Azure Native

Pulumi Official
Package maintained by Pulumi
v1.66.0 published on Thursday, Jun 23, 2022 by Pulumi

AnomalySecurityMLAnalyticsSettings

Represents Anomaly Security ML Analytics Settings API Version: 2022-05-01-preview.

Example Usage

Creates or updates a Anomaly Security ML Analytics Settings.

using Pulumi;
using AzureNative = Pulumi.AzureNative;

class MyStack : Stack
{
    public MyStack()
    {
        var anomalySecurityMLAnalyticsSettings = new AzureNative.SecurityInsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", new AzureNative.SecurityInsights.AnomalySecurityMLAnalyticsSettingsArgs
        {
            AnomalySettingsVersion = 0,
            AnomalyVersion = "1.0.5",
            CustomizableObservations = 
            {
                { "multiSelectObservations", null },
                { "prioritizeExcludeObservations", null },
                { "singleSelectObservations", 
                {
                    
                    {
                        { "description", "Select device vendor of network connection logs from CommonSecurityLog" },
                        { "name", "Device vendor" },
                        { "rerun", "RerunAlways" },
                        { "sequenceNumber", 1 },
                        { "supportedValues", 
                        {
                            "Palo Alto Networks",
                            "Fortinet",
                            "Check Point",
                        } },
                        { "supportedValuesKql", null },
                        { "value", 
                        {
                            "Palo Alto Networks",
                        } },
                        { "valuesKql", null },
                    },
                } },
                { "singleValueObservations", null },
                { "thresholdObservations", 
                {
                    
                    {
                        { "description", "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value" },
                        { "maximum", "100" },
                        { "minimum", "1" },
                        { "name", "Daily data transfer threshold in MB" },
                        { "rerun", "RerunAlways" },
                        { "sequenceNumber", 1 },
                        { "value", "25" },
                    },
                    
                    {
                        { "description", "Triggers anomalies when number of standard deviations is greater than the chosen value" },
                        { "maximum", "10" },
                        { "minimum", "2" },
                        { "name", "Number of standard deviations" },
                        { "rerun", "RerunAlways" },
                        { "sequenceNumber", 2 },
                        { "value", "3" },
                    },
                } },
            },
            Description = "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
            DisplayName = "Login from unusual region",
            Enabled = true,
            Frequency = "PT1H",
            IsDefaultSettings = true,
            Kind = "Anomaly",
            RequiredDataConnectors = 
            {
                new AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSourceArgs
                {
                    ConnectorId = "AWS",
                    DataTypes = 
                    {
                        "AWSCloudTrail",
                    },
                },
            },
            ResourceGroupName = "myRg",
            SettingsDefinitionId = "f209187f-1d17-4431-94af-c141bf5f23db",
            SettingsResourceName = "f209187f-1d17-4431-94af-c141bf5f23db",
            SettingsStatus = "Production",
            Tactics = 
            {
                "Exfiltration",
                "CommandAndControl",
            },
            Techniques = 
            {
                "T1037",
                "T1021",
            },
            WorkspaceName = "myWorkspace",
        });
    }

}
package main

import (
	securityinsights "github.com/pulumi/pulumi-azure-native/sdk/go/azure/securityinsights"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAnomalySecurityMLAnalyticsSettings(ctx, "anomalySecurityMLAnalyticsSettings", &securityinsights.AnomalySecurityMLAnalyticsSettingsArgs{
			AnomalySettingsVersion: pulumi.Int(0),
			AnomalyVersion:         pulumi.String("1.0.5"),
			CustomizableObservations: pulumi.Any{
				MultiSelectObservations:       nil,
				PrioritizeExcludeObservations: nil,
				SingleSelectObservations: []map[string]interface{}{
					map[string]interface{}{
						"description":    "Select device vendor of network connection logs from CommonSecurityLog",
						"name":           "Device vendor",
						"rerun":          "RerunAlways",
						"sequenceNumber": 1,
						"supportedValues": []string{
							"Palo Alto Networks",
							"Fortinet",
							"Check Point",
						},
						"supportedValuesKql": nil,
						"value": []string{
							"Palo Alto Networks",
						},
						"valuesKql": nil,
					},
				},
				SingleValueObservations: nil,
				ThresholdObservations: []interface{}{
					map[string]interface{}{
						"description":    "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
						"maximum":        "100",
						"minimum":        "1",
						"name":           "Daily data transfer threshold in MB",
						"rerun":          "RerunAlways",
						"sequenceNumber": 1,
						"value":          "25",
					},
					map[string]interface{}{
						"description":    "Triggers anomalies when number of standard deviations is greater than the chosen value",
						"maximum":        "10",
						"minimum":        "2",
						"name":           "Number of standard deviations",
						"rerun":          "RerunAlways",
						"sequenceNumber": 2,
						"value":          "3",
					},
				},
			},
			Description:       pulumi.String("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
			DisplayName:       pulumi.String("Login from unusual region"),
			Enabled:           pulumi.Bool(true),
			Frequency:         pulumi.String("PT1H"),
			IsDefaultSettings: pulumi.Bool(true),
			Kind:              pulumi.String("Anomaly"),
			RequiredDataConnectors: []securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs{
				&securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs{
					ConnectorId: pulumi.String("AWS"),
					DataTypes: pulumi.StringArray{
						pulumi.String("AWSCloudTrail"),
					},
				},
			},
			ResourceGroupName:    pulumi.String("myRg"),
			SettingsDefinitionId: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
			SettingsResourceName: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
			SettingsStatus:       pulumi.String("Production"),
			Tactics: pulumi.StringArray{
				pulumi.String("Exfiltration"),
				pulumi.String("CommandAndControl"),
			},
			Techniques: pulumi.StringArray{
				pulumi.String("T1037"),
				pulumi.String("T1021"),
			},
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var anomalySecurityMLAnalyticsSettings = new AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", AnomalySecurityMLAnalyticsSettingsArgs.builder()        
            .anomalySettingsVersion(0)
            .anomalyVersion("1.0.5")
            .customizableObservations(Map.ofEntries(
                Map.entry("multiSelectObservations", null),
                Map.entry("prioritizeExcludeObservations", null),
                Map.entry("singleSelectObservations", Map.ofEntries(
                    Map.entry("description", "Select device vendor of network connection logs from CommonSecurityLog"),
                    Map.entry("name", "Device vendor"),
                    Map.entry("rerun", "RerunAlways"),
                    Map.entry("sequenceNumber", 1),
                    Map.entry("supportedValues",                     
                        "Palo Alto Networks",
                        "Fortinet",
                        "Check Point"),
                    Map.entry("supportedValuesKql", null),
                    Map.entry("value", "Palo Alto Networks"),
                    Map.entry("valuesKql", null)
                )),
                Map.entry("singleValueObservations", null),
                Map.entry("thresholdObservations",                 
                    Map.ofEntries(
                        Map.entry("description", "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value"),
                        Map.entry("maximum", "100"),
                        Map.entry("minimum", "1"),
                        Map.entry("name", "Daily data transfer threshold in MB"),
                        Map.entry("rerun", "RerunAlways"),
                        Map.entry("sequenceNumber", 1),
                        Map.entry("value", "25")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "Triggers anomalies when number of standard deviations is greater than the chosen value"),
                        Map.entry("maximum", "10"),
                        Map.entry("minimum", "2"),
                        Map.entry("name", "Number of standard deviations"),
                        Map.entry("rerun", "RerunAlways"),
                        Map.entry("sequenceNumber", 2),
                        Map.entry("value", "3")
                    ))
            ))
            .description("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.")
            .displayName("Login from unusual region")
            .enabled(true)
            .frequency("PT1H")
            .isDefaultSettings(true)
            .kind("Anomaly")
            .requiredDataConnectors(Map.ofEntries(
                Map.entry("connectorId", "AWS"),
                Map.entry("dataTypes", "AWSCloudTrail")
            ))
            .resourceGroupName("myRg")
            .settingsDefinitionId("f209187f-1d17-4431-94af-c141bf5f23db")
            .settingsResourceName("f209187f-1d17-4431-94af-c141bf5f23db")
            .settingsStatus("Production")
            .tactics(            
                "Exfiltration",
                "CommandAndControl")
            .techniques(            
                "T1037",
                "T1021")
            .workspaceName("myWorkspace")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

anomaly_security_ml_analytics_settings = azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings",
    anomaly_settings_version=0,
    anomaly_version="1.0.5",
    customizable_observations={
        "multiSelectObservations": None,
        "prioritizeExcludeObservations": None,
        "singleSelectObservations": [{
            "description": "Select device vendor of network connection logs from CommonSecurityLog",
            "name": "Device vendor",
            "rerun": "RerunAlways",
            "sequenceNumber": 1,
            "supportedValues": [
                "Palo Alto Networks",
                "Fortinet",
                "Check Point",
            ],
            "supportedValuesKql": None,
            "value": ["Palo Alto Networks"],
            "valuesKql": None,
        }],
        "singleValueObservations": None,
        "thresholdObservations": [
            {
                "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
                "maximum": "100",
                "minimum": "1",
                "name": "Daily data transfer threshold in MB",
                "rerun": "RerunAlways",
                "sequenceNumber": 1,
                "value": "25",
            },
            {
                "description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
                "maximum": "10",
                "minimum": "2",
                "name": "Number of standard deviations",
                "rerun": "RerunAlways",
                "sequenceNumber": 2,
                "value": "3",
            },
        ],
    },
    description="When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
    display_name="Login from unusual region",
    enabled=True,
    frequency="PT1H",
    is_default_settings=True,
    kind="Anomaly",
    required_data_connectors=[azure_native.securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs(
        connector_id="AWS",
        data_types=["AWSCloudTrail"],
    )],
    resource_group_name="myRg",
    settings_definition_id="f209187f-1d17-4431-94af-c141bf5f23db",
    settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db",
    settings_status="Production",
    tactics=[
        "Exfiltration",
        "CommandAndControl",
    ],
    techniques=[
        "T1037",
        "T1021",
    ],
    workspace_name="myWorkspace")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const anomalySecurityMLAnalyticsSettings = new azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", {
    anomalySettingsVersion: 0,
    anomalyVersion: "1.0.5",
    customizableObservations: {
        multiSelectObservations: undefined,
        prioritizeExcludeObservations: undefined,
        singleSelectObservations: [{
            description: "Select device vendor of network connection logs from CommonSecurityLog",
            name: "Device vendor",
            rerun: "RerunAlways",
            sequenceNumber: 1,
            supportedValues: [
                "Palo Alto Networks",
                "Fortinet",
                "Check Point",
            ],
            supportedValuesKql: undefined,
            value: ["Palo Alto Networks"],
            valuesKql: undefined,
        }],
        singleValueObservations: undefined,
        thresholdObservations: [
            {
                description: "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
                maximum: "100",
                minimum: "1",
                name: "Daily data transfer threshold in MB",
                rerun: "RerunAlways",
                sequenceNumber: 1,
                value: "25",
            },
            {
                description: "Triggers anomalies when number of standard deviations is greater than the chosen value",
                maximum: "10",
                minimum: "2",
                name: "Number of standard deviations",
                rerun: "RerunAlways",
                sequenceNumber: 2,
                value: "3",
            },
        ],
    },
    description: "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
    displayName: "Login from unusual region",
    enabled: true,
    frequency: "PT1H",
    isDefaultSettings: true,
    kind: "Anomaly",
    requiredDataConnectors: [{
        connectorId: "AWS",
        dataTypes: ["AWSCloudTrail"],
    }],
    resourceGroupName: "myRg",
    settingsDefinitionId: "f209187f-1d17-4431-94af-c141bf5f23db",
    settingsResourceName: "f209187f-1d17-4431-94af-c141bf5f23db",
    settingsStatus: "Production",
    tactics: [
        "Exfiltration",
        "CommandAndControl",
    ],
    techniques: [
        "T1037",
        "T1021",
    ],
    workspaceName: "myWorkspace",
});
resources:
  anomalySecurityMLAnalyticsSettings:
    type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
    properties:
      anomalySettingsVersion: 0
      anomalyVersion: 1.0.5
      customizableObservations:
        multiSelectObservations: null
        prioritizeExcludeObservations: null
        singleSelectObservations:
          - description: Select device vendor of network connection logs from CommonSecurityLog
            name: Device vendor
            rerun: RerunAlways
            sequenceNumber: 1
            supportedValues:
              - Palo Alto Networks
              - Fortinet
              - Check Point
            supportedValuesKql: null
            value:
              - Palo Alto Networks
            valuesKql: null
        singleValueObservations: null
        thresholdObservations:
          - description: Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value
            maximum: 100
            minimum: 1
            name: Daily data transfer threshold in MB
            rerun: RerunAlways
            sequenceNumber: 1
            value: 25
          - description: Triggers anomalies when number of standard deviations is greater than the chosen value
            maximum: 10
            minimum: 2
            name: Number of standard deviations
            rerun: RerunAlways
            sequenceNumber: 2
            value: 3
      description: When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.
      displayName: Login from unusual region
      enabled: true
      frequency: PT1H
      isDefaultSettings: true
      kind: Anomaly
      requiredDataConnectors:
        - connectorId: AWS
          dataTypes:
            - AWSCloudTrail
      resourceGroupName: myRg
      settingsDefinitionId: f209187f-1d17-4431-94af-c141bf5f23db
      settingsResourceName: f209187f-1d17-4431-94af-c141bf5f23db
      settingsStatus: Production
      tactics:
        - Exfiltration
        - CommandAndControl
      techniques:
        - T1037
        - T1021
      workspaceName: myWorkspace

Create a AnomalySecurityMLAnalyticsSettings Resource

new AnomalySecurityMLAnalyticsSettings(name: string, args: AnomalySecurityMLAnalyticsSettingsArgs, opts?: CustomResourceOptions);
@overload
def AnomalySecurityMLAnalyticsSettings(resource_name: str,
                                       opts: Optional[ResourceOptions] = None,
                                       anomaly_settings_version: Optional[int] = None,
                                       anomaly_version: Optional[str] = None,
                                       customizable_observations: Optional[Any] = None,
                                       description: Optional[str] = None,
                                       display_name: Optional[str] = None,
                                       enabled: Optional[bool] = None,
                                       frequency: Optional[str] = None,
                                       is_default_settings: Optional[bool] = None,
                                       required_data_connectors: Optional[Sequence[SecurityMLAnalyticsSettingsDataSourceArgs]] = None,
                                       resource_group_name: Optional[str] = None,
                                       settings_definition_id: Optional[str] = None,
                                       settings_resource_name: Optional[str] = None,
                                       settings_status: Optional[Union[str, SettingsStatus]] = None,
                                       tactics: Optional[Sequence[Union[str, AttackTactic]]] = None,
                                       techniques: Optional[Sequence[str]] = None,
                                       workspace_name: Optional[str] = None)
@overload
def AnomalySecurityMLAnalyticsSettings(resource_name: str,
                                       args: AnomalySecurityMLAnalyticsSettingsArgs,
                                       opts: Optional[ResourceOptions] = None)
func NewAnomalySecurityMLAnalyticsSettings(ctx *Context, name string, args AnomalySecurityMLAnalyticsSettingsArgs, opts ...ResourceOption) (*AnomalySecurityMLAnalyticsSettings, error)
public AnomalySecurityMLAnalyticsSettings(string name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions? opts = null)
public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args)
public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AnomalySecurityMLAnalyticsSettings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AnomalySecurityMLAnalyticsSettings resource accepts the following input properties:

AnomalyVersion string

The anomaly version of the AnomalySecurityMLAnalyticsSettings.

DisplayName string

The display name for settings created by this SecurityMLAnalyticsSettings.

Enabled bool

Determines whether this settings is enabled or disabled.

Frequency string

The frequency that this SecurityMLAnalyticsSettings will be run.

IsDefaultSettings bool

Determines whether this anomaly security ml analytics settings is a default settings

ResourceGroupName string

The name of the resource group. The name is case insensitive.

SettingsStatus string | Pulumi.AzureNative.SecurityInsights.SettingsStatus

The anomaly SecurityMLAnalyticsSettings status

WorkspaceName string

The name of the workspace.

AnomalySettingsVersion int

The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

CustomizableObservations object

The customizable observations of the AnomalySecurityMLAnalyticsSettings.

Description string

The description of the SecurityMLAnalyticsSettings.

RequiredDataConnectors List<Pulumi.AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSourceArgs>

The required data sources for this SecurityMLAnalyticsSettings

SettingsDefinitionId string

The anomaly settings definition Id

SettingsResourceName string

Security ML Analytics Settings resource name

Tactics List<Union<string, Pulumi.AzureNative.SecurityInsights.AttackTactic>>

The tactics of the SecurityMLAnalyticsSettings

Techniques List<string>

The techniques of the SecurityMLAnalyticsSettings

AnomalyVersion string

The anomaly version of the AnomalySecurityMLAnalyticsSettings.

DisplayName string

The display name for settings created by this SecurityMLAnalyticsSettings.

Enabled bool

Determines whether this settings is enabled or disabled.

Frequency string

The frequency that this SecurityMLAnalyticsSettings will be run.

IsDefaultSettings bool

Determines whether this anomaly security ml analytics settings is a default settings

ResourceGroupName string

The name of the resource group. The name is case insensitive.

SettingsStatus string | SettingsStatus

The anomaly SecurityMLAnalyticsSettings status

WorkspaceName string

The name of the workspace.

AnomalySettingsVersion int

The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

CustomizableObservations interface{}

The customizable observations of the AnomalySecurityMLAnalyticsSettings.

Description string

The description of the SecurityMLAnalyticsSettings.

RequiredDataConnectors []SecurityMLAnalyticsSettingsDataSourceArgs

The required data sources for this SecurityMLAnalyticsSettings

SettingsDefinitionId string

The anomaly settings definition Id

SettingsResourceName string

Security ML Analytics Settings resource name

Tactics []string

The tactics of the SecurityMLAnalyticsSettings

Techniques []string

The techniques of the SecurityMLAnalyticsSettings

anomalyVersion String

The anomaly version of the AnomalySecurityMLAnalyticsSettings.

displayName String

The display name for settings created by this SecurityMLAnalyticsSettings.

enabled Boolean

Determines whether this settings is enabled or disabled.

frequency String

The frequency that this SecurityMLAnalyticsSettings will be run.

isDefaultSettings Boolean

Determines whether this anomaly security ml analytics settings is a default settings

resourceGroupName String

The name of the resource group. The name is case insensitive.

settingsStatus String | SettingsStatus

The anomaly SecurityMLAnalyticsSettings status

workspaceName String

The name of the workspace.

anomalySettingsVersion Integer

The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

customizableObservations Object

The customizable observations of the AnomalySecurityMLAnalyticsSettings.

description String

The description of the SecurityMLAnalyticsSettings.

requiredDataConnectors List<SecurityMLAnalyticsSettingsDataSourceArgs>

The required data sources for this SecurityMLAnalyticsSettings

settingsDefinitionId String

The anomaly settings definition Id

settingsResourceName String

Security ML Analytics Settings resource name

tactics List<Either<String,AttackTactic>>

The tactics of the SecurityMLAnalyticsSettings

techniques List<String>

The techniques of the SecurityMLAnalyticsSettings

anomalyVersion string

The anomaly version of the AnomalySecurityMLAnalyticsSettings.

displayName string

The display name for settings created by this SecurityMLAnalyticsSettings.

enabled boolean

Determines whether this settings is enabled or disabled.

frequency string

The frequency that this SecurityMLAnalyticsSettings will be run.

isDefaultSettings boolean

Determines whether this anomaly security ml analytics settings is a default settings

resourceGroupName string

The name of the resource group. The name is case insensitive.

settingsStatus string | SettingsStatus

The anomaly SecurityMLAnalyticsSettings status

workspaceName string

The name of the workspace.

anomalySettingsVersion number

The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

customizableObservations any

The customizable observations of the AnomalySecurityMLAnalyticsSettings.

description string

The description of the SecurityMLAnalyticsSettings.

requiredDataConnectors SecurityMLAnalyticsSettingsDataSourceArgs[]

The required data sources for this SecurityMLAnalyticsSettings

settingsDefinitionId string

The anomaly settings definition Id

settingsResourceName string

Security ML Analytics Settings resource name

tactics (string | AttackTactic)[]

The tactics of the SecurityMLAnalyticsSettings

techniques string[]

The techniques of the SecurityMLAnalyticsSettings

anomaly_version str

The anomaly version of the AnomalySecurityMLAnalyticsSettings.

display_name str

The display name for settings created by this SecurityMLAnalyticsSettings.

enabled bool

Determines whether this settings is enabled or disabled.

frequency str

The frequency that this SecurityMLAnalyticsSettings will be run.

is_default_settings bool

Determines whether this anomaly security ml analytics settings is a default settings

resource_group_name str

The name of the resource group. The name is case insensitive.

settings_status str | SettingsStatus

The anomaly SecurityMLAnalyticsSettings status

workspace_name str

The name of the workspace.

anomaly_settings_version int

The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

customizable_observations Any

The customizable observations of the AnomalySecurityMLAnalyticsSettings.

description str

The description of the SecurityMLAnalyticsSettings.

required_data_connectors Sequence[SecurityMLAnalyticsSettingsDataSourceArgs]

The required data sources for this SecurityMLAnalyticsSettings

settings_definition_id str

The anomaly settings definition Id

settings_resource_name str

Security ML Analytics Settings resource name

tactics Sequence[Union[str, AttackTactic]]

The tactics of the SecurityMLAnalyticsSettings

techniques Sequence[str]

The techniques of the SecurityMLAnalyticsSettings

anomalyVersion String

The anomaly version of the AnomalySecurityMLAnalyticsSettings.

displayName String

The display name for settings created by this SecurityMLAnalyticsSettings.

enabled Boolean

Determines whether this settings is enabled or disabled.

frequency String

The frequency that this SecurityMLAnalyticsSettings will be run.

isDefaultSettings Boolean

Determines whether this anomaly security ml analytics settings is a default settings

resourceGroupName String

The name of the resource group. The name is case insensitive.

settingsStatus String | "Production" | "Flighting"

The anomaly SecurityMLAnalyticsSettings status

workspaceName String

The name of the workspace.

anomalySettingsVersion Number

The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.

customizableObservations Any

The customizable observations of the AnomalySecurityMLAnalyticsSettings.

description String

The description of the SecurityMLAnalyticsSettings.

requiredDataConnectors List<Property Map>

The required data sources for this SecurityMLAnalyticsSettings

settingsDefinitionId String

The anomaly settings definition Id

settingsResourceName String

Security ML Analytics Settings resource name

tactics List<String | "Reconnaissance" | "ResourceDevelopment" | "InitialAccess" | "Execution" | "Persistence" | "PrivilegeEscalation" | "DefenseEvasion" | "CredentialAccess" | "Discovery" | "LateralMovement" | "Collection" | "Exfiltration" | "CommandAndControl" | "Impact" | "PreAttack" | "ImpairProcessControl" | "InhibitResponseFunction">

The tactics of the SecurityMLAnalyticsSettings

techniques List<String>

The techniques of the SecurityMLAnalyticsSettings

Outputs

All input properties are implicitly available as output properties. Additionally, the AnomalySecurityMLAnalyticsSettings resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

LastModifiedUtc string

The last time that this SecurityMLAnalyticsSettings has been modified.

Name string

The name of the resource

SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

Type string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

Etag string

Etag of the azure resource

Id string

The provider-assigned unique ID for this managed resource.

LastModifiedUtc string

The last time that this SecurityMLAnalyticsSettings has been modified.

Name string

The name of the resource

SystemData SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

Type string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

Etag string

Etag of the azure resource

id String

The provider-assigned unique ID for this managed resource.

lastModifiedUtc String

The last time that this SecurityMLAnalyticsSettings has been modified.

name String

The name of the resource

systemData SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type String

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

etag String

Etag of the azure resource

id string

The provider-assigned unique ID for this managed resource.

lastModifiedUtc string

The last time that this SecurityMLAnalyticsSettings has been modified.

name string

The name of the resource

systemData SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

etag string

Etag of the azure resource

id str

The provider-assigned unique ID for this managed resource.

last_modified_utc str

The last time that this SecurityMLAnalyticsSettings has been modified.

name str

The name of the resource

system_data SystemDataResponse

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type str

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

etag str

Etag of the azure resource

id String

The provider-assigned unique ID for this managed resource.

lastModifiedUtc String

The last time that this SecurityMLAnalyticsSettings has been modified.

name String

The name of the resource

systemData Property Map

Azure Resource Manager metadata containing createdBy and modifiedBy information.

type String

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

etag String

Etag of the azure resource

Supporting Types

AttackTactic

Reconnaissance
Reconnaissance
ResourceDevelopment
ResourceDevelopment
InitialAccess
InitialAccess
Execution
Execution
Persistence
Persistence
PrivilegeEscalation
PrivilegeEscalation
DefenseEvasion
DefenseEvasion
CredentialAccess
CredentialAccess
Discovery
Discovery
LateralMovement
LateralMovement
Collection
Collection
Exfiltration
Exfiltration
CommandAndControl
CommandAndControl
Impact
Impact
PreAttack
PreAttack
ImpairProcessControl
ImpairProcessControl
InhibitResponseFunction
InhibitResponseFunction
AttackTacticReconnaissance
Reconnaissance
AttackTacticResourceDevelopment
ResourceDevelopment
AttackTacticInitialAccess
InitialAccess
AttackTacticExecution
Execution
AttackTacticPersistence
Persistence
AttackTacticPrivilegeEscalation
PrivilegeEscalation
AttackTacticDefenseEvasion
DefenseEvasion
AttackTacticCredentialAccess
CredentialAccess
AttackTacticDiscovery
Discovery
AttackTacticLateralMovement
LateralMovement
AttackTacticCollection
Collection
AttackTacticExfiltration
Exfiltration
AttackTacticCommandAndControl
CommandAndControl
AttackTacticImpact
Impact
AttackTacticPreAttack
PreAttack
AttackTacticImpairProcessControl
ImpairProcessControl
AttackTacticInhibitResponseFunction
InhibitResponseFunction
Reconnaissance
Reconnaissance
ResourceDevelopment
ResourceDevelopment
InitialAccess
InitialAccess
Execution
Execution
Persistence
Persistence
PrivilegeEscalation
PrivilegeEscalation
DefenseEvasion
DefenseEvasion
CredentialAccess
CredentialAccess
Discovery
Discovery
LateralMovement
LateralMovement
Collection
Collection
Exfiltration
Exfiltration
CommandAndControl
CommandAndControl
Impact
Impact
PreAttack
PreAttack
ImpairProcessControl
ImpairProcessControl
InhibitResponseFunction
InhibitResponseFunction
Reconnaissance
Reconnaissance
ResourceDevelopment
ResourceDevelopment
InitialAccess
InitialAccess
Execution
Execution
Persistence
Persistence
PrivilegeEscalation
PrivilegeEscalation
DefenseEvasion
DefenseEvasion
CredentialAccess
CredentialAccess
Discovery
Discovery
LateralMovement
LateralMovement
Collection
Collection
Exfiltration
Exfiltration
CommandAndControl
CommandAndControl
Impact
Impact
PreAttack
PreAttack
ImpairProcessControl
ImpairProcessControl
InhibitResponseFunction
InhibitResponseFunction
RECONNAISSANCE
Reconnaissance
RESOURCE_DEVELOPMENT
ResourceDevelopment
INITIAL_ACCESS
InitialAccess
EXECUTION
Execution
PERSISTENCE
Persistence
PRIVILEGE_ESCALATION
PrivilegeEscalation
DEFENSE_EVASION
DefenseEvasion
CREDENTIAL_ACCESS
CredentialAccess
DISCOVERY
Discovery
LATERAL_MOVEMENT
LateralMovement
COLLECTION
Collection
EXFILTRATION
Exfiltration
COMMAND_AND_CONTROL
CommandAndControl
IMPACT
Impact
PRE_ATTACK
PreAttack
IMPAIR_PROCESS_CONTROL
ImpairProcessControl
INHIBIT_RESPONSE_FUNCTION
InhibitResponseFunction
"Reconnaissance"
Reconnaissance
"ResourceDevelopment"
ResourceDevelopment
"InitialAccess"
InitialAccess
"Execution"
Execution
"Persistence"
Persistence
"PrivilegeEscalation"
PrivilegeEscalation
"DefenseEvasion"
DefenseEvasion
"CredentialAccess"
CredentialAccess
"Discovery"
Discovery
"LateralMovement"
LateralMovement
"Collection"
Collection
"Exfiltration"
Exfiltration
"CommandAndControl"
CommandAndControl
"Impact"
Impact
"PreAttack"
PreAttack
"ImpairProcessControl"
ImpairProcessControl
"InhibitResponseFunction"
InhibitResponseFunction

SecurityMLAnalyticsSettingsDataSource

ConnectorId string

The connector id that provides the following data types

DataTypes List<string>

The data types used by the security ml analytics settings

ConnectorId string

The connector id that provides the following data types

DataTypes []string

The data types used by the security ml analytics settings

connectorId String

The connector id that provides the following data types

dataTypes List<String>

The data types used by the security ml analytics settings

connectorId string

The connector id that provides the following data types

dataTypes string[]

The data types used by the security ml analytics settings

connector_id str

The connector id that provides the following data types

data_types Sequence[str]

The data types used by the security ml analytics settings

connectorId String

The connector id that provides the following data types

dataTypes List<String>

The data types used by the security ml analytics settings

SecurityMLAnalyticsSettingsDataSourceResponse

ConnectorId string

The connector id that provides the following data types

DataTypes List<string>

The data types used by the security ml analytics settings

ConnectorId string

The connector id that provides the following data types

DataTypes []string

The data types used by the security ml analytics settings

connectorId String

The connector id that provides the following data types

dataTypes List<String>

The data types used by the security ml analytics settings

connectorId string

The connector id that provides the following data types

dataTypes string[]

The data types used by the security ml analytics settings

connector_id str

The connector id that provides the following data types

data_types Sequence[str]

The data types used by the security ml analytics settings

connectorId String

The connector id that provides the following data types

dataTypes List<String>

The data types used by the security ml analytics settings

SettingsStatus

Production
Production

Anomaly settings status in Production mode

Flighting
Flighting

Anomaly settings status in Flighting mode

SettingsStatusProduction
Production

Anomaly settings status in Production mode

SettingsStatusFlighting
Flighting

Anomaly settings status in Flighting mode

Production
Production

Anomaly settings status in Production mode

Flighting
Flighting

Anomaly settings status in Flighting mode

Production
Production

Anomaly settings status in Production mode

Flighting
Flighting

Anomaly settings status in Flighting mode

PRODUCTION
Production

Anomaly settings status in Production mode

FLIGHTING
Flighting

Anomaly settings status in Flighting mode

"Production"
Production

Anomaly settings status in Production mode

"Flighting"
Flighting

Anomaly settings status in Flighting mode

SystemDataResponse

CreatedAt string

The timestamp of resource creation (UTC).

CreatedBy string

The identity that created the resource.

CreatedByType string

The type of identity that created the resource.

LastModifiedAt string

The timestamp of resource last modification (UTC)

LastModifiedBy string

The identity that last modified the resource.

LastModifiedByType string

The type of identity that last modified the resource.

CreatedAt string

The timestamp of resource creation (UTC).

CreatedBy string

The identity that created the resource.

CreatedByType string

The type of identity that created the resource.

LastModifiedAt string

The timestamp of resource last modification (UTC)

LastModifiedBy string

The identity that last modified the resource.

LastModifiedByType string

The type of identity that last modified the resource.

createdAt String

The timestamp of resource creation (UTC).

createdBy String

The identity that created the resource.

createdByType String

The type of identity that created the resource.

lastModifiedAt String

The timestamp of resource last modification (UTC)

lastModifiedBy String

The identity that last modified the resource.

lastModifiedByType String

The type of identity that last modified the resource.

createdAt string

The timestamp of resource creation (UTC).

createdBy string

The identity that created the resource.

createdByType string

The type of identity that created the resource.

lastModifiedAt string

The timestamp of resource last modification (UTC)

lastModifiedBy string

The identity that last modified the resource.

lastModifiedByType string

The type of identity that last modified the resource.

created_at str

The timestamp of resource creation (UTC).

created_by str

The identity that created the resource.

created_by_type str

The type of identity that created the resource.

last_modified_at str

The timestamp of resource last modification (UTC)

last_modified_by str

The identity that last modified the resource.

last_modified_by_type str

The type of identity that last modified the resource.

createdAt String

The timestamp of resource creation (UTC).

createdBy String

The identity that created the resource.

createdByType String

The type of identity that created the resource.

lastModifiedAt String

The timestamp of resource last modification (UTC)

lastModifiedBy String

The identity that last modified the resource.

lastModifiedByType String

The type of identity that last modified the resource.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings f209187f-1d17-4431-94af-c141bf5f23db /subscriptions/d0cfe6b2-9ac0-4464-9919-dccaee2e48c0/resourceGroups/myRg/providers/Microsoft.OperationalIinsights/workspaces/myWorkspace/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/f209187f-1d17-4431-94af-c141bf5f23db 

Package Details

Repository
https://github.com/pulumi/pulumi-azure-native
License
Apache-2.0