DSCResources/MSFT_SCProtectionAlert/MSFT_SCProtectionAlert.schema.mof
[ClassVersion("1.0.0.0"), FriendlyName("SCProtectionAlert")]
class MSFT_SCProtectionAlert : OMI_BaseResource { [Write, Description("Specifies the scope for aggregated alert policies")] String AlertBy[]; [Write, Description("This parameter is reserved for internal Microsoft use")] String AlertFor[]; [Write, Description("Specifies how the alert policy triggers alerts for multiple occurrences of monitored activity"), ValueMap{"None", "SimpleAggregation", "AnomalousAggregation", "CustomAggregation"}, Values{"None", "SimpleAggregation", "AnomalousAggregation", "CustomAggregation"}] String AggregationType; [Write, Description("Specifies a category for the alert policy")] String Category; [Write, Description("Specifies an optional comment")] String Comment; [Write, Description("Enables or disables the alert policy")] Boolean Disabled; [Write, Description("Specify if this alert should exist or not."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; [Write, Description("The Filter parameter uses OPATH syntax to filter the results by the specified properties and values")] String Filter; [Key, Description("Specifies the unique name for the alert policy")] String Name; [Write, Description("Specifies the language or locale that's used for notifications. For example, da-DK for Danish")] String NotificationCulture; [Write, Description("NotificationEnabled true or false")] Boolean NotificationEnabled; [Write, Description("Specifies whether to trigger an alert for a single event when the alert policy is configured for aggregated activity")] Boolean NotifyUserOnFilterMatch; [Write, Description("Specifies whether to temporarily suspend notifications for the alert policy. Until the specified date-time, no notifications are sent for detected activities.")] DateTime NotifyUserSuppressionExpiryDate; [Write, Description("Specifies the maximum number of notifications for the alert policy within the time period specified by the NotifyUserThrottleWindow parameter. Once the maximum number of notifications has been reached in the time period, no more notifications are sent for the alert.")] UInt32 NotifyUserThrottleThreshold; [Write, Description("Specifies the time interval in minutes that's used by the NotifyUserThrottleThreshold parameter")] UInt32 NotifyUserThrottleWindow; [Write, Description("Specifies the SMTP address of the user who receives notification messages for the alert policy. You can specify multiple values separated by commas")] String NotifyUser[]; [Write, Description("Specifies the activities that are monitored by the alert policy")] String Operation[]; [Write, Description("PrivacyManagementScopedSensitiveInformationTypes")] String PrivacyManagementScopedSensitiveInformationTypes[]; [Write, Description("PrivacyManagementScopedSensitiveInformationTypesForCounting")] String PrivacyManagementScopedSensitiveInformationTypesForCounting[]; [Write, Description("PrivacyManagementScopedSensitiveInformationTypesThreshold")] UInt64 PrivacyManagementScopedSensitiveInformationTypesThreshold; [Write, Description("specifies the severity of the detection"), ValueMap{"Low", "Medium", "High", "Informational"}, Values{"Low", "Medium", "High", "Informational"}] String Severity; [Write, Description("Specifies the type of activities that are monitored by the alert policy"), ValueMap{"Activity", "Malware", "Phish", "Malicious","MaliciousUrlClick", "MailFlow"}, Values{"Activity", "Malware", "Phish", "Malicious","MaliciousUrlClick", "MailFlow"}] String ThreatType; [Write, Description("Specifies the number of detections that trigger the alert policy within the time period specified by the TimeWindow parameter. A valid value is an integer that's greater than or equal to 3.")] UInt32 Threshold; [Write, Description("Specifies the time interval in minutes for number of detections specified by the Threshold parameter. A valid value is an integer that's greater than 60 (one hour).")] UInt32 TimeWindow; [Write, Description("Volume Threshold")] UInt32 VolumeThreshold; [Write, Description("Credentials of the Global Admin"), EmbeddedInstance("MSFT_Credential")] string Credential; [Write, Description("Id of the Azure Active Directory application to authenticate with.")] String ApplicationId; [Write, Description("Id of the Azure Active Directory tenant used for authentication.")] String TenantId; [Write, Description("Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.")] String CertificateThumbprint; [Write, Description("Username can be made up to anything but password will be used for CertificatePassword"), EmbeddedInstance("MSFT_Credential")] String CertificatePassword; [Write, Description("Path to certificate used in service principal usually a PFX file.")] String CertificatePath; }; |