Security Automation

Security Automation in Azure Security Center lets you create automated workflows that respond to security alerts and recommendations. It can trigger actions such as sending notifications, creating tickets, or running logic apps whenever defined conditions are met. This helps streamline incident response and reduce manual effort.

azure.security_automation

Fields

TitleIDTypeData TypeDescription
_keycorestring
actionscorejsonA collection of the actions which are triggered if all the configured rules evaluations, within at least one rule set, are true.
descriptioncorestringThe security automation description.
etagcorestringEntity tag is used for comparing two or more entities from the same requested resource.
idcorestringResource Id
is_enabledcoreboolIndicates whether the security automation is enabled.
kindcorestringKind of the resource
locationcorestringLocation where the resource is stored
namecorestringResource name
resource_groupcorestring
scopescorejsonA collection of scopes on which the security automations logic is applied. Supported scopes are the subscription itself or a resource group under that subscription. The automation will only apply on defined scopes.
sourcescorejsonA collection of the source event types which evaluate the security automation set of rules.
subscription_idcorestring
subscription_namecorestring
tagscorehstore_csv
typecorestringResource type