actions
Creates, updates, deletes, gets or lists a actions resource.
Overview
| Name | actions |
| Type | Resource |
| Id | azure.sentinel.actions |
Fields
- vw_actions
- actions
| Name | Datatype | Description |
|---|---|---|
id | text | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | text | The name of the resource |
actionId | text | field from the properties object |
etag | text | Etag of the action. |
logic_app_resource_id | text | field from the properties object |
resourceGroupName | text | field from the properties object |
ruleId | text | field from the properties object |
subscriptionId | text | field from the properties object |
system_data | text | field from the properties object |
type | text | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
workflow_id | text | field from the properties object |
workspaceName | text | field from the properties object |
| Name | Datatype | Description |
|---|---|---|
id | string | Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
name | string | The name of the resource |
etag | string | Etag of the action. |
properties | object | Action property bag. |
systemData | object | Metadata pertaining to creation and last modification of the resource. |
type | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | actionId, resourceGroupName, ruleId, subscriptionId, workspaceName | Gets the action of alert rule. |
list_by_alert_rule | SELECT | resourceGroupName, ruleId, subscriptionId, workspaceName | Gets all actions of alert rule. |
create_or_update | INSERT | actionId, resourceGroupName, ruleId, subscriptionId, workspaceName | Creates or updates the action of alert rule. |
delete | DELETE | actionId, resourceGroupName, ruleId, subscriptionId, workspaceName | Delete the action of alert rule. |
SELECT examples
Gets all actions of alert rule.
- vw_actions
- actions
SELECT
id,
name,
actionId,
etag,
logic_app_resource_id,
resourceGroupName,
ruleId,
subscriptionId,
system_data,
type,
workflow_id,
workspaceName
FROM azure.sentinel.vw_actions
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND ruleId = '{{ ruleId }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
SELECT
id,
name,
etag,
properties,
systemData,
type
FROM azure.sentinel.actions
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND ruleId = '{{ ruleId }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
INSERT example
Use the following StackQL query and manifest file to create a new actions resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO azure.sentinel.actions (
actionId,
resourceGroupName,
ruleId,
subscriptionId,
workspaceName,
etag,
properties
)
SELECT
'{{ actionId }}',
'{{ resourceGroupName }}',
'{{ ruleId }}',
'{{ subscriptionId }}',
'{{ workspaceName }}',
'{{ etag }}',
'{{ properties }}'
;
- name: your_resource_model_name
props:
- name: etag
value: string
- name: properties
value:
- name: logicAppResourceId
value: string
- name: triggerUri
value: string
DELETE example
Deletes the specified actions resource.
/*+ delete */
DELETE FROM azure.sentinel.actions
WHERE actionId = '{{ actionId }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND ruleId = '{{ ruleId }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';