Microsoft Azure

Microsoft Azure Tenant Level Activity Log Alert Rules In Alerts Management Resource Provider

Microsoft Azure Tenant Level Activity Log Alert Rules in Alerts Management Resource Provider allows users to create and manage customized alert rules based on activity log events at the tenant level within Azure. This feature enables organizations to proactively monitor and respond to specific activities or behaviors within their Azure environment, helping to identify and mitigate potential security and compliance risks.

GitHub OpenAPI

Documentation

📖
Documentation
https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-create-activity-log-alert-rule

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/microsoft-azure/refs/heads/main/openapitenant-level-activity-log-alert-rules-in-alertsmanagement-resource-provider-openapi-original.yml

OpenAPI Specification

tenant-level-activity-log-alert-rules-in-alertsmanagement-resource-provider-openapi-original.yml Raw ↑ 
swagger: '2.0'
info:
  version: 2023-04-01-preview
  title: Microsoft Azure Tenant Level Activity Log Alert Rules in AlertsManagement Resource Provider
  description: >-
    Tenant Level Activity Log Alert Rules provides rules creation on management
    group level.
host: management.azure.com
schemes:
  - https
consumes:
  - application/json
produces:
  - application/json
security:
  - azure_auth:
      - user_impersonation
securityDefinitions:
  azure_auth:
    type: oauth2
    authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize
    flow: implicit
    description: Azure Active Directory OAuth2 Flow
    scopes:
      user_impersonation: impersonate your user account
paths:
  ? /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.AlertsManagement/tenantActivityLogAlerts/{alertRuleName}
  : put:
      description: Create a new Tenant Activity Log Alert rule or update an existing one.
      operationId: microsoftAzureTenantactivitylogalertsCreateorupdate
      x-ms-examples:
        Create or update a Tenant Activity Log Alert rule for tenant level events:
          $ref: ./examples/TenantActivityLogAlertRule_CreateOrUpdate.json
      parameters:
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter
        - $ref: '#/parameters/TenantActivityLogAlertNameParameter'
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter
        - name: tenantActivityLogAlertRule
          description: The Tenant Activity Log Alert rule to create or use for the update.
          in: body
          required: true
          schema:
            $ref: '#/definitions/TenantActivityLogAlertResource'
      responses:
        '200':
          description: An existing Tenant Activity Log Alert rule was successfully updated.
          schema:
            $ref: '#/definitions/TenantActivityLogAlertResource'
        '201':
          description: A new Tenant Activity Log Alert rule was successfully created.
          schema:
            $ref: '#/definitions/TenantActivityLogAlertResource'
        default:
          description: >-
            An error occurred and the Activity Log Alert rule could not be
            created or updated.
          schema:
            $ref: >-
              ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse
      summary: >-
        Microsoft Azure Put Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts Alertrulename
      tags:
        - Providers
    get:
      description: Get Tenant Activity Log Alert rule.
      operationId: microsoftAzureTenantactivitylogalertsGet
      x-ms-examples:
        Get a Tenant Activity Log Alert rule:
          $ref: ./examples/TenantActivityLogAlertRule_GetRule.json
      parameters:
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter
        - $ref: '#/parameters/TenantActivityLogAlertNameParameter'
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter
      responses:
        '200':
          description: The request succeeded.
          schema:
            $ref: '#/definitions/TenantActivityLogAlertResource'
        default:
          description: >-
            An error occurred and the Activity Log Alert rule could not be
            retrieved.
          schema:
            $ref: >-
              ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse
      summary: >-
        Microsoft Azure Get Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts Alertrulename
      tags:
        - Providers
    delete:
      description: Delete a Tenant Activity Log Alert rule.
      operationId: microsoftAzureTenantactivitylogalertsDelete
      x-ms-examples:
        Delete a Tenant Activity Log Alert rule:
          $ref: ./examples/TenantActivityLogAlertRule_DeleteRule.json
      parameters:
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter
        - $ref: '#/parameters/TenantActivityLogAlertNameParameter'
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter
      responses:
        '200':
          description: The Tenant Activity Log Alert rule was successfully deleted.
        '204':
          description: >-
            The Tenant Activity Log Alert rule does not exist. It may have
            already been deleted.
        default:
          description: >-
            An error occurred and the Activity Log Alert rule could not be
            deleted.
          schema:
            $ref: >-
              ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse
      summary: >-
        Microsoft Azure Delete Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts Alertrulename
      tags:
        - Providers
    patch:
      description: >-
        Updates 'tags' and 'enabled' fields in an existing Tenant Alert rule.
        This method is used to update the Alert rule tags, and to enable or
        disable the Alert rule. To update other fields use CreateOrUpdate
        operation.
      operationId: microsoftAzureTenantactivitylogalertsUpdate
      x-ms-examples:
        Patch a Tenant Activity Log Alert rule:
          $ref: ./examples/TenantActivityLogAlertRule_UpdateRule.json
      parameters:
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter
        - $ref: '#/parameters/TenantActivityLogAlertNameParameter'
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter
        - name: tenantActivityLogAlertRulePatch
          in: body
          required: true
          schema:
            $ref: '#/definitions/TenantAlertRulePatchObject'
          description: Parameters supplied to the operation.
      responses:
        '200':
          description: An existing Activity Log Alert rule was successfully updated.
          schema:
            $ref: '#/definitions/TenantActivityLogAlertResource'
        default:
          description: Error response describing why the operation failed.
          schema:
            $ref: >-
              ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse
      summary: >-
        Microsoft Azure Patch Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts Alertrulename
      tags:
        - Providers
  /providers/Microsoft.AlertsManagement/tenantActivityLogAlerts:
    get:
      description: Get a list of all Tenant Activity Log Alert rules in the tenant.
      operationId: microsoftAzureTenantactivitylogalertsListbytenant
      x-ms-examples:
        List Activity Log Alerts by tenant:
          $ref: ./examples/TenantActivityLogAlertRule_ListByTenant.json
      x-ms-pageable:
        nextLinkName: nextLink
      parameters:
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter
      responses:
        '200':
          description: The request succeeded.
          schema:
            $ref: '#/definitions/TenantAlertRuleList'
        default:
          description: >-
            An error occurred and the list of Activity Log Alert rules could not
            be retrieved.
          schema:
            $ref: >-
              ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse
      summary: Microsoft Azure Get Providers Microsoft Alertsmanagement Tenantactivitylogalerts
      tags:
        - Providers
  ? /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.AlertsManagement/tenantActivityLogAlerts
  : get:
      description: Get a list of all Tenant Activity Log Alert rules in a management group.
      operationId: microsoftAzureTenantactivitylogalertsListbymanagementgroup
      x-ms-examples:
        List Activity Log Alerts by management group:
          $ref: ./examples/TenantActivityLogAlertRule_ListByManagementGroup.json
      x-ms-pageable:
        nextLinkName: nextLink
      parameters:
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter
        - $ref: >-
            ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter
      responses:
        '200':
          description: The request succeeded.
          schema:
            $ref: '#/definitions/TenantAlertRuleList'
        default:
          description: >-
            An error occurred and the list of Activity Log Alert rules could not
            be retrieved.
          schema:
            $ref: >-
              ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse
      summary: >-
        Microsoft Azure Get Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts
      tags:
        - Providers
definitions:
  AzureResource:
    description: An Azure resource object.
    x-ms-azure-resource: true
    type: object
    properties:
      id:
        description: The resource Id.
        type: string
        readOnly: true
      name:
        description: The name of the resource.
        type: string
        readOnly: true
      type:
        description: The type of the resource.
        type: string
        readOnly: true
      location:
        description: >-
          The location of the resource. Since Azure Activity Log Alerts is a
          global service, the location of the rules should always be 'global'.
        type: string
        default: global
        x-ms-mutability:
          - read
          - create
      tags:
        description: The tags of the resource.
        type: object
        additionalProperties:
          type: string
  TenantActivityLogAlertResource:
    type: object
    description: A Tenant Activity Log Alert rule resource.
    required:
      - properties
    allOf:
      - $ref: '#/definitions/AzureResource'
    properties:
      properties:
        description: The Activity Log Alert rule properties of the resource.
        x-ms-client-flatten: true
        $ref: '#/definitions/AlertRuleProperties'
  TenantAlertRuleList:
    type: object
    description: A list of Tenant Activity Log Alert rules.
    properties:
      value:
        description: The list of Tenant Activity Log Alert rules.
        type: array
        items:
          $ref: '#/definitions/TenantActivityLogAlertResource'
        x-ms-identifiers:
          - id
      nextLink:
        description: Provides the link to retrieve the next set of elements.
        type: string
  AlertRuleProperties:
    description: An Azure Activity Log Alert rule.
    type: object
    properties:
      tenantScope:
        description: >-
          The tenant GUID. Must be provided for tenant-level and management
          group events rules.
        type: string
      scopes:
        description: >-
          A list of resource IDs that will be used as prefixes. The alert will
          only apply to Activity Log events with resource IDs that fall under
          one of these prefixes. This list must include at least one item.
        type: array
        items:
          type: string
      condition:
        description: The condition that will cause this alert to activate.
        $ref: '#/definitions/AlertRuleAllOfCondition'
      actions:
        description: The actions that will activate when the condition is met.
        $ref: '#/definitions/ActionList'
      enabled:
        description: >-
          Indicates whether this Activity Log Alert rule is enabled. If an
          Activity Log Alert rule is not enabled, then none of its actions will
          be activated.
        type: boolean
        default: true
      description:
        description: A description of this Activity Log Alert rule.
        type: string
    required:
      - condition
      - actions
  AlertRuleAllOfCondition:
    description: >-
      An Activity Log Alert rule condition that is met when all its member
      conditions are met.
    type: object
    properties:
      allOf:
        description: The list of Activity Log Alert rule conditions.
        type: array
        items:
          $ref: '#/definitions/AlertRuleAnyOfOrLeafCondition'
        x-ms-identifiers: []
    required:
      - allOf
  AlertRuleAnyOfOrLeafCondition:
    description: >
      An Activity Log Alert rule condition that is met when all its member
      conditions are met.

      Each condition can be of one of the following types:

      __Important__: Each type has its unique subset of properties. Properties
      from different types CANNOT exist in one condition.
         * __Leaf Condition -__ must contain 'field' and either 'equals' or 'containsAny'.
        _Please note, 'anyOf' should __not__ be set in a Leaf Condition._
        * __AnyOf Condition -__ must contain __only__ 'anyOf' (which is an array of Leaf Conditions).
        _Please note, 'field', 'equals' and 'containsAny' should __not__ be set in an AnyOf Condition._
    type: object
    allOf:
      - $ref: '#/definitions/AlertRuleLeafCondition'
    properties:
      anyOf:
        title: An Activity Log Alert rule 'anyOf' condition.
        description: >-
          An Activity Log Alert rule condition that is met when at least one of
          its member leaf conditions are met.
        type: array
        items:
          $ref: '#/definitions/AlertRuleLeafCondition'
        x-ms-identifiers: []
  AlertRuleLeafCondition:
    description: >-
      An Activity Log Alert rule condition that is met by comparing the field
      and value of an Activity Log event.

      This condition must contain 'field' and either 'equals' or 'containsAny'.
    type: object
    properties:
      field:
        description: >-
          The name of the Activity Log event's field that this condition will
          examine.

          The possible values for this field are (case-insensitive):
          'resourceId', 'category', 'caller', 'level', 'operationName',
          'resourceGroup', 'resourceProvider', 'status', 'subStatus',
          'resourceType', or anything beginning with 'properties'.
        type: string
      equals:
        description: >-
          The value of the event's field will be compared to this value
          (case-insensitive) to determine if the condition is met.
        type: string
      containsAny:
        description: >-
          The value of the event's field will be compared to the values in this
          array (case-insensitive) to determine if the condition is met.
        type: array
        items:
          type: string
  ActionList:
    type: object
    description: A list of Activity Log Alert rule actions.
    properties:
      actionGroups:
        description: The list of the Action Groups.
        type: array
        items:
          $ref: '#/definitions/ActionGroup'
        x-ms-identifiers:
          - actionGroupId
  ActionGroup:
    type: object
    description: A pointer to an Azure Action Group.
    properties:
      actionGroupId:
        description: The resource ID of the Action Group. This cannot be null or empty.
        type: string
      webhookProperties:
        type: object
        description: >-
          the dictionary of custom properties to include with the post
          operation. These data are appended to the webhook payload.
        additionalProperties:
          type: string
      actionProperties:
        type: object
        additionalProperties:
          type: string
        description: >-
          Predefined list of properties and configuration items for the action
          group.
    required:
      - actionGroupId
  TenantAlertRulePatchObject:
    type: object
    description: An Activity Log Alert rule object for the body of patch operations.
    properties:
      tags:
        type: object
        description: The resource tags
        additionalProperties:
          type: string
      properties:
        x-ms-client-flatten: true
        $ref: '#/definitions/TenantAlertRulePatchProperties'
        description: The activity log alert settings for an update operation.
  TenantAlertRulePatchProperties:
    type: object
    description: An Activity Log Alert rule properties for patch operations.
    properties:
      enabled:
        description: >-
          Indicates whether this Activity Log Alert rule is enabled. If an
          Activity Log Alert rule is not enabled, then none of its actions will
          be activated.
        type: boolean
        default: true
parameters:
  TenantActivityLogAlertNameParameter:
    name: alertRuleName
    in: path
    required: true
    type: string
    pattern: ^[-\w\._\(\)]+$
    description: The name of the Tenant Activity Log Alert rule.
    x-ms-parameter-location: method
tags:
  - name: Providers