MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties Class

MicrosoftSecurityIncidentCreation rule template properties.

Constructor

MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties(*args: Any, **kwargs: Any)

Variables

Name Description
alert_rules_created_by_template_count
int

The number of alert rules that were created by this template.
last_updated_date_utc
datetime

The last time that this alert rule template has been updated.
created_date_utc
datetime

The time that this alert rule template has been added.
description
str

The description of the alert rule template.
display_name
str

The display name for alert rule template.
required_data_connectors
list[AlertRuleTemplateDataSource]

The required data sources for this template.
status
str or TemplateStatus

The alert rule template status. Known values are: "Installed", "Available", and "NotAvailable".
display_names_filter
list[str]

the alerts' displayNames on which the cases will be generated.
display_names_exclude_filter
list[str]

the alerts' displayNames on which the cases will not be generated.
product_filter
str or MicrosoftSecurityProductName

The alerts' productName on which the cases will be generated. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection".
severities_filter
list[str or AlertSeverity]

the alerts' severities on which the cases will be generated.

Attributes

display_names_exclude_filter

the alerts' displayNames on which the cases will not be generated.

display_names_exclude_filter: list[str] | None

display_names_filter

the alerts' displayNames on which the cases will be generated.

display_names_filter: list[str] | None

product_filter

"Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection".

product_filter: str | _models.MicrosoftSecurityProductName | None

severities_filter

the alerts' severities on which the cases will be generated.

severities_filter: list[typing.Union[str, ForwardRef('_models.AlertSeverity')]] | None