Skip to main content

vw_alerts_resource_group_levels

Creates, updates, deletes, gets or lists a vw_alerts_resource_group_levels resource.

Overview

Namevw_alerts_resource_group_levels
TypeView
Idazure.security.vw_alerts_resource_group_levels

Fields

See the SQL Definition (view DDL) for fields returned by this view.

SQL Definition

SELECT
id as id,
name as name,
type as type,
systemData as system_data,
JSON_EXTRACT(properties, '$.version') as "version",
JSON_EXTRACT(properties, '$.alertType') as "alert_type",
JSON_EXTRACT(properties, '$.systemAlertId') as "system_alert_id",
JSON_EXTRACT(properties, '$.productComponentName') as "product_component_name",
JSON_EXTRACT(properties, '$.alertDisplayName') as "alert_display_name",
JSON_EXTRACT(properties, '$.description') as "description",
JSON_EXTRACT(properties, '$.severity') as "severity",
JSON_EXTRACT(properties, '$.intent') as "intent",
JSON_EXTRACT(properties, '$.startTimeUtc') as "start_time_utc",
JSON_EXTRACT(properties, '$.endTimeUtc') as "end_time_utc",
JSON_EXTRACT(properties, '$.resourceIdentifiers') as "resource_identifiers",
JSON_EXTRACT(properties, '$.remediationSteps') as "remediation_steps",
JSON_EXTRACT(properties, '$.vendorName') as "vendor_name",
JSON_EXTRACT(properties, '$.status') as "status",
JSON_EXTRACT(properties, '$.extendedLinks') as "extended_links",
JSON_EXTRACT(properties, '$.alertUri') as "alert_uri",
JSON_EXTRACT(properties, '$.timeGeneratedUtc') as "time_generated_utc",
JSON_EXTRACT(properties, '$.productName') as "product_name",
JSON_EXTRACT(properties, '$.processingEndTimeUtc') as "processing_end_time_utc",
JSON_EXTRACT(properties, '$.entities') as "entities",
JSON_EXTRACT(properties, '$.isIncident') as "is_incident",
JSON_EXTRACT(properties, '$.correlationKey') as "correlation_key",
JSON_EXTRACT(properties, '$.extendedProperties') as "extended_properties",
JSON_EXTRACT(properties, '$.compromisedEntity') as "compromised_entity",
JSON_EXTRACT(properties, '$.techniques') as "techniques",
JSON_EXTRACT(properties, '$.subTechniques') as "sub_techniques",
JSON_EXTRACT(properties, '$.supportingEvidence') as "supporting_evidence",
subscriptionId,
resourceGroupName,
ascLocation,
alertName
FROM azure.security.alerts_resource_group_levels
WHERE subscriptionId = 'replace-me' AND resourceGroupName = 'replace-me' AND ascLocation = 'replace-me' AND alertName = 'replace-me';