actions

Creates, updates, deletes, gets or lists an actions resource.

Overview

Name	`actions`
Type	Resource
Id	`azure.sentinel.actions`

Fields

The following fields are returned by SELECT queries:

get
list_by_alert_rule

OK, Operation successfully completed

Name	Datatype	Description
`id`	`string`	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
`name`	`string`	The name of the resource
`etag`	`string`	Etag of the action.
`properties`	`object`	Action properties for get request
`systemData`	`object`	Azure Resource Manager metadata containing createdBy and modifiedBy information.
`type`	`string`	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

OK, Operation successfully completed

Name	Datatype	Description
`id`	`string`	Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
`name`	`string`	The name of the resource
`etag`	`string`	Etag of the action.
`properties`	`object`	Action properties for get request
`systemData`	`object`	Azure Resource Manager metadata containing createdBy and modifiedBy information.
`type`	`string`	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Description
`get`	`select`	`subscriptionId`, `resourceGroupName`, `workspaceName`, `ruleId`, `actionId`	Gets the action of alert rule.
`list_by_alert_rule`	`select`	`subscriptionId`, `resourceGroupName`, `workspaceName`, `ruleId`	Gets all actions of alert rule.
`create_or_update`	`insert`	`subscriptionId`, `resourceGroupName`, `workspaceName`, `ruleId`, `actionId`	Creates or updates the action of alert rule.
`delete`	`delete`	`subscriptionId`, `resourceGroupName`, `workspaceName`, `ruleId`, `actionId`	Delete the action of alert rule.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`actionId`	`string`	Action ID
`resourceGroupName`	`string`	The name of the resource group. The name is case insensitive.
`ruleId`	`string`	Alert rule ID
`subscriptionId`	`string`	The ID of the target subscription.
`workspaceName`	`string`	The name of the workspace.

`SELECT` examples

get
list_by_alert_rule

Gets the action of alert rule.

SELECT
id,
name,
etag,
properties,
systemData,
type
FROM azure.sentinel.actions
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND ruleId = '{{ ruleId }}' -- required
AND actionId = '{{ actionId }}' -- required
;

Gets all actions of alert rule.

SELECT
id,
name,
etag,
properties,
systemData,
type
FROM azure.sentinel.actions
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND ruleId = '{{ ruleId }}' -- required
;

`INSERT` examples

create_or_update
Manifest

Creates or updates the action of alert rule.

INSERT INTO azure.sentinel.actions (
data__etag,
data__properties,
subscriptionId,
resourceGroupName,
workspaceName,
ruleId,
actionId
)
SELECT 
'{{ etag }}',
'{{ properties }}',
'{{ subscriptionId }}',
'{{ resourceGroupName }}',
'{{ workspaceName }}',
'{{ ruleId }}',
'{{ actionId }}'
RETURNING
id,
name,
etag,
properties,
systemData,
type
;

# Description fields are for documentation purposes
- name: actions
  props:
    - name: subscriptionId
      value: string
      description: Required parameter for the actions resource.
    - name: resourceGroupName
      value: string
      description: Required parameter for the actions resource.
    - name: workspaceName
      value: string
      description: Required parameter for the actions resource.
    - name: ruleId
      value: string
      description: Required parameter for the actions resource.
    - name: actionId
      value: string
      description: Required parameter for the actions resource.
    - name: etag
      value: string
      description: |
        Etag of the azure resource
    - name: properties
      value: object
      description: |
        Action properties for put request

`DELETE` examples

delete

Delete the action of alert rule.

DELETE FROM azure.sentinel.actions
WHERE subscriptionId = '{{ subscriptionId }}' --required
AND resourceGroupName = '{{ resourceGroupName }}' --required
AND workspaceName = '{{ workspaceName }}' --required
AND ruleId = '{{ ruleId }}' --required
AND actionId = '{{ actionId }}' --required
;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

DELETE examples​