incident_tasks

Creates, updates, deletes, gets or lists an incident_tasks resource.

Overview

Name	incident_tasks
Type	Resource
Id	azure.sentinel.incident_tasks

Fields

The following fields are returned by SELECT queries:

get

Name	Datatype	Description
etag	string	Etag of the azure resource
properties	object	Describes the properties of an incident task

list

Name	Datatype	Description
etag	string	Etag of the azure resource
properties	object	Describes the properties of an incident task

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
get	select	subscriptionId, resourceGroupName, workspaceName, incidentId, incidentTaskId		Gets an incident task.
list	select	subscriptionId, resourceGroupName, workspaceName, incidentId		Gets all incident tasks.
create_or_update	insert	subscriptionId, resourceGroupName, workspaceName, incidentId, incidentTaskId, data__properties		Creates or updates the incident task.
delete	delete	subscriptionId, resourceGroupName, workspaceName, incidentId, incidentTaskId		Delete the incident task.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
incidentId	string	Incident ID
incidentTaskId	string	Incident task ID
resourceGroupName	string	The name of the resource group. The name is case insensitive.
subscriptionId	string	The ID of the target subscription.
workspaceName	string	The name of the workspace.

SELECT examples

get

Gets an incident task.

SELECT
etag,
properties
FROM azure.sentinel.incident_tasks
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND incidentId = '{{ incidentId }}' -- required
AND incidentTaskId = '{{ incidentTaskId }}' -- required
;

list

Gets all incident tasks.

SELECT
etag,
properties
FROM azure.sentinel.incident_tasks
WHERE subscriptionId = '{{ subscriptionId }}' -- required
AND resourceGroupName = '{{ resourceGroupName }}' -- required
AND workspaceName = '{{ workspaceName }}' -- required
AND incidentId = '{{ incidentId }}' -- required
;

INSERT examples

create_or_update

Creates or updates the incident task.

INSERT INTO azure.sentinel.incident_tasks (
data__etag,
data__properties,
subscriptionId,
resourceGroupName,
workspaceName,
incidentId,
incidentTaskId
)
SELECT 
'{{ etag }}',
'{{ properties }}' /* required */,
'{{ subscriptionId }}',
'{{ resourceGroupName }}',
'{{ workspaceName }}',
'{{ incidentId }}',
'{{ incidentTaskId }}'
RETURNING
etag,
properties
;

Manifest

# Description fields are for documentation purposes
- name: incident_tasks
  props:
    - name: subscriptionId
      value: string
      description: Required parameter for the incident_tasks resource.
    - name: resourceGroupName
      value: string
      description: Required parameter for the incident_tasks resource.
    - name: workspaceName
      value: string
      description: Required parameter for the incident_tasks resource.
    - name: incidentId
      value: string
      description: Required parameter for the incident_tasks resource.
    - name: incidentTaskId
      value: string
      description: Required parameter for the incident_tasks resource.
    - name: etag
      value: string
      description: |
        Etag of the azure resource
    - name: properties
      value: object
      description: |
        Describes the properties of an incident task

DELETE examples

delete

Delete the incident task.

DELETE FROM azure.sentinel.incident_tasks
WHERE subscriptionId = '{{ subscriptionId }}' --required
AND resourceGroupName = '{{ resourceGroupName }}' --required
AND workspaceName = '{{ workspaceName }}' --required
AND incidentId = '{{ incidentId }}' --required
AND incidentTaskId = '{{ incidentTaskId }}' --required
;