-
Notifications
You must be signed in to change notification settings - Fork 4.9k
/
AutomationRules_List.json
68 lines (68 loc) · 2.94 KB
/
AutomationRules_List.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
{
"parameters": {
"api-version": "2022-09-01-preview",
"subscriptionId": "d0cfe6b2-9ac0-4464-9919-dccaee2e48c0",
"resourceGroupName": "myRg",
"workspaceName": "myWorkspace"
},
"responses": {
"200": {
"body": {
"value": [
{
"id": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/automationRules/73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"name": "73e01a99-5cd7-4139-a149-9f2736ff2ab5",
"etag": "\"0300bf09-0000-0000-0000-5c37296e0000\"",
"type": "Microsoft.SecurityInsights/automationRules",
"properties": {
"displayName": "Suspicious alerts in workspace",
"order": 1,
"triggeringLogic": {
"isEnabled": true,
"triggersOn": "Alerts",
"triggersWhen": "Created",
"conditions": [
{
"conditionType": "Property",
"conditionProperties": {
"propertyName": "AlertAnalyticRuleIds",
"operator": "Contains",
"propertyValues": [
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/fab3d2d4-747f-46a7-8ef0-9c0be8112bf7",
"/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/alertRules/8deb8303-e94d-46ff-96e0-5fd94b33df1a"
]
}
}
]
},
"actions": [
{
"order": 1,
"actionType": "RunPlaybook",
"actionConfiguration": {
"tenantId": "d23e3eef-eed0-428f-a2d5-bc48c268e31d",
"logicAppResourceId": "/subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.Logic/workflows/AlertPlaybook"
}
}
],
"lastModifiedTimeUtc": "2019-01-01T13:00:30Z",
"createdTimeUtc": "2019-01-01T13:00:00Z",
"lastModifiedBy": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john.doe@contoso.com",
"name": "john doe",
"userPrincipalName": "john@contoso.com"
},
"createdBy": {
"objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70",
"email": "john.doe@contoso.com",
"name": "john doe",
"userPrincipalName": "john@contoso.com"
}
}
}
]
}
}
}
}