ScheduledAlertRuleProperties Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Scheduled alert rule base property bag.
[System.ComponentModel.TypeConverter(typeof(Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ScheduledAlertRulePropertiesTypeConverter))]
public class ScheduledAlertRuleProperties : Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IScheduledAlertRuleProperties, Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Runtime.IValidates
[<System.ComponentModel.TypeConverter(typeof(Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.ScheduledAlertRulePropertiesTypeConverter))>]
type ScheduledAlertRuleProperties = class
interface IScheduledAlertRuleProperties
interface IJsonSerializable
interface IScheduledAlertRuleCommonProperties
interface IQueryBasedAlertRuleProperties
interface IValidates
Public Class ScheduledAlertRuleProperties
Implements IScheduledAlertRuleProperties, IValidates
- Inheritance
-
ScheduledAlertRuleProperties
- Attributes
- Implements
Constructors
ScheduledAlertRuleProperties() |
Creates an new ScheduledAlertRuleProperties instance. |
Properties
AlertDetailOverrideAlertDescriptionFormat |
the format containing columns name(s) to override the alert description |
AlertDetailOverrideAlertDisplayNameFormat |
the format containing columns name(s) to override the alert name |
AlertDetailOverrideAlertSeverityColumnName |
the column name to take the alert severity from |
AlertDetailOverrideAlertTacticsColumnName |
the column name to take the alert tactics from |
AlertDetailsOverride |
The alert details override settings |
AlertRuleTemplateName |
The Name of the alert rule template used to create this rule. |
CustomDetail |
Dictionary of string key-value pairs of columns to be attached to the alert |
Description |
The description of the alert rule. |
DisplayName |
The display name for alerts created by this alert rule. |
Enabled |
Determines whether this alert rule is enabled or disabled. |
EntityMapping |
Array of the entity mappings of the alert rule |
EventGroupingSetting |
The event grouping settings. |
EventGroupingSettingAggregationKind |
The event grouping aggregation kinds |
GroupingConfigurationEnabled |
Grouping enabled |
GroupingConfigurationGroupByAlertDetail |
A list of alert details to group by (when matchingMethod is Selected) |
GroupingConfigurationGroupByCustomDetail |
A list of custom details keys to group by (when matchingMethod is Selected). Only keys defined in the current alert rule may be used. |
GroupingConfigurationGroupByEntity |
A list of entity types to group by (when matchingMethod is Selected). Only entities defined in the current alert rule may be used. |
GroupingConfigurationLookbackDuration |
Limit the group to alerts created within the lookback duration (in ISO 8601 duration format) |
GroupingConfigurationMatchingMethod |
Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. |
GroupingConfigurationReopenClosedIncident |
Re-open closed matching incidents |
IncidentConfiguration |
The settings of the incidents that created from alerts triggered by this analytics rule |
IncidentConfigurationCreateIncident |
Create incidents from alerts triggered by this analytics rule |
IncidentConfigurationGroupingConfiguration |
Set how the alerts that are triggered by this analytics rule, are grouped into incidents |
LastModifiedUtc |
The last time that this alert rule has been modified. |
Query |
The query that creates alerts for this rule. |
QueryFrequency |
The frequency (in ISO 8601 duration format) for this alert rule to run. |
QueryPeriod |
The period (in ISO 8601 duration format) that this alert rule looks at. |
Severity |
The severity for alerts created by this alert rule. |
SuppressionDuration |
The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. |
SuppressionEnabled |
Determines whether the suppression for this alert rule is enabled or disabled. |
Tactic |
The tactics of the alert rule |
TemplateVersion | |
TriggerOperator |
The operation against the threshold that triggers alert rule. |
TriggerThreshold |
The threshold triggers this alert rule. |
Methods
DeserializeFromDictionary(IDictionary) |
Deserializes a IDictionary into an instance of ScheduledAlertRuleProperties. |
DeserializeFromPSObject(PSObject) |
Deserializes a PSObject into an instance of ScheduledAlertRuleProperties. |
FromJson(JsonNode) |
Deserializes a JsonNode into an instance of Microsoft.Azure.PowerShell.Cmdlets.SecurityInsights.Models.Api20210901Preview.IScheduledAlertRuleProperties. |
FromJsonString(String) |
Creates a new instance of ScheduledAlertRuleProperties, deserializing the content from a json string. |
ToJson(JsonObject, SerializationMode) |
Serializes this instance of ScheduledAlertRuleProperties into a JsonNode. |
ToJsonString() |
Serializes this instance to a json string. |
Validate(IEventListener) |
Validates that this object meets the validation criteria. |