swagger: '2.0' info: version: 2023-04-01-preview title: Microsoft Azure Tenant Level Activity Log Alert Rules in AlertsManagement Resource Provider description: >- Tenant Level Activity Log Alert Rules provides rules creation on management group level. host: management.azure.com schemes: - https consumes: - application/json produces: - application/json security: - azure_auth: - user_impersonation securityDefinitions: azure_auth: type: oauth2 authorizationUrl: https://login.microsoftonline.com/common/oauth2/authorize flow: implicit description: Azure Active Directory OAuth2 Flow scopes: user_impersonation: impersonate your user account paths: ? /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.AlertsManagement/tenantActivityLogAlerts/{alertRuleName} : put: description: Create a new Tenant Activity Log Alert rule or update an existing one. operationId: microsoftAzureTenantactivitylogalertsCreateorupdate x-ms-examples: Create or update a Tenant Activity Log Alert rule for tenant level events: $ref: ./examples/TenantActivityLogAlertRule_CreateOrUpdate.json parameters: - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter - $ref: '#/parameters/TenantActivityLogAlertNameParameter' - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter - name: tenantActivityLogAlertRule description: The Tenant Activity Log Alert rule to create or use for the update. in: body required: true schema: $ref: '#/definitions/TenantActivityLogAlertResource' responses: '200': description: An existing Tenant Activity Log Alert rule was successfully updated. schema: $ref: '#/definitions/TenantActivityLogAlertResource' '201': description: A new Tenant Activity Log Alert rule was successfully created. schema: $ref: '#/definitions/TenantActivityLogAlertResource' default: description: >- An error occurred and the Activity Log Alert rule could not be created or updated. schema: $ref: >- ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse summary: >- Microsoft Azure Put Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts Alertrulename tags: - Providers get: description: Get Tenant Activity Log Alert rule. operationId: microsoftAzureTenantactivitylogalertsGet x-ms-examples: Get a Tenant Activity Log Alert rule: $ref: ./examples/TenantActivityLogAlertRule_GetRule.json parameters: - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter - $ref: '#/parameters/TenantActivityLogAlertNameParameter' - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter responses: '200': description: The request succeeded. schema: $ref: '#/definitions/TenantActivityLogAlertResource' default: description: >- An error occurred and the Activity Log Alert rule could not be retrieved. schema: $ref: >- ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse summary: >- Microsoft Azure Get Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts Alertrulename tags: - Providers delete: description: Delete a Tenant Activity Log Alert rule. operationId: microsoftAzureTenantactivitylogalertsDelete x-ms-examples: Delete a Tenant Activity Log Alert rule: $ref: ./examples/TenantActivityLogAlertRule_DeleteRule.json parameters: - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter - $ref: '#/parameters/TenantActivityLogAlertNameParameter' - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter responses: '200': description: The Tenant Activity Log Alert rule was successfully deleted. '204': description: >- The Tenant Activity Log Alert rule does not exist. It may have already been deleted. default: description: >- An error occurred and the Activity Log Alert rule could not be deleted. schema: $ref: >- ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse summary: >- Microsoft Azure Delete Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts Alertrulename tags: - Providers patch: description: >- Updates 'tags' and 'enabled' fields in an existing Tenant Alert rule. This method is used to update the Alert rule tags, and to enable or disable the Alert rule. To update other fields use CreateOrUpdate operation. operationId: microsoftAzureTenantactivitylogalertsUpdate x-ms-examples: Patch a Tenant Activity Log Alert rule: $ref: ./examples/TenantActivityLogAlertRule_UpdateRule.json parameters: - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter - $ref: '#/parameters/TenantActivityLogAlertNameParameter' - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter - name: tenantActivityLogAlertRulePatch in: body required: true schema: $ref: '#/definitions/TenantAlertRulePatchObject' description: Parameters supplied to the operation. responses: '200': description: An existing Activity Log Alert rule was successfully updated. schema: $ref: '#/definitions/TenantActivityLogAlertResource' default: description: Error response describing why the operation failed. schema: $ref: >- ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse summary: >- Microsoft Azure Patch Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts Alertrulename tags: - Providers /providers/Microsoft.AlertsManagement/tenantActivityLogAlerts: get: description: Get a list of all Tenant Activity Log Alert rules in the tenant. operationId: microsoftAzureTenantactivitylogalertsListbytenant x-ms-examples: List Activity Log Alerts by tenant: $ref: ./examples/TenantActivityLogAlertRule_ListByTenant.json x-ms-pageable: nextLinkName: nextLink parameters: - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter responses: '200': description: The request succeeded. schema: $ref: '#/definitions/TenantAlertRuleList' default: description: >- An error occurred and the list of Activity Log Alert rules could not be retrieved. schema: $ref: >- ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse summary: Microsoft Azure Get Providers Microsoft Alertsmanagement Tenantactivitylogalerts tags: - Providers ? /providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.AlertsManagement/tenantActivityLogAlerts : get: description: Get a list of all Tenant Activity Log Alert rules in a management group. operationId: microsoftAzureTenantactivitylogalertsListbymanagementgroup x-ms-examples: List Activity Log Alerts by management group: $ref: ./examples/TenantActivityLogAlertRule_ListByManagementGroup.json x-ms-pageable: nextLinkName: nextLink parameters: - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter - $ref: >- ../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter responses: '200': description: The request succeeded. schema: $ref: '#/definitions/TenantAlertRuleList' default: description: >- An error occurred and the list of Activity Log Alert rules could not be retrieved. schema: $ref: >- ../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse summary: >- Microsoft Azure Get Providers Microsoft Management Managementgroups Managementgroupname Providers Microsoft Alertsmanagement Tenantactivitylogalerts tags: - Providers definitions: AzureResource: description: An Azure resource object. x-ms-azure-resource: true type: object properties: id: description: The resource Id. type: string readOnly: true name: description: The name of the resource. type: string readOnly: true type: description: The type of the resource. type: string readOnly: true location: description: >- The location of the resource. Since Azure Activity Log Alerts is a global service, the location of the rules should always be 'global'. type: string default: global x-ms-mutability: - read - create tags: description: The tags of the resource. type: object additionalProperties: type: string TenantActivityLogAlertResource: type: object description: A Tenant Activity Log Alert rule resource. required: - properties allOf: - $ref: '#/definitions/AzureResource' properties: properties: description: The Activity Log Alert rule properties of the resource. x-ms-client-flatten: true $ref: '#/definitions/AlertRuleProperties' TenantAlertRuleList: type: object description: A list of Tenant Activity Log Alert rules. properties: value: description: The list of Tenant Activity Log Alert rules. type: array items: $ref: '#/definitions/TenantActivityLogAlertResource' x-ms-identifiers: - id nextLink: description: Provides the link to retrieve the next set of elements. type: string AlertRuleProperties: description: An Azure Activity Log Alert rule. type: object properties: tenantScope: description: >- The tenant GUID. Must be provided for tenant-level and management group events rules. type: string scopes: description: >- A list of resource IDs that will be used as prefixes. The alert will only apply to Activity Log events with resource IDs that fall under one of these prefixes. This list must include at least one item. type: array items: type: string condition: description: The condition that will cause this alert to activate. $ref: '#/definitions/AlertRuleAllOfCondition' actions: description: The actions that will activate when the condition is met. $ref: '#/definitions/ActionList' enabled: description: >- Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. type: boolean default: true description: description: A description of this Activity Log Alert rule. type: string required: - condition - actions AlertRuleAllOfCondition: description: >- An Activity Log Alert rule condition that is met when all its member conditions are met. type: object properties: allOf: description: The list of Activity Log Alert rule conditions. type: array items: $ref: '#/definitions/AlertRuleAnyOfOrLeafCondition' x-ms-identifiers: [] required: - allOf AlertRuleAnyOfOrLeafCondition: description: > An Activity Log Alert rule condition that is met when all its member conditions are met. Each condition can be of one of the following types: __Important__: Each type has its unique subset of properties. Properties from different types CANNOT exist in one condition. * __Leaf Condition -__ must contain 'field' and either 'equals' or 'containsAny'. _Please note, 'anyOf' should __not__ be set in a Leaf Condition._ * __AnyOf Condition -__ must contain __only__ 'anyOf' (which is an array of Leaf Conditions). _Please note, 'field', 'equals' and 'containsAny' should __not__ be set in an AnyOf Condition._ type: object allOf: - $ref: '#/definitions/AlertRuleLeafCondition' properties: anyOf: title: An Activity Log Alert rule 'anyOf' condition. description: >- An Activity Log Alert rule condition that is met when at least one of its member leaf conditions are met. type: array items: $ref: '#/definitions/AlertRuleLeafCondition' x-ms-identifiers: [] AlertRuleLeafCondition: description: >- An Activity Log Alert rule condition that is met by comparing the field and value of an Activity Log event. This condition must contain 'field' and either 'equals' or 'containsAny'. type: object properties: field: description: >- The name of the Activity Log event's field that this condition will examine. The possible values for this field are (case-insensitive): 'resourceId', 'category', 'caller', 'level', 'operationName', 'resourceGroup', 'resourceProvider', 'status', 'subStatus', 'resourceType', or anything beginning with 'properties'. type: string equals: description: >- The value of the event's field will be compared to this value (case-insensitive) to determine if the condition is met. type: string containsAny: description: >- The value of the event's field will be compared to the values in this array (case-insensitive) to determine if the condition is met. type: array items: type: string ActionList: type: object description: A list of Activity Log Alert rule actions. properties: actionGroups: description: The list of the Action Groups. type: array items: $ref: '#/definitions/ActionGroup' x-ms-identifiers: - actionGroupId ActionGroup: type: object description: A pointer to an Azure Action Group. properties: actionGroupId: description: The resource ID of the Action Group. This cannot be null or empty. type: string webhookProperties: type: object description: >- the dictionary of custom properties to include with the post operation. These data are appended to the webhook payload. additionalProperties: type: string actionProperties: type: object additionalProperties: type: string description: >- Predefined list of properties and configuration items for the action group. required: - actionGroupId TenantAlertRulePatchObject: type: object description: An Activity Log Alert rule object for the body of patch operations. properties: tags: type: object description: The resource tags additionalProperties: type: string properties: x-ms-client-flatten: true $ref: '#/definitions/TenantAlertRulePatchProperties' description: The activity log alert settings for an update operation. TenantAlertRulePatchProperties: type: object description: An Activity Log Alert rule properties for patch operations. properties: enabled: description: >- Indicates whether this Activity Log Alert rule is enabled. If an Activity Log Alert rule is not enabled, then none of its actions will be activated. type: boolean default: true parameters: TenantActivityLogAlertNameParameter: name: alertRuleName in: path required: true type: string pattern: ^[-\w\._\(\)]+$ description: The name of the Tenant Activity Log Alert rule. x-ms-parameter-location: method tags: - name: Providers