alerts_enabled |
Should the alerts be enabled? Defaults to true. |
bool |
true |
no |
discovery_logs_enabled |
Should the Discovery Logs be enabled? Defaults to true. |
bool |
true |
no |
display_name |
The friendly name of this Sentinel MS Security Incident Alert Rule. |
list(string) |
[ "Create incidents based on Microsoft Defender for Cloud" ] |
no |
dtc_ad_enabled |
Set to false to prevent the module from creating any resources. |
bool |
false |
no |
dtc_advanced_threat_protection_enabled |
Set to false to prevent the module from creating any resources. |
bool |
false |
no |
dtc_iot_enabled |
Set to false to prevent the module from creating any resources. |
bool |
false |
no |
dtc_ms_cloud_app_security_enabled |
Set to false to prevent the module from creating any resources. |
bool |
false |
no |
dtc_ms_defender_advanced_threat_protection_enabled |
Set to false to prevent the module from creating any resources. |
bool |
false |
no |
dtc_ms_threat_protection_enabled |
Set to false to prevent the module from creating any resources. |
bool |
false |
no |
dtc_security_center_enabled |
Set to false to prevent the module from creating any resources. |
bool |
false |
no |
dtc_threat-intelligence_enabled |
Set to false to prevent the module from creating any resources. |
bool |
false |
no |
enabled |
Set to false to prevent the module from creating any resources. |
bool |
true |
no |
environment |
Environment (e.g. prod , dev , staging ). |
string |
"" |
no |
label_order |
Label order, e.g. sequence of application name and environment name ,environment ,'attribute' [webserver ,qa ,devops ,public ,] . |
list(any) |
[ "name", "environment" ] |
no |
log_analytics_workspace_id |
The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created. |
string |
"" |
no |
managedby |
ManagedBy, eg ''. |
string |
"" |
no |
ms_security_enabled |
Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to true. |
bool |
true |
no |
ms_security_incident_enabled |
Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to true. |
bool |
true |
no |
name |
Name (e.g. app or cluster ). |
string |
"" |
no |
product_filter |
The Microsoft Security Service from where the alert will be generated. Possible values are Azure Active Directory Identity Protection, Azure Advanced Threat Protection, Azure Security Center, Azure Security Center for IoT, Microsoft Cloud App Security, Microsoft Defender Advanced Threat Protection and Office 365 Advanced Threat Protection. |
list(string) |
[ "Microsoft Cloud App Security" ] |
no |
repository |
Terraform current module repo |
string |
"" |
no |
sentinel_enabled |
Flag to control the module creation. |
bool |
true |
no |
severity_filter |
Only create incidents from alerts when alert severity level is contained in this list. Possible values are High, Medium, Low and Informational. |
list(string) |
[ "High" ] |
no |
subscription_id |
The ID of the subscription that this Iot Data Connector connects to. Changing this forces a new Iot Data Connector to be created. |
string |
null |
no |
tenant_id |
The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created. |
string |
null |
no |