Docs Home
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi
azure-native.securityinsights.getIncident
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi
Gets a given incident.
Uses Azure REST API version 2024-09-01.
Other available API versions: 2023-02-01, 2023-03-01-preview, 2023-04-01-preview, 2023-05-01-preview, 2023-06-01-preview, 2023-07-01-preview, 2023-08-01-preview, 2023-09-01-preview, 2023-10-01-preview, 2023-11-01, 2023-12-01-preview, 2024-01-01-preview, 2024-03-01, 2024-04-01-preview, 2024-10-01-preview, 2025-01-01-preview, 2025-03-01. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native securityinsights [ApiVersion]. See the version guide for details.
Using getIncident
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getIncident(args: GetIncidentArgs, opts?: InvokeOptions): Promise<GetIncidentResult>
function getIncidentOutput(args: GetIncidentOutputArgs, opts?: InvokeOptions): Output<GetIncidentResult>def get_incident(incident_id: Optional[str] = None,
resource_group_name: Optional[str] = None,
workspace_name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetIncidentResult
def get_incident_output(incident_id: Optional[pulumi.Input[str]] = None,
resource_group_name: Optional[pulumi.Input[str]] = None,
workspace_name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetIncidentResult]func LookupIncident(ctx *Context, args *LookupIncidentArgs, opts ...InvokeOption) (*LookupIncidentResult, error)
func LookupIncidentOutput(ctx *Context, args *LookupIncidentOutputArgs, opts ...InvokeOption) LookupIncidentResultOutput> Note: This function is named LookupIncident in the Go SDK.
public static class GetIncident
{
public static Task<GetIncidentResult> InvokeAsync(GetIncidentArgs args, InvokeOptions? opts = null)
public static Output<GetIncidentResult> Invoke(GetIncidentInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetIncidentResult> getIncident(GetIncidentArgs args, InvokeOptions options)
public static Output<GetIncidentResult> getIncident(GetIncidentArgs args, InvokeOptions options)
fn::invoke:
function: azure-native:securityinsights:getIncident
arguments:
# arguments dictionaryThe following arguments are supported:
- Incident
Id string - Incident ID
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Workspace
Name string - The name of the workspace.
- Incident
Id string - Incident ID
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Workspace
Name string - The name of the workspace.
- incident
Id String - Incident ID
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- workspace
Name String - The name of the workspace.
- incident
Id string - Incident ID
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- workspace
Name string - The name of the workspace.
- incident_
id str - Incident ID
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- workspace_
name str - The name of the workspace.
- incident
Id String - Incident ID
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- workspace
Name String - The name of the workspace.
getIncident Result
The following output properties are available:
- Additional
Data Pulumi.Azure Native. Security Insights. Outputs. Incident Additional Data Response - Additional data on the incident
- Azure
Api stringVersion - The Azure API version of the resource.
- Created
Time stringUtc - The time the incident was created
- Id string
- Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
- Incident
Number int - A sequential number
- Incident
Url string - The deep-link url to the incident in Azure portal
- Last
Modified stringTime Utc - The last time the incident was updated
- Name string
- The name of the resource
- Provider
Incident stringId - The incident ID assigned by the incident provider
- Provider
Name string - The name of the source provider that generated the incident
- List<string>
- List of resource ids of Analytic rules related to the incident
- Severity string
- The severity of the incident
- Status string
- The status of the incident
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Title string
- The title of the incident
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Classification string
- The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string - The classification reason the incident was closed with
- Description string
- The description of the incident
- Etag string
- Etag of the azure resource
- First
Activity stringTime Utc - The time of the first activity in the incident
- Labels
List<Pulumi.
Azure Native. Security Insights. Outputs. Incident Label Response> - List of labels relevant to this incident
- Last
Activity stringTime Utc - The time of the last activity in the incident
- Owner
Pulumi.
Azure Native. Security Insights. Outputs. Incident Owner Info Response - Describes a user that the incident is assigned to
- Additional
Data IncidentAdditional Data Response - Additional data on the incident
- Azure
Api stringVersion - The Azure API version of the resource.
- Created
Time stringUtc - The time the incident was created
- Id string
- Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
- Incident
Number int - A sequential number
- Incident
Url string - The deep-link url to the incident in Azure portal
- Last
Modified stringTime Utc - The last time the incident was updated
- Name string
- The name of the resource
- Provider
Incident stringId - The incident ID assigned by the incident provider
- Provider
Name string - The name of the source provider that generated the incident
- []string
- List of resource ids of Analytic rules related to the incident
- Severity string
- The severity of the incident
- Status string
- The status of the incident
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Title string
- The title of the incident
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Classification string
- The reason the incident was closed
- Classification
Comment string - Describes the reason the incident was closed
- Classification
Reason string - The classification reason the incident was closed with
- Description string
- The description of the incident
- Etag string
- Etag of the azure resource
- First
Activity stringTime Utc - The time of the first activity in the incident
- Labels
[]Incident
Label Response - List of labels relevant to this incident
- Last
Activity stringTime Utc - The time of the last activity in the incident
- Owner
Incident
Owner Info Response - Describes a user that the incident is assigned to
- additional
Data IncidentAdditional Data Response - Additional data on the incident
- azure
Api StringVersion - The Azure API version of the resource.
- created
Time StringUtc - The time the incident was created
- id String
- Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
- incident
Number Integer - A sequential number
- incident
Url String - The deep-link url to the incident in Azure portal
- last
Modified StringTime Utc - The last time the incident was updated
- name String
- The name of the resource
- provider
Incident StringId - The incident ID assigned by the incident provider
- provider
Name String - The name of the source provider that generated the incident
- List<String>
- List of resource ids of Analytic rules related to the incident
- severity String
- The severity of the incident
- status String
- The status of the incident
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- title String
- The title of the incident
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- classification String
- The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String - The classification reason the incident was closed with
- description String
- The description of the incident
- etag String
- Etag of the azure resource
- first
Activity StringTime Utc - The time of the first activity in the incident
- labels
List<Incident
Label Response> - List of labels relevant to this incident
- last
Activity StringTime Utc - The time of the last activity in the incident
- owner
Incident
Owner Info Response - Describes a user that the incident is assigned to
- additional
Data IncidentAdditional Data Response - Additional data on the incident
- azure
Api stringVersion - The Azure API version of the resource.
- created
Time stringUtc - The time the incident was created
- id string
- Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
- incident
Number number - A sequential number
- incident
Url string - The deep-link url to the incident in Azure portal
- last
Modified stringTime Utc - The last time the incident was updated
- name string
- The name of the resource
- provider
Incident stringId - The incident ID assigned by the incident provider
- provider
Name string - The name of the source provider that generated the incident
- string[]
- List of resource ids of Analytic rules related to the incident
- severity string
- The severity of the incident
- status string
- The status of the incident
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- title string
- The title of the incident
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- classification string
- The reason the incident was closed
- classification
Comment string - Describes the reason the incident was closed
- classification
Reason string - The classification reason the incident was closed with
- description string
- The description of the incident
- etag string
- Etag of the azure resource
- first
Activity stringTime Utc - The time of the first activity in the incident
- labels
Incident
Label Response[] - List of labels relevant to this incident
- last
Activity stringTime Utc - The time of the last activity in the incident
- owner
Incident
Owner Info Response - Describes a user that the incident is assigned to
- additional_
data IncidentAdditional Data Response - Additional data on the incident
- azure_
api_ strversion - The Azure API version of the resource.
- created_
time_ strutc - The time the incident was created
- id str
- Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
- incident_
number int - A sequential number
- incident_
url str - The deep-link url to the incident in Azure portal
- last_
modified_ strtime_ utc - The last time the incident was updated
- name str
- The name of the resource
- provider_
incident_ strid - The incident ID assigned by the incident provider
- provider_
name str - The name of the source provider that generated the incident
- Sequence[str]
- List of resource ids of Analytic rules related to the incident
- severity str
- The severity of the incident
- status str
- The status of the incident
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- title str
- The title of the incident
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- classification str
- The reason the incident was closed
- classification_
comment str - Describes the reason the incident was closed
- classification_
reason str - The classification reason the incident was closed with
- description str
- The description of the incident
- etag str
- Etag of the azure resource
- first_
activity_ strtime_ utc - The time of the first activity in the incident
- labels
Sequence[Incident
Label Response] - List of labels relevant to this incident
- last_
activity_ strtime_ utc - The time of the last activity in the incident
- owner
Incident
Owner Info Response - Describes a user that the incident is assigned to
- additional
Data Property Map - Additional data on the incident
- azure
Api StringVersion - The Azure API version of the resource.
- created
Time StringUtc - The time the incident was created
- id String
- Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
- incident
Number Number - A sequential number
- incident
Url String - The deep-link url to the incident in Azure portal
- last
Modified StringTime Utc - The last time the incident was updated
- name String
- The name of the resource
- provider
Incident StringId - The incident ID assigned by the incident provider
- provider
Name String - The name of the source provider that generated the incident
- List<String>
- List of resource ids of Analytic rules related to the incident
- severity String
- The severity of the incident
- status String
- The status of the incident
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- title String
- The title of the incident
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- classification String
- The reason the incident was closed
- classification
Comment String - Describes the reason the incident was closed
- classification
Reason String - The classification reason the incident was closed with
- description String
- The description of the incident
- etag String
- Etag of the azure resource
- first
Activity StringTime Utc - The time of the first activity in the incident
- labels List<Property Map>
- List of labels relevant to this incident
- last
Activity StringTime Utc - The time of the last activity in the incident
- owner Property Map
- Describes a user that the incident is assigned to
Supporting Types
IncidentAdditionalDataResponse
- Alert
Product List<string>Names - List of product names of alerts in the incident
- Alerts
Count int - The number of alerts in the incident
- Bookmarks
Count int - The number of bookmarks in the incident
- Comments
Count int - The number of comments in the incident
- Provider
Incident stringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- Tactics List<string>
- The tactics associated with incident
- Alert
Product []stringNames - List of product names of alerts in the incident
- Alerts
Count int - The number of alerts in the incident
- Bookmarks
Count int - The number of bookmarks in the incident
- Comments
Count int - The number of comments in the incident
- Provider
Incident stringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- Tactics []string
- The tactics associated with incident
- alert
Product List<String>Names - List of product names of alerts in the incident
- alerts
Count Integer - The number of alerts in the incident
- bookmarks
Count Integer - The number of bookmarks in the incident
- comments
Count Integer - The number of comments in the incident
- provider
Incident StringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- tactics List<String>
- The tactics associated with incident
- alert
Product string[]Names - List of product names of alerts in the incident
- alerts
Count number - The number of alerts in the incident
- bookmarks
Count number - The number of bookmarks in the incident
- comments
Count number - The number of comments in the incident
- provider
Incident stringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- tactics string[]
- The tactics associated with incident
- alert_
product_ Sequence[str]names - List of product names of alerts in the incident
- alerts_
count int - The number of alerts in the incident
- bookmarks_
count int - The number of bookmarks in the incident
- comments_
count int - The number of comments in the incident
- provider_
incident_ strurl - The provider incident url to the incident in Microsoft 365 Defender portal
- tactics Sequence[str]
- The tactics associated with incident
- alert
Product List<String>Names - List of product names of alerts in the incident
- alerts
Count Number - The number of alerts in the incident
- bookmarks
Count Number - The number of bookmarks in the incident
- comments
Count Number - The number of comments in the incident
- provider
Incident StringUrl - The provider incident url to the incident in Microsoft 365 Defender portal
- tactics List<String>
- The tactics associated with incident
IncidentLabelResponse
- label_
name str - The name of the label
- label_
type str - The type of the label
IncidentOwnerInfoResponse
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- Assigned
To string - The name of the user the incident is assigned to.
- Email string
- The email of the user the incident is assigned to.
- Object
Id string - The object id of the user the incident is assigned to.
- Owner
Type string - The type of the owner the incident is assigned to.
- User
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
- assigned
To string - The name of the user the incident is assigned to.
- email string
- The email of the user the incident is assigned to.
- object
Id string - The object id of the user the incident is assigned to.
- owner
Type string - The type of the owner the incident is assigned to.
- user
Principal stringName - The user principal name of the user the incident is assigned to.
- assigned_
to str - The name of the user the incident is assigned to.
- email str
- The email of the user the incident is assigned to.
- object_
id str - The object id of the user the incident is assigned to.
- owner_
type str - The type of the owner the incident is assigned to.
- user_
principal_ strname - The user principal name of the user the incident is assigned to.
- assigned
To String - The name of the user the incident is assigned to.
- email String
- The email of the user the incident is assigned to.
- object
Id String - The object id of the user the incident is assigned to.
- owner
Type String - The type of the owner the incident is assigned to.
- user
Principal StringName - The user principal name of the user the incident is assigned to.
SystemDataResponse
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.2.0 published on Monday, Apr 14, 2025 by Pulumi