Support for Defender for Cloud alerts suppression rules

[DmitriSmirnovCTL]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Will appreciate an ability to manage alerts suppression rules for Microsoft Defender for Cloud using terraform resource (in addition to portal, API and CLI).

New or Affected Resource(s)/Data Source(s)

azurerm_security_center_alert_rule_suppression

Potential Terraform Configuration

resource "azurerm_security_center_alert_rule_suppression" "suppression" {
  name              = "${var.environment}-suppression"
  subscription_id   = data.azurerm_subscription.current.id
  alert-type        = "SQL.DW_GeoAnomaly"
  end_date_utc      = "2030-10-30"

  scope {
    field         = "entities.ip.address"
    any-of        = "10.0.0.0/16;192.168.0.0/16"
  }

}

References

https://docs.microsoft.com/en-us/cli/azure/security/alerts-suppression-rule?view=azure-cli-latest#az-security-alerts-suppression-rule-update

[sidanaabhi]

Any update on when this feature will be implemented?