automations
Creates, updates, deletes, gets or lists a automations resource.
Overview
| Name | automations |
| Type | Resource |
| Id | azure.security.automations |
Fields
- vw_automations
- automations
| Name | Datatype | Description |
|---|---|---|
description | text | field from the properties object |
actions | text | field from the properties object |
automationName | text | field from the properties object |
is_enabled | text | field from the properties object |
resourceGroupName | text | field from the properties object |
scopes | text | field from the properties object |
sources | text | field from the properties object |
subscriptionId | text | field from the properties object |
| Name | Datatype | Description |
|---|---|---|
properties | object | A set of properties that defines the behavior of the automation configuration. To learn more about the supported security events data models schemas - please visit https://aka.ms/ASCAutomationSchemas. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | automationName, resourceGroupName, subscriptionId | Retrieves information about the model of a security automation. |
list | SELECT | subscriptionId | Lists all the security automations in the specified subscription. Use the 'nextLink' property in the response to get the next page of security automations for the specified subscription. |
list_by_resource_group | SELECT | resourceGroupName, subscriptionId | Lists all the security automations in the specified resource group. Use the 'nextLink' property in the response to get the next page of security automations for the specified resource group. |
create_or_update | INSERT | automationName, resourceGroupName, subscriptionId | Creates or updates a security automation. If a security automation is already created and a subsequent request is issued for the same automation id, then it will be updated. |
delete | DELETE | automationName, resourceGroupName, subscriptionId | Deletes a security automation. |
update | UPDATE | automationName, resourceGroupName, subscriptionId | Updates a security automation |
validate | EXEC | automationName, resourceGroupName, subscriptionId | Validates the security automation model before create or update. Any validation errors are returned to the client. |
SELECT examples
Lists all the security automations in the specified subscription. Use the 'nextLink' property in the response to get the next page of security automations for the specified subscription.
- vw_automations
- automations
SELECT
description,
actions,
automationName,
is_enabled,
resourceGroupName,
scopes,
sources,
subscriptionId
FROM azure.security.vw_automations
WHERE subscriptionId = '{{ subscriptionId }}';
SELECT
properties
FROM azure.security.automations
WHERE subscriptionId = '{{ subscriptionId }}';
INSERT example
Use the following StackQL query and manifest file to create a new automations resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO azure.security.automations (
automationName,
resourceGroupName,
subscriptionId,
properties
)
SELECT
'{{ automationName }}',
'{{ resourceGroupName }}',
'{{ subscriptionId }}',
'{{ properties }}'
;
- name: your_resource_model_name
props:
- name: properties
value:
- name: description
value: string
- name: isEnabled
value: boolean
- name: scopes
value:
- - name: description
value: string
- name: scopePath
value: string
- name: sources
value:
- - name: eventSource
value: string
- name: ruleSets
value:
- - name: rules
value:
- - name: propertyJPath
value: string
- name: propertyType
value: string
- name: expectedValue
value: string
- name: operator
value: string
- name: actions
value:
- - name: actionType
value: string
UPDATE example
Updates a automations resource.
/*+ update */
UPDATE azure.security.automations
SET
properties = '{{ properties }}',
tags = '{{ tags }}'
WHERE
automationName = '{{ automationName }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}';
DELETE example
Deletes the specified automations resource.
/*+ delete */
DELETE FROM azure.security.automations
WHERE automationName = '{{ automationName }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}';