Add eventGroupingSettings to NRT alert rules (#20422)

Azure · Aug 29, 2022 · 07c5cc8 · 07c5cc8
1 parent 195918b
commit 07c5cc8
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/...ts/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/AlertRules.json b/...ts/resource-manager/Microsoft.SecurityInsights/preview/2022-09-01-preview/AlertRules.json
@@ -793,6 +793,10 @@
           "type": "object",
           "$ref": "#/definitions/AlertDetailsOverride",
           "description": "The alert details override settings"
+        },
+        "eventGroupingSettings": {
+          "$ref": "#/definitions/EventGroupingSettings",
+          "description": "The event grouping settings."
         }
       },
       "type": "object"
@@ -1751,6 +1755,10 @@
           "type": "object",
           "$ref": "#/definitions/AlertDetailsOverride",
           "description": "The alert details override settings"
+        },
+        "eventGroupingSettings": {
+          "$ref": "#/definitions/EventGroupingSettings",
+          "description": "The event grouping settings."
         }
       },
       "required": [

diff --git a/...t.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateNrtAlertRule.json b/...t.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/CreateNrtAlertRule.json
@@ -68,6 +68,9 @@
           "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden",
           "suppressionDuration": "PT1H",
           "suppressionEnabled": false,
+          "eventGroupingSettings": {
+            "aggregationKind": "AlertPerResult"
+          },
           "lastModifiedUtc": "2019-01-01T13:15:30Z",
           "incidentConfiguration": {
             "createIncident": true,
@@ -109,6 +112,9 @@
           "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden",
           "suppressionDuration": "PT1H",
           "suppressionEnabled": false,
+          "eventGroupingSettings": {
+            "aggregationKind": "AlertPerResult"
+          },
           "lastModifiedUtc": "2019-01-01T13:15:30Z",
           "incidentConfiguration": {
             "createIncident": true,

diff --git a/...soft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetNrtAlertRule.json b/...soft.SecurityInsights/preview/2022-09-01-preview/examples/alertRules/GetNrtAlertRule.json
@@ -31,6 +31,9 @@
           "query": "ProtectionStatus | extend HostCustomEntity = Computer | extend IPCustomEntity = ComputerIP_Hidden",
           "suppressionDuration": "PT1H",
           "suppressionEnabled": false,
+          "eventGroupingSettings": {
+            "aggregationKind": "AlertPerResult"
+          },
           "lastModifiedUtc": "2019-01-01T13:15:30Z",
           "incidentConfiguration": {
             "createIncident": true,