automation_rules
Creates, updates, deletes, gets or lists a automation_rules resource.
Overview
| Name | automation_rules |
| Type | Resource |
| Id | azure.sentinel.automation_rules |
Fields
- vw_automation_rules
- automation_rules
| Name | Datatype | Description |
|---|---|---|
actions | text | field from the properties object |
automationRuleId | text | field from the properties object |
created_by | text | field from the properties object |
created_time_utc | text | field from the properties object |
display_name | text | field from the properties object |
etag | text | Etag of the azure resource |
last_modified_by | text | field from the properties object |
last_modified_time_utc | text | field from the properties object |
order | text | field from the properties object |
resourceGroupName | text | field from the properties object |
subscriptionId | text | field from the properties object |
triggering_logic | text | field from the properties object |
workspaceName | text | field from the properties object |
| Name | Datatype | Description |
|---|---|---|
etag | string | Etag of the azure resource |
properties | object | Automation rule properties |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | automationRuleId, resourceGroupName, subscriptionId, workspaceName | Gets the automation rule. |
list | SELECT | resourceGroupName, subscriptionId, workspaceName | Gets all automation rules. |
create_or_update | INSERT | automationRuleId, resourceGroupName, subscriptionId, workspaceName, data__properties | Creates or updates the automation rule. |
delete | DELETE | automationRuleId, resourceGroupName, subscriptionId, workspaceName | Delete the automation rule. |
SELECT examples
Gets all automation rules.
- vw_automation_rules
- automation_rules
SELECT
actions,
automationRuleId,
created_by,
created_time_utc,
display_name,
etag,
last_modified_by,
last_modified_time_utc,
order,
resourceGroupName,
subscriptionId,
triggering_logic,
workspaceName
FROM azure.sentinel.vw_automation_rules
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
SELECT
etag,
properties
FROM azure.sentinel.automation_rules
WHERE resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';
INSERT example
Use the following StackQL query and manifest file to create a new automation_rules resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO azure.sentinel.automation_rules (
automationRuleId,
resourceGroupName,
subscriptionId,
workspaceName,
data__properties,
etag,
properties
)
SELECT
'{{ automationRuleId }}',
'{{ resourceGroupName }}',
'{{ subscriptionId }}',
'{{ workspaceName }}',
'{{ data__properties }}',
'{{ etag }}',
'{{ properties }}'
;
- name: your_resource_model_name
props:
- name: etag
value: string
- name: properties
value:
- name: displayName
value: string
- name: order
value: integer
- name: triggeringLogic
value:
- name: isEnabled
value: boolean
- name: expirationTimeUtc
value: string
- name: triggersOn
value: []
- name: triggersWhen
value: []
- name: conditions
value:
- - name: conditionType
value: []
- name: actions
value:
- - name: order
value: integer
- name: actionType
value: []
- name: lastModifiedTimeUtc
value: string
- name: createdTimeUtc
value: string
- name: lastModifiedBy
value:
- name: email
value: string
- name: name
value: string
- name: objectId
value: string
- name: userPrincipalName
value: string
DELETE example
Deletes the specified automation_rules resource.
/*+ delete */
DELETE FROM azure.sentinel.automation_rules
WHERE automationRuleId = '{{ automationRuleId }}'
AND resourceGroupName = '{{ resourceGroupName }}'
AND subscriptionId = '{{ subscriptionId }}'
AND workspaceName = '{{ workspaceName }}';