INrtAlertRuleProperties Interface
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
[System.ComponentModel.TypeConverter(typeof(Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.NrtAlertRulePropertiesTypeConverter))]
public interface INrtAlertRuleProperties : Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IQueryBasedAlertRuleProperties[<System.ComponentModel.TypeConverter(typeof(Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.NrtAlertRulePropertiesTypeConverter))>]
type INrtAlertRuleProperties = interface
interface IJsonSerializable
interface IQueryBasedAlertRulePropertiesPublic Interface INrtAlertRuleProperties
Implements IQueryBasedAlertRuleProperties- Derived
- Attributes
- Implements
Properties
| AlertDetailOverrideAlertDescriptionFormat |
the format containing columns name(s) to override the alert description (Inherited from IQueryBasedAlertRuleProperties) |
| AlertDetailOverrideAlertDisplayNameFormat |
the format containing columns name(s) to override the alert name (Inherited from IQueryBasedAlertRuleProperties) |
| AlertDetailOverrideAlertSeverityColumnName |
the column name to take the alert severity from (Inherited from IQueryBasedAlertRuleProperties) |
| AlertDetailOverrideAlertTacticsColumnName |
the column name to take the alert tactics from (Inherited from IQueryBasedAlertRuleProperties) |
| AlertRuleTemplateName |
The Name of the alert rule template used to create this rule. (Inherited from IQueryBasedAlertRuleProperties) |
| CustomDetail |
Dictionary of string key-value pairs of columns to be attached to the alert (Inherited from IQueryBasedAlertRuleProperties) |
| Description |
The description of the alert rule. (Inherited from IQueryBasedAlertRuleProperties) |
| DisplayName |
The display name for alerts created by this alert rule. (Inherited from IQueryBasedAlertRuleProperties) |
| Enabled |
Determines whether this alert rule is enabled or disabled. (Inherited from IQueryBasedAlertRuleProperties) |
| EntityMapping |
Array of the entity mappings of the alert rule (Inherited from IQueryBasedAlertRuleProperties) |
| GroupingConfigurationEnabled |
Grouping enabled (Inherited from IQueryBasedAlertRuleProperties) |
| GroupingConfigurationGroupByAlertDetail |
A list of alert details to group by (when matchingMethod is Selected) (Inherited from IQueryBasedAlertRuleProperties) |
| GroupingConfigurationGroupByCustomDetail |
A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used. (Inherited from IQueryBasedAlertRuleProperties) |
| GroupingConfigurationGroupByEntity |
A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used. (Inherited from IQueryBasedAlertRuleProperties) |
| GroupingConfigurationLookbackDuration |
Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) (Inherited from IQueryBasedAlertRuleProperties) |
| GroupingConfigurationMatchingMethod |
Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. (Inherited from IQueryBasedAlertRuleProperties) |
| GroupingConfigurationReopenClosedIncident |
Re-open closed matching incidents (Inherited from IQueryBasedAlertRuleProperties) |
| IncidentConfigurationCreateIncident |
Create incidents from alerts triggered by this analytics rule (Inherited from IQueryBasedAlertRuleProperties) |
| LastModifiedUtc |
The last time that this alert rule has been modified. (Inherited from IQueryBasedAlertRuleProperties) |
| Query |
The query that creates alerts for this rule. (Inherited from IQueryBasedAlertRuleProperties) |
| Severity |
The severity for alerts created by this alert rule. (Inherited from IQueryBasedAlertRuleProperties) |
| SuppressionDuration |
The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. (Inherited from IQueryBasedAlertRuleProperties) |
| SuppressionEnabled |
Determines whether the suppression for this alert rule is enabled or disabled. (Inherited from IQueryBasedAlertRuleProperties) |
| Tactic |
The tactics of the alert rule (Inherited from IQueryBasedAlertRuleProperties) |
| TemplateVersion | (Inherited from IQueryBasedAlertRuleProperties) |
Methods
| ToJson(JsonObject, SerializationMode) | (Inherited from IJsonSerializable) |