1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. AnomalySecurityMLAnalyticsSettings
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.8.0 published on Monday, Sep 18, 2023 by Pulumi

azure-native.securityinsights.AnomalySecurityMLAnalyticsSettings

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.8.0 published on Monday, Sep 18, 2023 by Pulumi

    Represents Anomaly Security ML Analytics Settings Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2022-05-01-preview

    Example Usage

    Creates or updates a Anomaly Security ML Analytics Settings.

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var anomalySecurityMLAnalyticsSettings = new AzureNative.SecurityInsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", new()
        {
            AnomalySettingsVersion = 0,
            AnomalyVersion = "1.0.5",
            CustomizableObservations = 
            {
                { "multiSelectObservations", null },
                { "prioritizeExcludeObservations", null },
                { "singleSelectObservations", new[]
                {
                    
                    {
                        { "description", "Select device vendor of network connection logs from CommonSecurityLog" },
                        { "name", "Device vendor" },
                        { "rerun", "RerunAlways" },
                        { "sequenceNumber", 1 },
                        { "supportedValues", new[]
                        {
                            "Palo Alto Networks",
                            "Fortinet",
                            "Check Point",
                        } },
                        { "supportedValuesKql", null },
                        { "value", new[]
                        {
                            "Palo Alto Networks",
                        } },
                        { "valuesKql", null },
                    },
                } },
                { "singleValueObservations", null },
                { "thresholdObservations", new[]
                {
                    
                    {
                        { "description", "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value" },
                        { "maximum", "100" },
                        { "minimum", "1" },
                        { "name", "Daily data transfer threshold in MB" },
                        { "rerun", "RerunAlways" },
                        { "sequenceNumber", 1 },
                        { "value", "25" },
                    },
                    
                    {
                        { "description", "Triggers anomalies when number of standard deviations is greater than the chosen value" },
                        { "maximum", "10" },
                        { "minimum", "2" },
                        { "name", "Number of standard deviations" },
                        { "rerun", "RerunAlways" },
                        { "sequenceNumber", 2 },
                        { "value", "3" },
                    },
                } },
            },
            Description = "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
            DisplayName = "Login from unusual region",
            Enabled = true,
            Frequency = "PT1H",
            IsDefaultSettings = true,
            Kind = "Anomaly",
            RequiredDataConnectors = new[]
            {
                new AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSourceArgs
                {
                    ConnectorId = "AWS",
                    DataTypes = new[]
                    {
                        "AWSCloudTrail",
                    },
                },
            },
            ResourceGroupName = "myRg",
            SettingsDefinitionId = "f209187f-1d17-4431-94af-c141bf5f23db",
            SettingsResourceName = "f209187f-1d17-4431-94af-c141bf5f23db",
            SettingsStatus = "Production",
            Tactics = new[]
            {
                "Exfiltration",
                "CommandAndControl",
            },
            Techniques = new[]
            {
                "T1037",
                "T1021",
            },
            WorkspaceName = "myWorkspace",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := securityinsights.NewAnomalySecurityMLAnalyticsSettings(ctx, "anomalySecurityMLAnalyticsSettings", &securityinsights.AnomalySecurityMLAnalyticsSettingsArgs{
    			AnomalySettingsVersion: pulumi.Int(0),
    			AnomalyVersion:         pulumi.String("1.0.5"),
    			CustomizableObservations: pulumi.Any{
    				MultiSelectObservations:       nil,
    				PrioritizeExcludeObservations: nil,
    				SingleSelectObservations: []map[string]interface{}{
    					map[string]interface{}{
    						"description":    "Select device vendor of network connection logs from CommonSecurityLog",
    						"name":           "Device vendor",
    						"rerun":          "RerunAlways",
    						"sequenceNumber": 1,
    						"supportedValues": []string{
    							"Palo Alto Networks",
    							"Fortinet",
    							"Check Point",
    						},
    						"supportedValuesKql": nil,
    						"value": []string{
    							"Palo Alto Networks",
    						},
    						"valuesKql": nil,
    					},
    				},
    				SingleValueObservations: nil,
    				ThresholdObservations: []interface{}{
    					map[string]interface{}{
    						"description":    "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
    						"maximum":        "100",
    						"minimum":        "1",
    						"name":           "Daily data transfer threshold in MB",
    						"rerun":          "RerunAlways",
    						"sequenceNumber": 1,
    						"value":          "25",
    					},
    					map[string]interface{}{
    						"description":    "Triggers anomalies when number of standard deviations is greater than the chosen value",
    						"maximum":        "10",
    						"minimum":        "2",
    						"name":           "Number of standard deviations",
    						"rerun":          "RerunAlways",
    						"sequenceNumber": 2,
    						"value":          "3",
    					},
    				},
    			},
    			Description:       pulumi.String("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
    			DisplayName:       pulumi.String("Login from unusual region"),
    			Enabled:           pulumi.Bool(true),
    			Frequency:         pulumi.String("PT1H"),
    			IsDefaultSettings: pulumi.Bool(true),
    			Kind:              pulumi.String("Anomaly"),
    			RequiredDataConnectors: []securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs{
    				{
    					ConnectorId: pulumi.String("AWS"),
    					DataTypes: pulumi.StringArray{
    						pulumi.String("AWSCloudTrail"),
    					},
    				},
    			},
    			ResourceGroupName:    pulumi.String("myRg"),
    			SettingsDefinitionId: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
    			SettingsResourceName: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
    			SettingsStatus:       pulumi.String("Production"),
    			Tactics: pulumi.StringArray{
    				pulumi.String("Exfiltration"),
    				pulumi.String("CommandAndControl"),
    			},
    			Techniques: pulumi.StringArray{
    				pulumi.String("T1037"),
    				pulumi.String("T1021"),
    			},
    			WorkspaceName: pulumi.String("myWorkspace"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.securityinsights.AnomalySecurityMLAnalyticsSettings;
    import com.pulumi.azurenative.securityinsights.AnomalySecurityMLAnalyticsSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var anomalySecurityMLAnalyticsSettings = new AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", AnomalySecurityMLAnalyticsSettingsArgs.builder()        
                .anomalySettingsVersion(0)
                .anomalyVersion("1.0.5")
                .customizableObservations(Map.ofEntries(
                    Map.entry("multiSelectObservations", null),
                    Map.entry("prioritizeExcludeObservations", null),
                    Map.entry("singleSelectObservations", Map.ofEntries(
                        Map.entry("description", "Select device vendor of network connection logs from CommonSecurityLog"),
                        Map.entry("name", "Device vendor"),
                        Map.entry("rerun", "RerunAlways"),
                        Map.entry("sequenceNumber", 1),
                        Map.entry("supportedValues",                     
                            "Palo Alto Networks",
                            "Fortinet",
                            "Check Point"),
                        Map.entry("supportedValuesKql", null),
                        Map.entry("value", "Palo Alto Networks"),
                        Map.entry("valuesKql", null)
                    )),
                    Map.entry("singleValueObservations", null),
                    Map.entry("thresholdObservations",                 
                        Map.ofEntries(
                            Map.entry("description", "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value"),
                            Map.entry("maximum", "100"),
                            Map.entry("minimum", "1"),
                            Map.entry("name", "Daily data transfer threshold in MB"),
                            Map.entry("rerun", "RerunAlways"),
                            Map.entry("sequenceNumber", 1),
                            Map.entry("value", "25")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Triggers anomalies when number of standard deviations is greater than the chosen value"),
                            Map.entry("maximum", "10"),
                            Map.entry("minimum", "2"),
                            Map.entry("name", "Number of standard deviations"),
                            Map.entry("rerun", "RerunAlways"),
                            Map.entry("sequenceNumber", 2),
                            Map.entry("value", "3")
                        ))
                ))
                .description("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.")
                .displayName("Login from unusual region")
                .enabled(true)
                .frequency("PT1H")
                .isDefaultSettings(true)
                .kind("Anomaly")
                .requiredDataConnectors(Map.ofEntries(
                    Map.entry("connectorId", "AWS"),
                    Map.entry("dataTypes", "AWSCloudTrail")
                ))
                .resourceGroupName("myRg")
                .settingsDefinitionId("f209187f-1d17-4431-94af-c141bf5f23db")
                .settingsResourceName("f209187f-1d17-4431-94af-c141bf5f23db")
                .settingsStatus("Production")
                .tactics(            
                    "Exfiltration",
                    "CommandAndControl")
                .techniques(            
                    "T1037",
                    "T1021")
                .workspaceName("myWorkspace")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    anomaly_security_ml_analytics_settings = azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings",
        anomaly_settings_version=0,
        anomaly_version="1.0.5",
        customizable_observations={
            "multiSelectObservations": None,
            "prioritizeExcludeObservations": None,
            "singleSelectObservations": [{
                "description": "Select device vendor of network connection logs from CommonSecurityLog",
                "name": "Device vendor",
                "rerun": "RerunAlways",
                "sequenceNumber": 1,
                "supportedValues": [
                    "Palo Alto Networks",
                    "Fortinet",
                    "Check Point",
                ],
                "supportedValuesKql": None,
                "value": ["Palo Alto Networks"],
                "valuesKql": None,
            }],
            "singleValueObservations": None,
            "thresholdObservations": [
                {
                    "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
                    "maximum": "100",
                    "minimum": "1",
                    "name": "Daily data transfer threshold in MB",
                    "rerun": "RerunAlways",
                    "sequenceNumber": 1,
                    "value": "25",
                },
                {
                    "description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
                    "maximum": "10",
                    "minimum": "2",
                    "name": "Number of standard deviations",
                    "rerun": "RerunAlways",
                    "sequenceNumber": 2,
                    "value": "3",
                },
            ],
        },
        description="When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
        display_name="Login from unusual region",
        enabled=True,
        frequency="PT1H",
        is_default_settings=True,
        kind="Anomaly",
        required_data_connectors=[azure_native.securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs(
            connector_id="AWS",
            data_types=["AWSCloudTrail"],
        )],
        resource_group_name="myRg",
        settings_definition_id="f209187f-1d17-4431-94af-c141bf5f23db",
        settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db",
        settings_status="Production",
        tactics=[
            "Exfiltration",
            "CommandAndControl",
        ],
        techniques=[
            "T1037",
            "T1021",
        ],
        workspace_name="myWorkspace")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const anomalySecurityMLAnalyticsSettings = new azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", {
        anomalySettingsVersion: 0,
        anomalyVersion: "1.0.5",
        customizableObservations: {
            multiSelectObservations: undefined,
            prioritizeExcludeObservations: undefined,
            singleSelectObservations: [{
                description: "Select device vendor of network connection logs from CommonSecurityLog",
                name: "Device vendor",
                rerun: "RerunAlways",
                sequenceNumber: 1,
                supportedValues: [
                    "Palo Alto Networks",
                    "Fortinet",
                    "Check Point",
                ],
                supportedValuesKql: undefined,
                value: ["Palo Alto Networks"],
                valuesKql: undefined,
            }],
            singleValueObservations: undefined,
            thresholdObservations: [
                {
                    description: "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
                    maximum: "100",
                    minimum: "1",
                    name: "Daily data transfer threshold in MB",
                    rerun: "RerunAlways",
                    sequenceNumber: 1,
                    value: "25",
                },
                {
                    description: "Triggers anomalies when number of standard deviations is greater than the chosen value",
                    maximum: "10",
                    minimum: "2",
                    name: "Number of standard deviations",
                    rerun: "RerunAlways",
                    sequenceNumber: 2,
                    value: "3",
                },
            ],
        },
        description: "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
        displayName: "Login from unusual region",
        enabled: true,
        frequency: "PT1H",
        isDefaultSettings: true,
        kind: "Anomaly",
        requiredDataConnectors: [{
            connectorId: "AWS",
            dataTypes: ["AWSCloudTrail"],
        }],
        resourceGroupName: "myRg",
        settingsDefinitionId: "f209187f-1d17-4431-94af-c141bf5f23db",
        settingsResourceName: "f209187f-1d17-4431-94af-c141bf5f23db",
        settingsStatus: "Production",
        tactics: [
            "Exfiltration",
            "CommandAndControl",
        ],
        techniques: [
            "T1037",
            "T1021",
        ],
        workspaceName: "myWorkspace",
    });
    
    resources:
      anomalySecurityMLAnalyticsSettings:
        type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
        properties:
          anomalySettingsVersion: 0
          anomalyVersion: 1.0.5
          customizableObservations:
            multiSelectObservations: null
            prioritizeExcludeObservations: null
            singleSelectObservations:
              - description: Select device vendor of network connection logs from CommonSecurityLog
                name: Device vendor
                rerun: RerunAlways
                sequenceNumber: 1
                supportedValues:
                  - Palo Alto Networks
                  - Fortinet
                  - Check Point
                supportedValuesKql: null
                value:
                  - Palo Alto Networks
                valuesKql: null
            singleValueObservations: null
            thresholdObservations:
              - description: Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value
                maximum: '100'
                minimum: '1'
                name: Daily data transfer threshold in MB
                rerun: RerunAlways
                sequenceNumber: 1
                value: '25'
              - description: Triggers anomalies when number of standard deviations is greater than the chosen value
                maximum: '10'
                minimum: '2'
                name: Number of standard deviations
                rerun: RerunAlways
                sequenceNumber: 2
                value: '3'
          description: When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.
          displayName: Login from unusual region
          enabled: true
          frequency: PT1H
          isDefaultSettings: true
          kind: Anomaly
          requiredDataConnectors:
            - connectorId: AWS
              dataTypes:
                - AWSCloudTrail
          resourceGroupName: myRg
          settingsDefinitionId: f209187f-1d17-4431-94af-c141bf5f23db
          settingsResourceName: f209187f-1d17-4431-94af-c141bf5f23db
          settingsStatus: Production
          tactics:
            - Exfiltration
            - CommandAndControl
          techniques:
            - T1037
            - T1021
          workspaceName: myWorkspace
    

    Create AnomalySecurityMLAnalyticsSettings Resource

    new AnomalySecurityMLAnalyticsSettings(name: string, args: AnomalySecurityMLAnalyticsSettingsArgs, opts?: CustomResourceOptions);
    @overload
    def AnomalySecurityMLAnalyticsSettings(resource_name: str,
                                           opts: Optional[ResourceOptions] = None,
                                           anomaly_settings_version: Optional[int] = None,
                                           anomaly_version: Optional[str] = None,
                                           customizable_observations: Optional[Any] = None,
                                           description: Optional[str] = None,
                                           display_name: Optional[str] = None,
                                           enabled: Optional[bool] = None,
                                           frequency: Optional[str] = None,
                                           is_default_settings: Optional[bool] = None,
                                           required_data_connectors: Optional[Sequence[SecurityMLAnalyticsSettingsDataSourceArgs]] = None,
                                           resource_group_name: Optional[str] = None,
                                           settings_definition_id: Optional[str] = None,
                                           settings_resource_name: Optional[str] = None,
                                           settings_status: Optional[Union[str, SettingsStatus]] = None,
                                           tactics: Optional[Sequence[Union[str, AttackTactic]]] = None,
                                           techniques: Optional[Sequence[str]] = None,
                                           workspace_name: Optional[str] = None)
    @overload
    def AnomalySecurityMLAnalyticsSettings(resource_name: str,
                                           args: AnomalySecurityMLAnalyticsSettingsArgs,
                                           opts: Optional[ResourceOptions] = None)
    func NewAnomalySecurityMLAnalyticsSettings(ctx *Context, name string, args AnomalySecurityMLAnalyticsSettingsArgs, opts ...ResourceOption) (*AnomalySecurityMLAnalyticsSettings, error)
    public AnomalySecurityMLAnalyticsSettings(string name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions? opts = null)
    public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args)
    public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions options)
    
    type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AnomalySecurityMLAnalyticsSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AnomalySecurityMLAnalyticsSettingsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AnomalySecurityMLAnalyticsSettingsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AnomalySecurityMLAnalyticsSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AnomalySecurityMLAnalyticsSettingsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AnomalySecurityMLAnalyticsSettings Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AnomalySecurityMLAnalyticsSettings resource accepts the following input properties:

    AnomalyVersion string

    The anomaly version of the AnomalySecurityMLAnalyticsSettings.

    DisplayName string

    The display name for settings created by this SecurityMLAnalyticsSettings.

    Enabled bool

    Determines whether this settings is enabled or disabled.

    Frequency string

    The frequency that this SecurityMLAnalyticsSettings will be run.

    IsDefaultSettings bool

    Determines whether this anomaly security ml analytics settings is a default settings

    ResourceGroupName string

    The name of the resource group. The name is case insensitive.

    SettingsStatus string | Pulumi.AzureNative.SecurityInsights.SettingsStatus

    The anomaly SecurityMLAnalyticsSettings status

    WorkspaceName string

    The name of the workspace.

    AnomalySettingsVersion int

    The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

    CustomizableObservations object

    The customizable observations of the AnomalySecurityMLAnalyticsSettings.

    Description string

    The description of the SecurityMLAnalyticsSettings.

    RequiredDataConnectors List<Pulumi.AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSource>

    The required data sources for this SecurityMLAnalyticsSettings

    SettingsDefinitionId string

    The anomaly settings definition Id

    SettingsResourceName string

    Security ML Analytics Settings resource name

    Tactics List<Union<string, Pulumi.AzureNative.SecurityInsights.AttackTactic>>

    The tactics of the SecurityMLAnalyticsSettings

    Techniques List<string>

    The techniques of the SecurityMLAnalyticsSettings

    AnomalyVersion string

    The anomaly version of the AnomalySecurityMLAnalyticsSettings.

    DisplayName string

    The display name for settings created by this SecurityMLAnalyticsSettings.

    Enabled bool

    Determines whether this settings is enabled or disabled.

    Frequency string

    The frequency that this SecurityMLAnalyticsSettings will be run.

    IsDefaultSettings bool

    Determines whether this anomaly security ml analytics settings is a default settings

    ResourceGroupName string

    The name of the resource group. The name is case insensitive.

    SettingsStatus string | SettingsStatus

    The anomaly SecurityMLAnalyticsSettings status

    WorkspaceName string

    The name of the workspace.

    AnomalySettingsVersion int

    The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

    CustomizableObservations interface{}

    The customizable observations of the AnomalySecurityMLAnalyticsSettings.

    Description string

    The description of the SecurityMLAnalyticsSettings.

    RequiredDataConnectors []SecurityMLAnalyticsSettingsDataSourceArgs

    The required data sources for this SecurityMLAnalyticsSettings

    SettingsDefinitionId string

    The anomaly settings definition Id

    SettingsResourceName string

    Security ML Analytics Settings resource name

    Tactics []string

    The tactics of the SecurityMLAnalyticsSettings

    Techniques []string

    The techniques of the SecurityMLAnalyticsSettings

    anomalyVersion String

    The anomaly version of the AnomalySecurityMLAnalyticsSettings.

    displayName String

    The display name for settings created by this SecurityMLAnalyticsSettings.

    enabled Boolean

    Determines whether this settings is enabled or disabled.

    frequency String

    The frequency that this SecurityMLAnalyticsSettings will be run.

    isDefaultSettings Boolean

    Determines whether this anomaly security ml analytics settings is a default settings

    resourceGroupName String

    The name of the resource group. The name is case insensitive.

    settingsStatus String | SettingsStatus

    The anomaly SecurityMLAnalyticsSettings status

    workspaceName String

    The name of the workspace.

    anomalySettingsVersion Integer

    The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

    customizableObservations Object

    The customizable observations of the AnomalySecurityMLAnalyticsSettings.

    description String

    The description of the SecurityMLAnalyticsSettings.

    requiredDataConnectors List<SecurityMLAnalyticsSettingsDataSource>

    The required data sources for this SecurityMLAnalyticsSettings

    settingsDefinitionId String

    The anomaly settings definition Id

    settingsResourceName String

    Security ML Analytics Settings resource name

    tactics List<Either<String,AttackTactic>>

    The tactics of the SecurityMLAnalyticsSettings

    techniques List<String>

    The techniques of the SecurityMLAnalyticsSettings

    anomalyVersion string

    The anomaly version of the AnomalySecurityMLAnalyticsSettings.

    displayName string

    The display name for settings created by this SecurityMLAnalyticsSettings.

    enabled boolean

    Determines whether this settings is enabled or disabled.

    frequency string

    The frequency that this SecurityMLAnalyticsSettings will be run.

    isDefaultSettings boolean

    Determines whether this anomaly security ml analytics settings is a default settings

    resourceGroupName string

    The name of the resource group. The name is case insensitive.

    settingsStatus string | SettingsStatus

    The anomaly SecurityMLAnalyticsSettings status

    workspaceName string

    The name of the workspace.

    anomalySettingsVersion number

    The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

    customizableObservations any

    The customizable observations of the AnomalySecurityMLAnalyticsSettings.

    description string

    The description of the SecurityMLAnalyticsSettings.

    requiredDataConnectors SecurityMLAnalyticsSettingsDataSource[]

    The required data sources for this SecurityMLAnalyticsSettings

    settingsDefinitionId string

    The anomaly settings definition Id

    settingsResourceName string

    Security ML Analytics Settings resource name

    tactics (string | AttackTactic)[]

    The tactics of the SecurityMLAnalyticsSettings

    techniques string[]

    The techniques of the SecurityMLAnalyticsSettings

    anomaly_version str

    The anomaly version of the AnomalySecurityMLAnalyticsSettings.

    display_name str

    The display name for settings created by this SecurityMLAnalyticsSettings.

    enabled bool

    Determines whether this settings is enabled or disabled.

    frequency str

    The frequency that this SecurityMLAnalyticsSettings will be run.

    is_default_settings bool

    Determines whether this anomaly security ml analytics settings is a default settings

    resource_group_name str

    The name of the resource group. The name is case insensitive.

    settings_status str | SettingsStatus

    The anomaly SecurityMLAnalyticsSettings status

    workspace_name str

    The name of the workspace.

    anomaly_settings_version int

    The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

    customizable_observations Any

    The customizable observations of the AnomalySecurityMLAnalyticsSettings.

    description str

    The description of the SecurityMLAnalyticsSettings.

    required_data_connectors Sequence[SecurityMLAnalyticsSettingsDataSourceArgs]

    The required data sources for this SecurityMLAnalyticsSettings

    settings_definition_id str

    The anomaly settings definition Id

    settings_resource_name str

    Security ML Analytics Settings resource name

    tactics Sequence[Union[str, AttackTactic]]

    The tactics of the SecurityMLAnalyticsSettings

    techniques Sequence[str]

    The techniques of the SecurityMLAnalyticsSettings

    anomalyVersion String

    The anomaly version of the AnomalySecurityMLAnalyticsSettings.

    displayName String

    The display name for settings created by this SecurityMLAnalyticsSettings.

    enabled Boolean

    Determines whether this settings is enabled or disabled.

    frequency String

    The frequency that this SecurityMLAnalyticsSettings will be run.

    isDefaultSettings Boolean

    Determines whether this anomaly security ml analytics settings is a default settings

    resourceGroupName String

    The name of the resource group. The name is case insensitive.

    settingsStatus String | "Production" | "Flighting"

    The anomaly SecurityMLAnalyticsSettings status

    workspaceName String

    The name of the workspace.

    anomalySettingsVersion Number

    The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

    customizableObservations Any

    The customizable observations of the AnomalySecurityMLAnalyticsSettings.

    description String

    The description of the SecurityMLAnalyticsSettings.

    requiredDataConnectors List<Property Map>

    The required data sources for this SecurityMLAnalyticsSettings

    settingsDefinitionId String

    The anomaly settings definition Id

    settingsResourceName String

    Security ML Analytics Settings resource name

    tactics List<String | "Reconnaissance" | "ResourceDevelopment" | "InitialAccess" | "Execution" | "Persistence" | "PrivilegeEscalation" | "DefenseEvasion" | "CredentialAccess" | "Discovery" | "LateralMovement" | "Collection" | "Exfiltration" | "CommandAndControl" | "Impact" | "PreAttack" | "ImpairProcessControl" | "InhibitResponseFunction">

    The tactics of the SecurityMLAnalyticsSettings

    techniques List<String>

    The techniques of the SecurityMLAnalyticsSettings

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AnomalySecurityMLAnalyticsSettings resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    LastModifiedUtc string

    The last time that this SecurityMLAnalyticsSettings has been modified.

    Name string

    The name of the resource

    SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    Type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    Etag string

    Etag of the azure resource

    Id string

    The provider-assigned unique ID for this managed resource.

    LastModifiedUtc string

    The last time that this SecurityMLAnalyticsSettings has been modified.

    Name string

    The name of the resource

    SystemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    Type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    Etag string

    Etag of the azure resource

    id String

    The provider-assigned unique ID for this managed resource.

    lastModifiedUtc String

    The last time that this SecurityMLAnalyticsSettings has been modified.

    name String

    The name of the resource

    systemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    type String

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    etag String

    Etag of the azure resource

    id string

    The provider-assigned unique ID for this managed resource.

    lastModifiedUtc string

    The last time that this SecurityMLAnalyticsSettings has been modified.

    name string

    The name of the resource

    systemData SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    type string

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    etag string

    Etag of the azure resource

    id str

    The provider-assigned unique ID for this managed resource.

    last_modified_utc str

    The last time that this SecurityMLAnalyticsSettings has been modified.

    name str

    The name of the resource

    system_data SystemDataResponse

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    type str

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    etag str

    Etag of the azure resource

    id String

    The provider-assigned unique ID for this managed resource.

    lastModifiedUtc String

    The last time that this SecurityMLAnalyticsSettings has been modified.

    name String

    The name of the resource

    systemData Property Map

    Azure Resource Manager metadata containing createdBy and modifiedBy information.

    type String

    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

    etag String

    Etag of the azure resource

    Supporting Types

    AttackTactic, AttackTacticArgs

    Reconnaissance
    Reconnaissance
    ResourceDevelopment
    ResourceDevelopment
    InitialAccess
    InitialAccess
    Execution
    Execution
    Persistence
    Persistence
    PrivilegeEscalation
    PrivilegeEscalation
    DefenseEvasion
    DefenseEvasion
    CredentialAccess
    CredentialAccess
    Discovery
    Discovery
    LateralMovement
    LateralMovement
    Collection
    Collection
    Exfiltration
    Exfiltration
    CommandAndControl
    CommandAndControl
    Impact
    Impact
    PreAttack
    PreAttack
    ImpairProcessControl
    ImpairProcessControl
    InhibitResponseFunction
    InhibitResponseFunction
    AttackTacticReconnaissance
    Reconnaissance
    AttackTacticResourceDevelopment
    ResourceDevelopment
    AttackTacticInitialAccess
    InitialAccess
    AttackTacticExecution
    Execution
    AttackTacticPersistence
    Persistence
    AttackTacticPrivilegeEscalation
    PrivilegeEscalation
    AttackTacticDefenseEvasion
    DefenseEvasion
    AttackTacticCredentialAccess
    CredentialAccess
    AttackTacticDiscovery
    Discovery
    AttackTacticLateralMovement
    LateralMovement
    AttackTacticCollection
    Collection
    AttackTacticExfiltration
    Exfiltration
    AttackTacticCommandAndControl
    CommandAndControl
    AttackTacticImpact
    Impact
    AttackTacticPreAttack
    PreAttack
    AttackTacticImpairProcessControl
    ImpairProcessControl
    AttackTacticInhibitResponseFunction
    InhibitResponseFunction
    Reconnaissance
    Reconnaissance
    ResourceDevelopment
    ResourceDevelopment
    InitialAccess
    InitialAccess
    Execution
    Execution
    Persistence
    Persistence
    PrivilegeEscalation
    PrivilegeEscalation
    DefenseEvasion
    DefenseEvasion
    CredentialAccess
    CredentialAccess
    Discovery
    Discovery
    LateralMovement
    LateralMovement
    Collection
    Collection
    Exfiltration
    Exfiltration
    CommandAndControl
    CommandAndControl
    Impact
    Impact
    PreAttack
    PreAttack
    ImpairProcessControl
    ImpairProcessControl
    InhibitResponseFunction
    InhibitResponseFunction
    Reconnaissance
    Reconnaissance
    ResourceDevelopment
    ResourceDevelopment
    InitialAccess
    InitialAccess
    Execution
    Execution
    Persistence
    Persistence
    PrivilegeEscalation
    PrivilegeEscalation
    DefenseEvasion
    DefenseEvasion
    CredentialAccess
    CredentialAccess
    Discovery
    Discovery
    LateralMovement
    LateralMovement
    Collection
    Collection
    Exfiltration
    Exfiltration
    CommandAndControl
    CommandAndControl
    Impact
    Impact
    PreAttack
    PreAttack
    ImpairProcessControl
    ImpairProcessControl
    InhibitResponseFunction
    InhibitResponseFunction
    RECONNAISSANCE
    Reconnaissance
    RESOURCE_DEVELOPMENT
    ResourceDevelopment
    INITIAL_ACCESS
    InitialAccess
    EXECUTION
    Execution
    PERSISTENCE
    Persistence
    PRIVILEGE_ESCALATION
    PrivilegeEscalation
    DEFENSE_EVASION
    DefenseEvasion
    CREDENTIAL_ACCESS
    CredentialAccess
    DISCOVERY
    Discovery
    LATERAL_MOVEMENT
    LateralMovement
    COLLECTION
    Collection
    EXFILTRATION
    Exfiltration
    COMMAND_AND_CONTROL
    CommandAndControl
    IMPACT
    Impact
    PRE_ATTACK
    PreAttack
    IMPAIR_PROCESS_CONTROL
    ImpairProcessControl
    INHIBIT_RESPONSE_FUNCTION
    InhibitResponseFunction
    "Reconnaissance"
    Reconnaissance
    "ResourceDevelopment"
    ResourceDevelopment
    "InitialAccess"
    InitialAccess
    "Execution"
    Execution
    "Persistence"
    Persistence
    "PrivilegeEscalation"
    PrivilegeEscalation
    "DefenseEvasion"
    DefenseEvasion
    "CredentialAccess"
    CredentialAccess
    "Discovery"
    Discovery
    "LateralMovement"
    LateralMovement
    "Collection"
    Collection
    "Exfiltration"
    Exfiltration
    "CommandAndControl"
    CommandAndControl
    "Impact"
    Impact
    "PreAttack"
    PreAttack
    "ImpairProcessControl"
    ImpairProcessControl
    "InhibitResponseFunction"
    InhibitResponseFunction

    SecurityMLAnalyticsSettingsDataSource, SecurityMLAnalyticsSettingsDataSourceArgs

    ConnectorId string

    The connector id that provides the following data types

    DataTypes List<string>

    The data types used by the security ml analytics settings

    ConnectorId string

    The connector id that provides the following data types

    DataTypes []string

    The data types used by the security ml analytics settings

    connectorId String

    The connector id that provides the following data types

    dataTypes List<String>

    The data types used by the security ml analytics settings

    connectorId string

    The connector id that provides the following data types

    dataTypes string[]

    The data types used by the security ml analytics settings

    connector_id str

    The connector id that provides the following data types

    data_types Sequence[str]

    The data types used by the security ml analytics settings

    connectorId String

    The connector id that provides the following data types

    dataTypes List<String>

    The data types used by the security ml analytics settings

    SecurityMLAnalyticsSettingsDataSourceResponse, SecurityMLAnalyticsSettingsDataSourceResponseArgs

    ConnectorId string

    The connector id that provides the following data types

    DataTypes List<string>

    The data types used by the security ml analytics settings

    ConnectorId string

    The connector id that provides the following data types

    DataTypes []string

    The data types used by the security ml analytics settings

    connectorId String

    The connector id that provides the following data types

    dataTypes List<String>

    The data types used by the security ml analytics settings

    connectorId string

    The connector id that provides the following data types

    dataTypes string[]

    The data types used by the security ml analytics settings

    connector_id str

    The connector id that provides the following data types

    data_types Sequence[str]

    The data types used by the security ml analytics settings

    connectorId String

    The connector id that provides the following data types

    dataTypes List<String>

    The data types used by the security ml analytics settings

    SettingsStatus, SettingsStatusArgs

    Production
    Production

    Anomaly settings status in Production mode

    Flighting
    Flighting

    Anomaly settings status in Flighting mode

    SettingsStatusProduction
    Production

    Anomaly settings status in Production mode

    SettingsStatusFlighting
    Flighting

    Anomaly settings status in Flighting mode

    Production
    Production

    Anomaly settings status in Production mode

    Flighting
    Flighting

    Anomaly settings status in Flighting mode

    Production
    Production

    Anomaly settings status in Production mode

    Flighting
    Flighting

    Anomaly settings status in Flighting mode

    PRODUCTION
    Production

    Anomaly settings status in Production mode

    FLIGHTING
    Flighting

    Anomaly settings status in Flighting mode

    "Production"
    Production

    Anomaly settings status in Production mode

    "Flighting"
    Flighting

    Anomaly settings status in Flighting mode

    SystemDataResponse, SystemDataResponseArgs

    CreatedAt string

    The timestamp of resource creation (UTC).

    CreatedBy string

    The identity that created the resource.

    CreatedByType string

    The type of identity that created the resource.

    LastModifiedAt string

    The timestamp of resource last modification (UTC)

    LastModifiedBy string

    The identity that last modified the resource.

    LastModifiedByType string

    The type of identity that last modified the resource.

    CreatedAt string

    The timestamp of resource creation (UTC).

    CreatedBy string

    The identity that created the resource.

    CreatedByType string

    The type of identity that created the resource.

    LastModifiedAt string

    The timestamp of resource last modification (UTC)

    LastModifiedBy string

    The identity that last modified the resource.

    LastModifiedByType string

    The type of identity that last modified the resource.

    createdAt String

    The timestamp of resource creation (UTC).

    createdBy String

    The identity that created the resource.

    createdByType String

    The type of identity that created the resource.

    lastModifiedAt String

    The timestamp of resource last modification (UTC)

    lastModifiedBy String

    The identity that last modified the resource.

    lastModifiedByType String

    The type of identity that last modified the resource.

    createdAt string

    The timestamp of resource creation (UTC).

    createdBy string

    The identity that created the resource.

    createdByType string

    The type of identity that created the resource.

    lastModifiedAt string

    The timestamp of resource last modification (UTC)

    lastModifiedBy string

    The identity that last modified the resource.

    lastModifiedByType string

    The type of identity that last modified the resource.

    created_at str

    The timestamp of resource creation (UTC).

    created_by str

    The identity that created the resource.

    created_by_type str

    The type of identity that created the resource.

    last_modified_at str

    The timestamp of resource last modification (UTC)

    last_modified_by str

    The identity that last modified the resource.

    last_modified_by_type str

    The type of identity that last modified the resource.

    createdAt String

    The timestamp of resource creation (UTC).

    createdBy String

    The identity that created the resource.

    createdByType String

    The type of identity that created the resource.

    lastModifiedAt String

    The timestamp of resource last modification (UTC)

    lastModifiedBy String

    The identity that last modified the resource.

    lastModifiedByType String

    The type of identity that last modified the resource.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings f209187f-1d17-4431-94af-c141bf5f23db /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.8.0 published on Monday, Sep 18, 2023 by Pulumi