alert_rules
Creates, updates, deletes, gets or lists an alert_rules resource.
Overview
| Name | alert_rules |
| Type | Resource |
| Id | azure.sentinel.alert_rules |
Fields
The following fields are returned by SELECT queries:
- get
- list
OK, Operation successfully completed
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
kind | string | The alert rule kind |
OK, Operation successfully completed
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
kind | string | The alert rule kind |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | subscriptionId, resourceGroupName, workspaceName, ruleId | Gets the alert rule. | |
list | select | subscriptionId, resourceGroupName, workspaceName | Gets all alert rules. | |
create_or_update | insert | subscriptionId, resourceGroupName, workspaceName, ruleId, data__kind | Creates or updates the alert rule. | |
delete | delete | subscriptionId, resourceGroupName, workspaceName, ruleId | Delete the alert rule. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
resourceGroupName | string | The name of the resource group. The name is case insensitive. |
ruleId | string | Alert rule ID |
subscriptionId | string | The ID of the target subscription. |
workspaceName | string | The name of the workspace. |
SELECT examples
- get
- list
Gets the alert rule.
SELECT
etag,
kind
FROM azure.sentinel.alert_rules
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND ruleId = '{{ ruleId }}' -- required
;
Gets all alert rules.
SELECT
etag,
kind
FROM azure.sentinel.alert_rules
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
;
INSERT examples
- create_or_update
- Manifest
Creates or updates the alert rule.
INSERT INTO azure.sentinel.alert_rules (
data__etag,
data__kind,
subscriptionId,
resourceGroupName,
workspaceName,
ruleId
)
SELECT
'{{ etag }}',
'{{ kind }}' /* required */,
'{{ subscriptionId }}',
'{{ resourceGroupName }}',
'{{ workspaceName }}',
'{{ ruleId }}'
RETURNING
etag,
kind
;
# Description fields are for documentation purposes
- name: alert_rules
props:
- name: subscriptionId
value: string
description: Required parameter for the alert_rules resource.
- name: resourceGroupName
value: string
description: Required parameter for the alert_rules resource.
- name: workspaceName
value: string
description: Required parameter for the alert_rules resource.
- name: ruleId
value: string
description: Required parameter for the alert_rules resource.
- name: etag
value: string
description: |
Etag of the azure resource
- name: kind
value: string
description: |
The alert rule kind
valid_values: ['Scheduled', 'MicrosoftSecurityIncidentCreation', 'Fusion']
DELETE examples
- delete
Delete the alert rule.
DELETE FROM azure.sentinel.alert_rules
WHERE subscriptionId = '{{ subscriptionId }}' --required
AND resourceGroupName = '{{ resourceGroupName }}' --required
AND workspaceName = '{{ workspaceName }}' --required
AND ruleId = '{{ ruleId }}' --required
;