Create or Update MSSIC Alert Rule

description create or update a microsoft security incident creation alert rule in azure sentinel, including subscription, resource group, workspace, and rule specifics endpoint url /subscriptions/{{subscriptionid}}/resourcegroups/{{resourcegroupname}}/providers/microsoft operationalinsights/workspaces/{{workspacename}}/providers/microsoft securityinsights/alertrules/{{ruleid}} method put inputs path parameters (object) – required subscriptionid (string) – required the id of the target subscription resourcegroupname (string) – required the name of the resource group the name is case insensitive workspacename (string) – required the name of the workspace regex pattern ^\[a za z0 9]\[a za z0 9 ]+\[a za z0 9]$ ruleid (string) – required alert rule id parameters (object) – required api version (string) – required the api version to use for this operation json body (object) – required etag (string) kind (string) properties (object) – required productfilter (string) – required displayname (string) – required the display name for alerts created by this alert rule enabled (boolean) – required determines whether this alert rule is enabled or disabled alertruletemplatename (string) the name of the alert rule template used to create this rule description (string) the description of the alert rule displaynamesexcludefilter (array) the alerts' displaynames on which the cases will not be generated displaynamesfilter (array) the alerts' displaynames on which the cases will be generated severitiesfilter (array) the alerts' severities on which the cases will be generated output example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "/subscriptions/d0cfe6b2 9ac0 4464 9919 dccaee2e48c0/resourcegroups/myrg/providers/microsoft operationalinsights/workspaces/myworkspace/providers/microsoft securityinsights/alertrules/microsoftsecurityincidentcreationruleexample", "name" "microsoftsecurityincidentcreationruleexample", "etag" "\\"260097e0 0000 0d00 0000 5d6fa88f0000\\"", "type" "microsoft securityinsights/alertrules", "kind" "microsoftsecurityincidentcreation", "properties" { "productfilter" "microsoft cloud app security", "severitiesfilter" null, "displaynamesfilter" null, "displayname" "testing displayname", "enabled" true, "description" null, "alertruletemplatename" null, "lastmodifiedutc" "2019 09 04t12 05 35 7296311z" } } } ] output parameters status code (number) reason (string) json body (object) id (string) name (string) etag (string) type (string) kind (string) properties (object) productfilter (string) severitiesfilter (object) displaynamesfilter (object) displayname (string) enabled (boolean) description (object) alertruletemplatename (object) lastmodifiedutc (string)