleTemplateResult> Invoke(GetAlertRuleTemplateInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
public static Output<GetAlertRuleTemplateResult> getAlertRuleTemplate(GetAlertRuleTemplateArgs args, InvokeOptions options)
fn::invoke:
  function: azure:sentinel/getAlertRuleTemplate:getAlertRuleTemplate
  arguments:
    # arguments dictionaryThe following arguments are supported:
- LogAnalytics stringWorkspace Id 
- The ID of the Log Analytics Workspace.
- DisplayName string
- The display name of this Sentinel Alert Rule Template. Either - display_nameor- namehave to be specified.- NOTE As - display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same- display_name.
- Name string
- The name of this Sentinel Alert Rule Template. Either display_nameornamehave to be specified.
- LogAnalytics stringWorkspace Id 
- The ID of the Log Analytics Workspace.
- DisplayName string
- The display name of this Sentinel Alert Rule Template. Either - display_nameor- namehave to be specified.- NOTE As - display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same- display_name.
- Name string
- The name of this Sentinel Alert Rule Template. Either display_nameornamehave to be specified.
- logAnalytics StringWorkspace Id 
- The ID of the Log Analytics Workspace.
- displayName String
- The display name of this Sentinel Alert Rule Template. Either - display_nameor- namehave to be specified.- NOTE As - display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same- display_name.
- name String
- The name of this Sentinel Alert Rule Template. Either display_nameornamehave to be specified.
- logAnalytics stringWorkspace Id 
- The ID of the Log Analytics Workspace.
- displayName string
- The display name of this Sentinel Alert Rule Template. Either - display_nameor- namehave to be specified.- NOTE As - display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same- display_name.
- name string
- The name of this Sentinel Alert Rule Template. Either display_nameornamehave to be specified.
- log_analytics_ strworkspace_ id 
- The ID of the Log Analytics Workspace.
- display_name str
- The display name of this Sentinel Alert Rule Template. Either - display_nameor- namehave to be specified.- NOTE As - display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same- display_name.
- name str
- The name of this Sentinel Alert Rule Template. Either display_nameornamehave to be specified.
- logAnalytics StringWorkspace Id 
- The ID of the Log Analytics Workspace.
- displayName String
- The display name of this Sentinel Alert Rule Template. Either - display_nameor- namehave to be specified.- NOTE As - display_nameis not unique, errors may occur when there are multiple Sentinel Alert Rule Template with same- display_name.
- name String
- The name of this Sentinel Alert Rule Template. Either display_nameornamehave to be specified.
getAlertRuleTemplate Result
The following output properties are available:
- DisplayName string
- Id string
- The provider-assigned unique ID for this managed resource.
- LogAnalytics stringWorkspace Id 
- Name string
- NrtTemplates List<GetAlert Rule Template Nrt Template> 
- A nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.
- ScheduledTemplates List<GetAlert Rule Template Scheduled Template> 
- A scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
- SecurityIncident List<GetTemplates Alert Rule Template Security Incident Template> 
- A security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- DisplayName string
- Id string
- The provider-assigned unique ID for this managed resource.
- LogAnalytics stringWorkspace Id 
- Name string
- NrtTemplates []GetAlert Rule Template Nrt Template 
- A nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.
- ScheduledTemplates []GetAlert Rule Template Scheduled Template 
- A scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
- SecurityIncident []GetTemplates Alert Rule Template Security Incident Template 
- A security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- displayName String
- id String
- The provider-assigned unique ID for this managed resource.
- logAnalytics StringWorkspace Id 
- name String
- nrtTemplates List<GetAlert Rule Template Nrt Template> 
- A nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.
- scheduledTemplates List<GetAlert Rule Template Scheduled Template> 
- A scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
- securityIncident List<GetTemplates Alert Rule Template Security Incident Template> 
- A security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- displayName string
- id string
- The provider-assigned unique ID for this managed resource.
- logAnalytics stringWorkspace Id 
- name string
- nrtTemplates GetAlert Rule Template Nrt Template[] 
- A nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.
- scheduledTemplates GetAlert Rule Template Scheduled Template[] 
- A scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
- securityIncident GetTemplates Alert Rule Template Security Incident Template[] 
- A security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- display_name str
- id str
- The provider-assigned unique ID for this managed resource.
- log_analytics_ strworkspace_ id 
- name str
- nrt_templates Sequence[GetAlert Rule Template Nrt Template] 
- A nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.
- scheduled_templates Sequence[GetAlert Rule Template Scheduled Template] 
- A scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
- security_incident_ Sequence[Gettemplates Alert Rule Template Security Incident Template] 
- A security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
- displayName String
- id String
- The provider-assigned unique ID for this managed resource.
- logAnalytics StringWorkspace Id 
- name String
- nrtTemplates List<Property Map>
- A nrt_templateblock as defined below. This only applies to Sentinel NRT Alert Rule Template.
- scheduledTemplates List<Property Map>
- A scheduled_templateblock as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
- securityIncident List<Property Map>Templates 
- A security_incident_templateblock as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
Supporting Types
GetAlertRuleTemplateNrtTemplate     
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics List<string>
- A list of categories of attacks by which to classify the rule.
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics []string
- A list of categories of attacks by which to classify the rule.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
- description string
- The description of this Sentinel Scheduled Alert Rule Template.
- query string
- The query of this Sentinel Scheduled Alert Rule Template.
- severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics string[]
- A list of categories of attacks by which to classify the rule.
- description str
- The description of this Sentinel Scheduled Alert Rule Template.
- query str
- The query of this Sentinel Scheduled Alert Rule Template.
- severity str
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics Sequence[str]
- A list of categories of attacks by which to classify the rule.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
GetAlertRuleTemplateScheduledTemplate     
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- QueryFrequency string
- The ISO 8601 timespan duration between two consecutive queries.
- QueryPeriod string
- The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics List<string>
- A list of categories of attacks by which to classify the rule.
- TriggerOperator string
- The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- TriggerThreshold int
- The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- Query string
- The query of this Sentinel Scheduled Alert Rule Template.
- QueryFrequency string
- The ISO 8601 timespan duration between two consecutive queries.
- QueryPeriod string
- The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- Severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- Tactics []string
- A list of categories of attacks by which to classify the rule.
- TriggerOperator string
- The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- TriggerThreshold int
- The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- queryFrequency String
- The ISO 8601 timespan duration between two consecutive queries.
- queryPeriod String
- The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
- triggerOperator String
- The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- triggerThreshold Integer
- The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description string
- The description of this Sentinel Scheduled Alert Rule Template.
- query string
- The query of this Sentinel Scheduled Alert Rule Template.
- queryFrequency string
- The ISO 8601 timespan duration between two consecutive queries.
- queryPeriod string
- The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity string
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics string[]
- A list of categories of attacks by which to classify the rule.
- triggerOperator string
- The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- triggerThreshold number
- The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description str
- The description of this Sentinel Scheduled Alert Rule Template.
- query str
- The query of this Sentinel Scheduled Alert Rule Template.
- query_frequency str
- The ISO 8601 timespan duration between two consecutive queries.
- query_period str
- The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity str
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics Sequence[str]
- A list of categories of attacks by which to classify the rule.
- trigger_operator str
- The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- trigger_threshold int
- The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- query String
- The query of this Sentinel Scheduled Alert Rule Template.
- queryFrequency String
- The ISO 8601 timespan duration between two consecutive queries.
- queryPeriod String
- The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
- severity String
- The alert severity of this Sentinel Scheduled Alert Rule Template.
- tactics List<String>
- A list of categories of attacks by which to classify the rule.
- triggerOperator String
- The alert trigger operator, combined with trigger_threshold, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
- triggerThreshold Number
- The baseline number of query results generated, combined with trigger_operator, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
GetAlertRuleTemplateSecurityIncidentTemplate      
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- ProductFilter string
- The Microsoft Security Service from where the alert will be generated.
- Description string
- The description of this Sentinel Scheduled Alert Rule Template.
- ProductFilter string
- The Microsoft Security Service from where the alert will be generated.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- productFilter String
- The Microsoft Security Service from where the alert will be generated.
- description string
- The description of this Sentinel Scheduled Alert Rule Template.
- productFilter string
- The Microsoft Security Service from where the alert will be generated.
- description str
- The description of this Sentinel Scheduled Alert Rule Template.
- product_filter str
- The Microsoft Security Service from where the alert will be generated.
- description String
- The description of this Sentinel Scheduled Alert Rule Template.
- productFilter String
- The Microsoft Security Service from where the alert will be generated.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the azurermTerraform Provider.