ScheduledAlertRuleTemplateProperties interface
Scheduled alert rule template properties
Properties
| alert |
The alert details override settings |
| alert |
The number of alert rules that were created by this template |
| created |
The time that this alert rule template has been added. |
| custom |
Dictionary of string key-value pairs of columns to be attached to the alert |
| description | The description of the alert rule template. |
| display |
The display name for alert rule template. |
| entity |
Array of the entity mappings of the alert rule |
| event |
The event grouping settings. |
| last |
The time that this alert rule template was last updated. |
| query | The query that creates alerts for this rule. |
| query |
The frequency (in ISO 8601 duration format) for this alert rule to run. |
| query |
The period (in ISO 8601 duration format) that this alert rule looks at. |
| required |
The required data connectors for this template |
| sentinel |
Array of the sentinel entity mappings of the alert rule |
| severity | The severity for alerts created by this alert rule. |
| status | The alert rule template status. |
| sub |
The sub-techniques of the alert rule |
| tactics | The tactics of the alert rule template |
| techniques | The techniques of the alert rule |
| trigger |
The operation against the threshold that triggers alert rule. |
| trigger |
The threshold triggers this alert rule. |
| version | The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>. |
Property Details
alertDetailsOverride
The alert details override settings
alertDetailsOverride?: AlertDetailsOverrideProperty Value
alertRulesCreatedByTemplateCount
The number of alert rules that were created by this template
alertRulesCreatedByTemplateCount?: numberProperty Value
number
createdDateUTC
The time that this alert rule template has been added.
createdDateUTC?: DateProperty Value
Date
customDetails
Dictionary of string key-value pairs of columns to be attached to the alert
customDetails?: Record<string, string>Property Value
Record<string, string>
description
The description of the alert rule template.
description?: stringProperty Value
string
displayName
The display name for alert rule template.
displayName?: stringProperty Value
string
entityMappings
Array of the entity mappings of the alert rule
entityMappings?: EntityMapping[]Property Value
eventGroupingSettings
The event grouping settings.
eventGroupingSettings?: EventGroupingSettingsProperty Value
lastUpdatedDateUTC
The time that this alert rule template was last updated.
lastUpdatedDateUTC?: DateProperty Value
Date
query
The query that creates alerts for this rule.
query?: stringProperty Value
string
queryFrequency
The frequency (in ISO 8601 duration format) for this alert rule to run.
queryFrequency?: stringProperty Value
string
queryPeriod
The period (in ISO 8601 duration format) that this alert rule looks at.
queryPeriod?: stringProperty Value
string
requiredDataConnectors
The required data connectors for this template
requiredDataConnectors?: AlertRuleTemplateDataSource[]Property Value
sentinelEntitiesMappings
Array of the sentinel entity mappings of the alert rule
sentinelEntitiesMappings?: SentinelEntityMapping[]Property Value
severity
The severity for alerts created by this alert rule.
severity?: stringProperty Value
string
status
The alert rule template status.
status?: stringProperty Value
string
subTechniques
The sub-techniques of the alert rule
subTechniques?: string[]Property Value
string[]
tactics
The tactics of the alert rule template
tactics?: string[]Property Value
string[]
techniques
The techniques of the alert rule
techniques?: string[]Property Value
string[]
triggerOperator
The operation against the threshold that triggers alert rule.
triggerOperator?: TriggerOperatorProperty Value
triggerThreshold
The threshold triggers this alert rule.
triggerThreshold?: numberProperty Value
number
version
The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.
version?: stringProperty Value
string
