azure-native.securityinsights.AnomalySecurityMLAnalyticsSettings
Represents Anomaly Security ML Analytics Settings API Version: 2022-05-01-preview.
Example Usage
Creates or updates a Anomaly Security ML Analytics Settings.
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var anomalySecurityMLAnalyticsSettings = new AzureNative.SecurityInsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", new()
{
AnomalySettingsVersion = 0,
AnomalyVersion = "1.0.5",
CustomizableObservations =
{
{ "multiSelectObservations", null },
{ "prioritizeExcludeObservations", null },
{ "singleSelectObservations", new[]
{
{
{ "description", "Select device vendor of network connection logs from CommonSecurityLog" },
{ "name", "Device vendor" },
{ "rerun", "RerunAlways" },
{ "sequenceNumber", 1 },
{ "supportedValues", new[]
{
"Palo Alto Networks",
"Fortinet",
"Check Point",
} },
{ "supportedValuesKql", null },
{ "value", new[]
{
"Palo Alto Networks",
} },
{ "valuesKql", null },
},
} },
{ "singleValueObservations", null },
{ "thresholdObservations", new[]
{
{
{ "description", "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value" },
{ "maximum", "100" },
{ "minimum", "1" },
{ "name", "Daily data transfer threshold in MB" },
{ "rerun", "RerunAlways" },
{ "sequenceNumber", 1 },
{ "value", "25" },
},
{
{ "description", "Triggers anomalies when number of standard deviations is greater than the chosen value" },
{ "maximum", "10" },
{ "minimum", "2" },
{ "name", "Number of standard deviations" },
{ "rerun", "RerunAlways" },
{ "sequenceNumber", 2 },
{ "value", "3" },
},
} },
},
Description = "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
DisplayName = "Login from unusual region",
Enabled = true,
Frequency = "PT1H",
IsDefaultSettings = true,
Kind = "Anomaly",
RequiredDataConnectors = new[]
{
new AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSourceArgs
{
ConnectorId = "AWS",
DataTypes = new[]
{
"AWSCloudTrail",
},
},
},
ResourceGroupName = "myRg",
SettingsDefinitionId = "f209187f-1d17-4431-94af-c141bf5f23db",
SettingsResourceName = "f209187f-1d17-4431-94af-c141bf5f23db",
SettingsStatus = "Production",
Tactics = new[]
{
"Exfiltration",
"CommandAndControl",
},
Techniques = new[]
{
"T1037",
"T1021",
},
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native/sdk/go/azure/securityinsights"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewAnomalySecurityMLAnalyticsSettings(ctx, "anomalySecurityMLAnalyticsSettings", &securityinsights.AnomalySecurityMLAnalyticsSettingsArgs{
AnomalySettingsVersion: pulumi.Int(0),
AnomalyVersion: pulumi.String("1.0.5"),
CustomizableObservations: pulumi.Any{
MultiSelectObservations: nil,
PrioritizeExcludeObservations: nil,
SingleSelectObservations: []map[string]interface{}{
map[string]interface{}{
"description": "Select device vendor of network connection logs from CommonSecurityLog",
"name": "Device vendor",
"rerun": "RerunAlways",
"sequenceNumber": 1,
"supportedValues": []string{
"Palo Alto Networks",
"Fortinet",
"Check Point",
},
"supportedValuesKql": nil,
"value": []string{
"Palo Alto Networks",
},
"valuesKql": nil,
},
},
SingleValueObservations: nil,
ThresholdObservations: []interface{}{
map[string]interface{}{
"description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
"maximum": "100",
"minimum": "1",
"name": "Daily data transfer threshold in MB",
"rerun": "RerunAlways",
"sequenceNumber": 1,
"value": "25",
},
map[string]interface{}{
"description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
"maximum": "10",
"minimum": "2",
"name": "Number of standard deviations",
"rerun": "RerunAlways",
"sequenceNumber": 2,
"value": "3",
},
},
},
Description: pulumi.String("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
DisplayName: pulumi.String("Login from unusual region"),
Enabled: pulumi.Bool(true),
Frequency: pulumi.String("PT1H"),
IsDefaultSettings: pulumi.Bool(true),
Kind: pulumi.String("Anomaly"),
RequiredDataConnectors: []securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs{
{
ConnectorId: pulumi.String("AWS"),
DataTypes: pulumi.StringArray{
pulumi.String("AWSCloudTrail"),
},
},
},
ResourceGroupName: pulumi.String("myRg"),
SettingsDefinitionId: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
SettingsResourceName: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
SettingsStatus: pulumi.String("Production"),
Tactics: pulumi.StringArray{
pulumi.String("Exfiltration"),
pulumi.String("CommandAndControl"),
},
Techniques: pulumi.StringArray{
pulumi.String("T1037"),
pulumi.String("T1021"),
},
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AnomalySecurityMLAnalyticsSettings;
import com.pulumi.azurenative.securityinsights.AnomalySecurityMLAnalyticsSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var anomalySecurityMLAnalyticsSettings = new AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", AnomalySecurityMLAnalyticsSettingsArgs.builder()
.anomalySettingsVersion(0)
.anomalyVersion("1.0.5")
.customizableObservations(Map.ofEntries(
Map.entry("multiSelectObservations", null),
Map.entry("prioritizeExcludeObservations", null),
Map.entry("singleSelectObservations", Map.ofEntries(
Map.entry("description", "Select device vendor of network connection logs from CommonSecurityLog"),
Map.entry("name", "Device vendor"),
Map.entry("rerun", "RerunAlways"),
Map.entry("sequenceNumber", 1),
Map.entry("supportedValues",
"Palo Alto Networks",
"Fortinet",
"Check Point"),
Map.entry("supportedValuesKql", null),
Map.entry("value", "Palo Alto Networks"),
Map.entry("valuesKql", null)
)),
Map.entry("singleValueObservations", null),
Map.entry("thresholdObservations",
Map.ofEntries(
Map.entry("description", "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value"),
Map.entry("maximum", "100"),
Map.entry("minimum", "1"),
Map.entry("name", "Daily data transfer threshold in MB"),
Map.entry("rerun", "RerunAlways"),
Map.entry("sequenceNumber", 1),
Map.entry("value", "25")
),
Map.ofEntries(
Map.entry("description", "Triggers anomalies when number of standard deviations is greater than the chosen value"),
Map.entry("maximum", "10"),
Map.entry("minimum", "2"),
Map.entry("name", "Number of standard deviations"),
Map.entry("rerun", "RerunAlways"),
Map.entry("sequenceNumber", 2),
Map.entry("value", "3")
))
))
.description("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.")
.displayName("Login from unusual region")
.enabled(true)
.frequency("PT1H")
.isDefaultSettings(true)
.kind("Anomaly")
.requiredDataConnectors(Map.ofEntries(
Map.entry("connectorId", "AWS"),
Map.entry("dataTypes", "AWSCloudTrail")
))
.resourceGroupName("myRg")
.settingsDefinitionId("f209187f-1d17-4431-94af-c141bf5f23db")
.settingsResourceName("f209187f-1d17-4431-94af-c141bf5f23db")
.settingsStatus("Production")
.tactics(
"Exfiltration",
"CommandAndControl")
.techniques(
"T1037",
"T1021")
.workspaceName("myWorkspace")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
anomaly_security_ml_analytics_settings = azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings",
anomaly_settings_version=0,
anomaly_version="1.0.5",
customizable_observations={
"multiSelectObservations": None,
"prioritizeExcludeObservations": None,
"singleSelectObservations": [{
"description": "Select device vendor of network connection logs from CommonSecurityLog",
"name": "Device vendor",
"rerun": "RerunAlways",
"sequenceNumber": 1,
"supportedValues": [
"Palo Alto Networks",
"Fortinet",
"Check Point",
],
"supportedValuesKql": None,
"value": ["Palo Alto Networks"],
"valuesKql": None,
}],
"singleValueObservations": None,
"thresholdObservations": [
{
"description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
"maximum": "100",
"minimum": "1",
"name": "Daily data transfer threshold in MB",
"rerun": "RerunAlways",
"sequenceNumber": 1,
"value": "25",
},
{
"description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
"maximum": "10",
"minimum": "2",
"name": "Number of standard deviations",
"rerun": "RerunAlways",
"sequenceNumber": 2,
"value": "3",
},
],
},
description="When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
display_name="Login from unusual region",
enabled=True,
frequency="PT1H",
is_default_settings=True,
kind="Anomaly",
required_data_connectors=[azure_native.securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs(
connector_id="AWS",
data_types=["AWSCloudTrail"],
)],
resource_group_name="myRg",
settings_definition_id="f209187f-1d17-4431-94af-c141bf5f23db",
settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db",
settings_status="Production",
tactics=[
"Exfiltration",
"CommandAndControl",
],
techniques=[
"T1037",
"T1021",
],
workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const anomalySecurityMLAnalyticsSettings = new azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", {
anomalySettingsVersion: 0,
anomalyVersion: "1.0.5",
customizableObservations: {
multiSelectObservations: undefined,
prioritizeExcludeObservations: undefined,
singleSelectObservations: [{
description: "Select device vendor of network connection logs from CommonSecurityLog",
name: "Device vendor",
rerun: "RerunAlways",
sequenceNumber: 1,
supportedValues: [
"Palo Alto Networks",
"Fortinet",
"Check Point",
],
supportedValuesKql: undefined,
value: ["Palo Alto Networks"],
valuesKql: undefined,
}],
singleValueObservations: undefined,
thresholdObservations: [
{
description: "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
maximum: "100",
minimum: "1",
name: "Daily data transfer threshold in MB",
rerun: "RerunAlways",
sequenceNumber: 1,
value: "25",
},
{
description: "Triggers anomalies when number of standard deviations is greater than the chosen value",
maximum: "10",
minimum: "2",
name: "Number of standard deviations",
rerun: "RerunAlways",
sequenceNumber: 2,
value: "3",
},
],
},
description: "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
displayName: "Login from unusual region",
enabled: true,
frequency: "PT1H",
isDefaultSettings: true,
kind: "Anomaly",
requiredDataConnectors: [{
connectorId: "AWS",
dataTypes: ["AWSCloudTrail"],
}],
resourceGroupName: "myRg",
settingsDefinitionId: "f209187f-1d17-4431-94af-c141bf5f23db",
settingsResourceName: "f209187f-1d17-4431-94af-c141bf5f23db",
settingsStatus: "Production",
tactics: [
"Exfiltration",
"CommandAndControl",
],
techniques: [
"T1037",
"T1021",
],
workspaceName: "myWorkspace",
});
resources:
anomalySecurityMLAnalyticsSettings:
type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
properties:
anomalySettingsVersion: 0
anomalyVersion: 1.0.5
customizableObservations:
multiSelectObservations: null
prioritizeExcludeObservations: null
singleSelectObservations:
- description: Select device vendor of network connection logs from CommonSecurityLog
name: Device vendor
rerun: RerunAlways
sequenceNumber: 1
supportedValues:
- Palo Alto Networks
- Fortinet
- Check Point
supportedValuesKql: null
value:
- Palo Alto Networks
valuesKql: null
singleValueObservations: null
thresholdObservations:
- description: Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value
maximum: '100'
minimum: '1'
name: Daily data transfer threshold in MB
rerun: RerunAlways
sequenceNumber: 1
value: '25'
- description: Triggers anomalies when number of standard deviations is greater than the chosen value
maximum: '10'
minimum: '2'
name: Number of standard deviations
rerun: RerunAlways
sequenceNumber: 2
value: '3'
description: When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.
displayName: Login from unusual region
enabled: true
frequency: PT1H
isDefaultSettings: true
kind: Anomaly
requiredDataConnectors:
- connectorId: AWS
dataTypes:
- AWSCloudTrail
resourceGroupName: myRg
settingsDefinitionId: f209187f-1d17-4431-94af-c141bf5f23db
settingsResourceName: f209187f-1d17-4431-94af-c141bf5f23db
settingsStatus: Production
tactics:
- Exfiltration
- CommandAndControl
techniques:
- T1037
- T1021
workspaceName: myWorkspace
Create AnomalySecurityMLAnalyticsSettings Resource
new AnomalySecurityMLAnalyticsSettings(name: string, args: AnomalySecurityMLAnalyticsSettingsArgs, opts?: CustomResourceOptions);@overload
def AnomalySecurityMLAnalyticsSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
anomaly_settings_version: Optional[int] = None,
anomaly_version: Optional[str] = None,
customizable_observations: Optional[Any] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
enabled: Optional[bool] = None,
frequency: Optional[str] = None,
is_default_settings: Optional[bool] = None,
required_data_connectors: Optional[Sequence[SecurityMLAnalyticsSettingsDataSourceArgs]] = None,
resource_group_name: Optional[str] = None,
settings_definition_id: Optional[str] = None,
settings_resource_name: Optional[str] = None,
settings_status: Optional[Union[str, SettingsStatus]] = None,
tactics: Optional[Sequence[Union[str, AttackTactic]]] = None,
techniques: Optional[Sequence[str]] = None,
workspace_name: Optional[str] = None)
@overload
def AnomalySecurityMLAnalyticsSettings(resource_name: str,
args: AnomalySecurityMLAnalyticsSettingsArgs,
opts: Optional[ResourceOptions] = None)func NewAnomalySecurityMLAnalyticsSettings(ctx *Context, name string, args AnomalySecurityMLAnalyticsSettingsArgs, opts ...ResourceOption) (*AnomalySecurityMLAnalyticsSettings, error)public AnomalySecurityMLAnalyticsSettings(string name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions? opts = null)
public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args)
public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AnomalySecurityMLAnalyticsSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AnomalySecurityMLAnalyticsSettings resource accepts the following input properties:
- Anomaly
Version string The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- Display
Name string The display name for settings created by this SecurityMLAnalyticsSettings.
- Enabled bool
Determines whether this settings is enabled or disabled.
- Frequency string
The frequency that this SecurityMLAnalyticsSettings will be run.
- Is
Default boolSettings Determines whether this anomaly security ml analytics settings is a default settings
- Resource
Group stringName The name of the resource group. The name is case insensitive.
- Settings
Status string | Pulumi.Azure Native. Security Insights. Settings Status The anomaly SecurityMLAnalyticsSettings status
- Workspace
Name string The name of the workspace.
- Anomaly
Settings intVersion The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- Customizable
Observations object The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- Description string
The description of the SecurityMLAnalyticsSettings.
- Required
Data List<Pulumi.Connectors Azure Native. Security Insights. Inputs. Security MLAnalytics Settings Data Source Args> The required data sources for this SecurityMLAnalyticsSettings
- Settings
Definition stringId The anomaly settings definition Id
- Settings
Resource stringName Security ML Analytics Settings resource name
- Tactics
List<Union<string, Pulumi.
Azure Native. Security Insights. Attack Tactic>> The tactics of the SecurityMLAnalyticsSettings
- Techniques List<string>
The techniques of the SecurityMLAnalyticsSettings
- Anomaly
Version string The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- Display
Name string The display name for settings created by this SecurityMLAnalyticsSettings.
- Enabled bool
Determines whether this settings is enabled or disabled.
- Frequency string
The frequency that this SecurityMLAnalyticsSettings will be run.
- Is
Default boolSettings Determines whether this anomaly security ml analytics settings is a default settings
- Resource
Group stringName The name of the resource group. The name is case insensitive.
- Settings
Status string | SettingsStatus The anomaly SecurityMLAnalyticsSettings status
- Workspace
Name string The name of the workspace.
- Anomaly
Settings intVersion The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- Customizable
Observations interface{} The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- Description string
The description of the SecurityMLAnalyticsSettings.
- Required
Data []SecurityConnectors MLAnalytics Settings Data Source Args The required data sources for this SecurityMLAnalyticsSettings
- Settings
Definition stringId The anomaly settings definition Id
- Settings
Resource stringName Security ML Analytics Settings resource name
- Tactics []string
The tactics of the SecurityMLAnalyticsSettings
- Techniques []string
The techniques of the SecurityMLAnalyticsSettings
- anomaly
Version String The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- display
Name String The display name for settings created by this SecurityMLAnalyticsSettings.
- enabled Boolean
Determines whether this settings is enabled or disabled.
- frequency String
The frequency that this SecurityMLAnalyticsSettings will be run.
- is
Default BooleanSettings Determines whether this anomaly security ml analytics settings is a default settings
- resource
Group StringName The name of the resource group. The name is case insensitive.
- settings
Status String | SettingsStatus The anomaly SecurityMLAnalyticsSettings status
- workspace
Name String The name of the workspace.
- anomaly
Settings IntegerVersion The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- customizable
Observations Object The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- description String
The description of the SecurityMLAnalyticsSettings.
- required
Data List<SecurityConnectors MLAnalytics Settings Data Source Args> The required data sources for this SecurityMLAnalyticsSettings
- settings
Definition StringId The anomaly settings definition Id
- settings
Resource StringName Security ML Analytics Settings resource name
- tactics
List<Either<String,Attack
Tactic>> The tactics of the SecurityMLAnalyticsSettings
- techniques List<String>
The techniques of the SecurityMLAnalyticsSettings
- anomaly
Version string The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- display
Name string The display name for settings created by this SecurityMLAnalyticsSettings.
- enabled boolean
Determines whether this settings is enabled or disabled.
- frequency string
The frequency that this SecurityMLAnalyticsSettings will be run.
- is
Default booleanSettings Determines whether this anomaly security ml analytics settings is a default settings
- resource
Group stringName The name of the resource group. The name is case insensitive.
- settings
Status string | SettingsStatus The anomaly SecurityMLAnalyticsSettings status
- workspace
Name string The name of the workspace.
- anomaly
Settings numberVersion The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- customizable
Observations any The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- description string
The description of the SecurityMLAnalyticsSettings.
- required
Data SecurityConnectors MLAnalytics Settings Data Source Args[] The required data sources for this SecurityMLAnalyticsSettings
- settings
Definition stringId The anomaly settings definition Id
- settings
Resource stringName Security ML Analytics Settings resource name
- tactics
(string | Attack
Tactic)[] The tactics of the SecurityMLAnalyticsSettings
- techniques string[]
The techniques of the SecurityMLAnalyticsSettings
- anomaly_
version str The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- display_
name str The display name for settings created by this SecurityMLAnalyticsSettings.
- enabled bool
Determines whether this settings is enabled or disabled.
- frequency str
The frequency that this SecurityMLAnalyticsSettings will be run.
- is_
default_ boolsettings Determines whether this anomaly security ml analytics settings is a default settings
- resource_
group_ strname The name of the resource group. The name is case insensitive.
- settings_
status str | SettingsStatus The anomaly SecurityMLAnalyticsSettings status
- workspace_
name str The name of the workspace.
- anomaly_
settings_ intversion The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- customizable_
observations Any The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- description str
The description of the SecurityMLAnalyticsSettings.
- required_
data_ Sequence[Securityconnectors MLAnalytics Settings Data Source Args] The required data sources for this SecurityMLAnalyticsSettings
- settings_
definition_ strid The anomaly settings definition Id
- settings_
resource_ strname Security ML Analytics Settings resource name
- tactics
Sequence[Union[str, Attack
Tactic]] The tactics of the SecurityMLAnalyticsSettings
- techniques Sequence[str]
The techniques of the SecurityMLAnalyticsSettings
- anomaly
Version String The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- display
Name String The display name for settings created by this SecurityMLAnalyticsSettings.
- enabled Boolean
Determines whether this settings is enabled or disabled.
- frequency String
The frequency that this SecurityMLAnalyticsSettings will be run.
- is
Default BooleanSettings Determines whether this anomaly security ml analytics settings is a default settings
- resource
Group StringName The name of the resource group. The name is case insensitive.
- settings
Status String | "Production" | "Flighting" The anomaly SecurityMLAnalyticsSettings status
- workspace
Name String The name of the workspace.
- anomaly
Settings NumberVersion The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- customizable
Observations Any The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- description String
The description of the SecurityMLAnalyticsSettings.
- required
Data List<Property Map>Connectors The required data sources for this SecurityMLAnalyticsSettings
- settings
Definition StringId The anomaly settings definition Id
- settings
Resource StringName Security ML Analytics Settings resource name
- tactics
List<String | "Reconnaissance" | "Resource
Development" | "Initial Access" | "Execution" | "Persistence" | "Privilege Escalation" | "Defense Evasion" | "Credential Access" | "Discovery" | "Lateral Movement" | "Collection" | "Exfiltration" | "Command And Control" | "Impact" | "Pre Attack" | "Impair Process Control" | "Inhibit Response Function"> The tactics of the SecurityMLAnalyticsSettings
- techniques List<String>
The techniques of the SecurityMLAnalyticsSettings
Outputs
All input properties are implicitly available as output properties. Additionally, the AnomalySecurityMLAnalyticsSettings resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc The last time that this SecurityMLAnalyticsSettings has been modified.
- Name string
The name of the resource
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
Etag of the azure resource
- Id string
The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc The last time that this SecurityMLAnalyticsSettings has been modified.
- Name string
The name of the resource
- System
Data SystemData Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
Etag of the azure resource
- id String
The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc The last time that this SecurityMLAnalyticsSettings has been modified.
- name String
The name of the resource
- system
Data SystemData Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
Etag of the azure resource
- id string
The provider-assigned unique ID for this managed resource.
- last
Modified stringUtc The last time that this SecurityMLAnalyticsSettings has been modified.
- name string
The name of the resource
- system
Data SystemData Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag string
Etag of the azure resource
- id str
The provider-assigned unique ID for this managed resource.
- last_
modified_ strutc The last time that this SecurityMLAnalyticsSettings has been modified.
- name str
The name of the resource
- system_
data SystemData Response Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag str
Etag of the azure resource
- id String
The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc The last time that this SecurityMLAnalyticsSettings has been modified.
- name String
The name of the resource
- system
Data Property Map Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
Etag of the azure resource
Supporting Types
AttackTactic
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- Attack
Tactic Reconnaissance - Reconnaissance
- Attack
Tactic Resource Development - ResourceDevelopment
- Attack
Tactic Initial Access - InitialAccess
- Attack
Tactic Execution - Execution
- Attack
Tactic Persistence - Persistence
- Attack
Tactic Privilege Escalation - PrivilegeEscalation
- Attack
Tactic Defense Evasion - DefenseEvasion
- Attack
Tactic Credential Access - CredentialAccess
- Attack
Tactic Discovery - Discovery
- Attack
Tactic Lateral Movement - LateralMovement
- Attack
Tactic Collection - Collection
- Attack
Tactic Exfiltration - Exfiltration
- Attack
Tactic Command And Control - CommandAndControl
- Attack
Tactic Impact - Impact
- Attack
Tactic Pre Attack - PreAttack
- Attack
Tactic Impair Process Control - ImpairProcessControl
- Attack
Tactic Inhibit Response Function - InhibitResponseFunction
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- RECONNAISSANCE
- Reconnaissance
- RESOURCE_DEVELOPMENT
- ResourceDevelopment
- INITIAL_ACCESS
- InitialAccess
- EXECUTION
- Execution
- PERSISTENCE
- Persistence
- PRIVILEGE_ESCALATION
- PrivilegeEscalation
- DEFENSE_EVASION
- DefenseEvasion
- CREDENTIAL_ACCESS
- CredentialAccess
- DISCOVERY
- Discovery
- LATERAL_MOVEMENT
- LateralMovement
- COLLECTION
- Collection
- EXFILTRATION
- Exfiltration
- COMMAND_AND_CONTROL
- CommandAndControl
- IMPACT
- Impact
- PRE_ATTACK
- PreAttack
- IMPAIR_PROCESS_CONTROL
- ImpairProcessControl
- INHIBIT_RESPONSE_FUNCTION
- InhibitResponseFunction
- "Reconnaissance"
- Reconnaissance
- "Resource
Development" - ResourceDevelopment
- "Initial
Access" - InitialAccess
- "Execution"
- Execution
- "Persistence"
- Persistence
- "Privilege
Escalation" - PrivilegeEscalation
- "Defense
Evasion" - DefenseEvasion
- "Credential
Access" - CredentialAccess
- "Discovery"
- Discovery
- "Lateral
Movement" - LateralMovement
- "Collection"
- Collection
- "Exfiltration"
- Exfiltration
- "Command
And Control" - CommandAndControl
- "Impact"
- Impact
- "Pre
Attack" - PreAttack
- "Impair
Process Control" - ImpairProcessControl
- "Inhibit
Response Function" - InhibitResponseFunction
SecurityMLAnalyticsSettingsDataSource
- Connector
Id string The connector id that provides the following data types
- Data
Types List<string> The data types used by the security ml analytics settings
- Connector
Id string The connector id that provides the following data types
- Data
Types []string The data types used by the security ml analytics settings
- connector
Id String The connector id that provides the following data types
- data
Types List<String> The data types used by the security ml analytics settings
- connector
Id string The connector id that provides the following data types
- data
Types string[] The data types used by the security ml analytics settings
- connector_
id str The connector id that provides the following data types
- data_
types Sequence[str] The data types used by the security ml analytics settings
- connector
Id String The connector id that provides the following data types
- data
Types List<String> The data types used by the security ml analytics settings
SecurityMLAnalyticsSettingsDataSourceResponse
- Connector
Id string The connector id that provides the following data types
- Data
Types List<string> The data types used by the security ml analytics settings
- Connector
Id string The connector id that provides the following data types
- Data
Types []string The data types used by the security ml analytics settings
- connector
Id String The connector id that provides the following data types
- data
Types List<String> The data types used by the security ml analytics settings
- connector
Id string The connector id that provides the following data types
- data
Types string[] The data types used by the security ml analytics settings
- connector_
id str The connector id that provides the following data types
- data_
types Sequence[str] The data types used by the security ml analytics settings
- connector
Id String The connector id that provides the following data types
- data
Types List<String> The data types used by the security ml analytics settings
SettingsStatus
- Production
- Production
Anomaly settings status in Production mode
- Flighting
- Flighting
Anomaly settings status in Flighting mode
- Settings
Status Production - Production
Anomaly settings status in Production mode
- Settings
Status Flighting - Flighting
Anomaly settings status in Flighting mode
- Production
- Production
Anomaly settings status in Production mode
- Flighting
- Flighting
Anomaly settings status in Flighting mode
- Production
- Production
Anomaly settings status in Production mode
- Flighting
- Flighting
Anomaly settings status in Flighting mode
- PRODUCTION
- Production
Anomaly settings status in Production mode
- FLIGHTING
- Flighting
Anomaly settings status in Flighting mode
- "Production"
- Production
Anomaly settings status in Production mode
- "Flighting"
- Flighting
Anomaly settings status in Flighting mode
SystemDataResponse
- Created
At string The timestamp of resource creation (UTC).
- Created
By string The identity that created the resource.
- Created
By stringType The type of identity that created the resource.
- Last
Modified stringAt The timestamp of resource last modification (UTC)
- Last
Modified stringBy The identity that last modified the resource.
- Last
Modified stringBy Type The type of identity that last modified the resource.
- Created
At string The timestamp of resource creation (UTC).
- Created
By string The identity that created the resource.
- Created
By stringType The type of identity that created the resource.
- Last
Modified stringAt The timestamp of resource last modification (UTC)
- Last
Modified stringBy The identity that last modified the resource.
- Last
Modified stringBy Type The type of identity that last modified the resource.
- created
At String The timestamp of resource creation (UTC).
- created
By String The identity that created the resource.
- created
By StringType The type of identity that created the resource.
- last
Modified StringAt The timestamp of resource last modification (UTC)
- last
Modified StringBy The identity that last modified the resource.
- last
Modified StringBy Type The type of identity that last modified the resource.
- created
At string The timestamp of resource creation (UTC).
- created
By string The identity that created the resource.
- created
By stringType The type of identity that created the resource.
- last
Modified stringAt The timestamp of resource last modification (UTC)
- last
Modified stringBy The identity that last modified the resource.
- last
Modified stringBy Type The type of identity that last modified the resource.
- created_
at str The timestamp of resource creation (UTC).
- created_
by str The identity that created the resource.
- created_
by_ strtype The type of identity that created the resource.
- last_
modified_ strat The timestamp of resource last modification (UTC)
- last_
modified_ strby The identity that last modified the resource.
- last_
modified_ strby_ type The type of identity that last modified the resource.
- created
At String The timestamp of resource creation (UTC).
- created
By String The identity that created the resource.
- created
By StringType The type of identity that created the resource.
- last
Modified StringAt The timestamp of resource last modification (UTC)
- last
Modified StringBy The identity that last modified the resource.
- last
Modified StringBy Type The type of identity that last modified the resource.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings f209187f-1d17-4431-94af-c141bf5f23db /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0