NrtAlertRuleProperties interface
Nrt alert rule base property bag.
Properties
| alert |
The alert details override settings |
| alert |
The Name of the alert rule template used to create this rule. |
| custom |
Dictionary of string key-value pairs of columns to be attached to the alert |
| description | The description of the alert rule. |
| display |
The display name for alerts created by this alert rule. |
| enabled | Determines whether this alert rule is enabled or disabled. |
| entity |
Array of the entity mappings of the alert rule |
| event |
The event grouping settings. |
| incident |
The settings of the incidents that created from alerts triggered by this analytics rule |
| last |
The last time that this alert rule has been modified. |
| query | The query that creates alerts for this rule. |
| sentinel |
Array of the sentinel entity mappings of the alert rule |
| severity | The severity for alerts created by this alert rule. |
| sub |
The sub-techniques of the alert rule |
| suppression |
The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered. |
| suppression |
Determines whether the suppression for this alert rule is enabled or disabled. |
| tactics | The tactics of the alert rule |
| techniques | The techniques of the alert rule |
| template |
The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2> |
Property Details
alertDetailsOverride
The alert details override settings
alertDetailsOverride?: AlertDetailsOverrideProperty Value
alertRuleTemplateName
The Name of the alert rule template used to create this rule.
alertRuleTemplateName?: stringProperty Value
string
customDetails
Dictionary of string key-value pairs of columns to be attached to the alert
customDetails?: Record<string, string>Property Value
Record<string, string>
description
The description of the alert rule.
description?: stringProperty Value
string
displayName
The display name for alerts created by this alert rule.
displayName: stringProperty Value
string
enabled
Determines whether this alert rule is enabled or disabled.
enabled: booleanProperty Value
boolean
entityMappings
Array of the entity mappings of the alert rule
entityMappings?: EntityMapping[]Property Value
eventGroupingSettings
The event grouping settings.
eventGroupingSettings?: EventGroupingSettingsProperty Value
incidentConfiguration
The settings of the incidents that created from alerts triggered by this analytics rule
incidentConfiguration?: IncidentConfigurationProperty Value
lastModifiedUtc
The last time that this alert rule has been modified.
lastModifiedUtc?: DateProperty Value
Date
query
The query that creates alerts for this rule.
query: stringProperty Value
string
sentinelEntitiesMappings
Array of the sentinel entity mappings of the alert rule
sentinelEntitiesMappings?: SentinelEntityMapping[]Property Value
severity
The severity for alerts created by this alert rule.
severity: stringProperty Value
string
subTechniques
The sub-techniques of the alert rule
subTechniques?: string[]Property Value
string[]
suppressionDuration
The suppression (in ISO 8601 duration format) to wait since last time this alert rule been triggered.
suppressionDuration: stringProperty Value
string
suppressionEnabled
Determines whether the suppression for this alert rule is enabled or disabled.
suppressionEnabled: booleanProperty Value
boolean
tactics
The tactics of the alert rule
tactics?: string[]Property Value
string[]
techniques
The techniques of the alert rule
techniques?: string[]Property Value
string[]
templateVersion
The version of the alert rule template used to create this rule - in format <a.b.c>, where all are numbers, for example 0 <1.0.2>
templateVersion?: stringProperty Value
string
