The alertsSuppressionRules resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Security/alertsSuppressionRules resource, add the following JSON to your template.
{
"type": "Microsoft.Security/alertsSuppressionRules",
"apiVersion": "2019-01-01-preview",
"name": "string",
"properties": {
"alertType": "string",
"comment": "string",
"expirationDateUtc": "string",
"reason": "string",
"state": "string",
"suppressionAlertsScope": {
"allOf": [
{
"field": "string",
"{customized property}": {}
}
]
}
}
}
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Security/alertsSuppressionRules' |
apiVersion | The resource api version | '2019-01-01-preview' |
name | The resource name | string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
properties | describes AlertsSuppressionRule properties | AlertsSuppressionRuleProperties |
Name | Description | Value |
---|---|---|
alertType | Type of the alert to automatically suppress. For all alert types, use '*' | string (required) |
comment | Any comment regarding the rule | string |
expirationDateUtc | Expiration date of the rule, if value is not provided or provided as null there will no expiration at all | string |
reason | The reason for dismissing the alert | string (required) |
state | Possible states of the rule | 'Disabled' 'Enabled' 'Expired' (required) |
suppressionAlertsScope | The suppression conditions | SuppressionAlertsScope |
Name | Description | Value |
---|---|---|
allOf | All the conditions inside need to be true in order to suppress the alert | ScopeElement[] (required) |
Name | Description | Value |
---|---|---|
field | The alert entity type to suppress by. | string |
{customized property} |