We recommend using Azure Native.
azure.sentinel.AlertRuleAnomalyBuiltIn
Explore with Pulumi AI
Import
Built In Anomaly Alert Rules can be imported using the resource id
, e.g.
$ pulumi import azure:sentinel/alertRuleAnomalyBuiltIn:AlertRuleAnomalyBuiltIn example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
{
Location = "West Europe",
});
var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("exampleAnalyticsWorkspace", new()
{
Location = exampleResourceGroup.Location,
ResourceGroupName = exampleResourceGroup.Name,
Sku = "PerGB2018",
});
var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", new()
{
WorkspaceId = exampleAnalyticsWorkspace.Id,
CustomerManagedKeyEnabled = false,
});
var exampleAlertRuleAnomaly = Azure.Sentinel.GetAlertRuleAnomaly.Invoke(new()
{
LogAnalyticsWorkspaceId = exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
DisplayName = "Potential data staging",
});
var exampleAlertRuleAnomalyBuiltIn = new Azure.Sentinel.AlertRuleAnomalyBuiltIn("exampleAlertRuleAnomalyBuiltIn", new()
{
DisplayName = "Potential data staging",
LogAnalyticsWorkspaceId = exampleAnalyticsWorkspace.Id,
Mode = "Production",
Enabled = false,
});
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
Location: exampleResourceGroup.Location,
ResourceGroupName: exampleResourceGroup.Name,
Sku: pulumi.String("PerGB2018"),
})
if err != nil {
return err
}
exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "exampleLogAnalyticsWorkspaceOnboarding", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
WorkspaceId: exampleAnalyticsWorkspace.ID(),
CustomerManagedKeyEnabled: pulumi.Bool(false),
})
if err != nil {
return err
}
_ = sentinel.GetAlertRuleAnomalyOutput(ctx, sentinel.GetAlertRuleAnomalyOutputArgs{
LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
DisplayName: pulumi.String("Potential data staging"),
}, nil)
_, err = sentinel.NewAlertRuleAnomalyBuiltIn(ctx, "exampleAlertRuleAnomalyBuiltIn", &sentinel.AlertRuleAnomalyBuiltInArgs{
DisplayName: pulumi.String("Potential data staging"),
LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.ID(),
Mode: pulumi.String("Production"),
Enabled: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
import com.pulumi.azure.sentinel.SentinelFunctions;
import com.pulumi.azure.sentinel.inputs.GetAlertRuleAnomalyArgs;
import com.pulumi.azure.sentinel.AlertRuleAnomalyBuiltIn;
import com.pulumi.azure.sentinel.AlertRuleAnomalyBuiltInArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
.location(exampleResourceGroup.location())
.resourceGroupName(exampleResourceGroup.name())
.sku("PerGB2018")
.build());
var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
.workspaceId(exampleAnalyticsWorkspace.id())
.customerManagedKeyEnabled(false)
.build());
final var exampleAlertRuleAnomaly = SentinelFunctions.getAlertRuleAnomaly(GetAlertRuleAnomalyArgs.builder()
.logAnalyticsWorkspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
.displayName("Potential data staging")
.build());
var exampleAlertRuleAnomalyBuiltIn = new AlertRuleAnomalyBuiltIn("exampleAlertRuleAnomalyBuiltIn", AlertRuleAnomalyBuiltInArgs.builder()
.displayName("Potential data staging")
.logAnalyticsWorkspaceId(exampleAnalyticsWorkspace.id())
.mode("Production")
.enabled(false)
.build());
}
}
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("exampleAnalyticsWorkspace",
location=example_resource_group.location,
resource_group_name=example_resource_group.name,
sku="PerGB2018")
example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding",
workspace_id=example_analytics_workspace.id,
customer_managed_key_enabled=False)
example_alert_rule_anomaly = azure.sentinel.get_alert_rule_anomaly_output(log_analytics_workspace_id=example_log_analytics_workspace_onboarding.workspace_id,
display_name="Potential data staging")
example_alert_rule_anomaly_built_in = azure.sentinel.AlertRuleAnomalyBuiltIn("exampleAlertRuleAnomalyBuiltIn",
display_name="Potential data staging",
log_analytics_workspace_id=example_analytics_workspace.id,
mode="Production",
enabled=False)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("exampleAnalyticsWorkspace", {
location: exampleResourceGroup.location,
resourceGroupName: exampleResourceGroup.name,
sku: "PerGB2018",
});
const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", {
workspaceId: exampleAnalyticsWorkspace.id,
customerManagedKeyEnabled: false,
});
const exampleAlertRuleAnomaly = azure.sentinel.getAlertRuleAnomalyOutput({
logAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId,
displayName: "Potential data staging",
});
const exampleAlertRuleAnomalyBuiltIn = new azure.sentinel.AlertRuleAnomalyBuiltIn("exampleAlertRuleAnomalyBuiltIn", {
displayName: "Potential data staging",
logAnalyticsWorkspaceId: exampleAnalyticsWorkspace.id,
mode: "Production",
enabled: false,
});
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
properties:
location: West Europe
exampleAnalyticsWorkspace:
type: azure:operationalinsights:AnalyticsWorkspace
properties:
location: ${exampleResourceGroup.location}
resourceGroupName: ${exampleResourceGroup.name}
sku: PerGB2018
exampleLogAnalyticsWorkspaceOnboarding:
type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
properties:
workspaceId: ${exampleAnalyticsWorkspace.id}
customerManagedKeyEnabled: false
exampleAlertRuleAnomalyBuiltIn:
type: azure:sentinel:AlertRuleAnomalyBuiltIn
properties:
displayName: Potential data staging
logAnalyticsWorkspaceId: ${exampleAnalyticsWorkspace.id}
mode: Production
enabled: false
variables:
exampleAlertRuleAnomaly:
fn::invoke:
Function: azure:sentinel:getAlertRuleAnomaly
Arguments:
logAnalyticsWorkspaceId: ${exampleLogAnalyticsWorkspaceOnboarding.workspaceId}
displayName: Potential data staging
Create AlertRuleAnomalyBuiltIn Resource
new AlertRuleAnomalyBuiltIn(name: string, args: AlertRuleAnomalyBuiltInArgs, opts?: CustomResourceOptions);
@overload
def AlertRuleAnomalyBuiltIn(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
enabled: Optional[bool] = None,
log_analytics_workspace_id: Optional[str] = None,
mode: Optional[str] = None,
name: Optional[str] = None)
@overload
def AlertRuleAnomalyBuiltIn(resource_name: str,
args: AlertRuleAnomalyBuiltInArgs,
opts: Optional[ResourceOptions] = None)
func NewAlertRuleAnomalyBuiltIn(ctx *Context, name string, args AlertRuleAnomalyBuiltInArgs, opts ...ResourceOption) (*AlertRuleAnomalyBuiltIn, error)
public AlertRuleAnomalyBuiltIn(string name, AlertRuleAnomalyBuiltInArgs args, CustomResourceOptions? opts = null)
public AlertRuleAnomalyBuiltIn(String name, AlertRuleAnomalyBuiltInArgs args)
public AlertRuleAnomalyBuiltIn(String name, AlertRuleAnomalyBuiltInArgs args, CustomResourceOptions options)
type: azure:sentinel:AlertRuleAnomalyBuiltIn
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AlertRuleAnomalyBuiltIn Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AlertRuleAnomalyBuiltIn resource accepts the following input properties:
- Enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- Display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- Display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled Boolean
Should the Built-in Anomaly Alert Rule be enabled?
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode String
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- display
Name String The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled boolean
Should the Built-in Anomaly Alert Rule be enabled?
- log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- log_
analytics_ strworkspace_ id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode str
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- display_
name str The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled Boolean
Should the Built-in Anomaly Alert Rule be enabled?
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode String
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- display
Name String The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertRuleAnomalyBuiltIn resource produces the following output properties:
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Id string
The provider-assigned unique ID for this managed resource.
- Multi
Select List<AlertObservations Rule Anomaly Built In Multi Select Observation> A list of
multi_select_observation
blocks as defined below.- Prioritized
Exclude List<AlertObservations Rule Anomaly Built In Prioritized Exclude Observation> A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data List<AlertConnectors Rule Anomaly Built In Required Data Connector> A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select List<AlertObservations Rule Anomaly Built In Single Select Observation> A list of
single_select_observation
blocks as defined below.- Tactics List<string>
A list of categories of attacks by which to classify the rule.
- Techniques List<string>
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations List<AlertRule Anomaly Built In Threshold Observation> A list of
threshold_observation
blocks as defined below.
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Id string
The provider-assigned unique ID for this managed resource.
- Multi
Select []AlertObservations Rule Anomaly Built In Multi Select Observation A list of
multi_select_observation
blocks as defined below.- Prioritized
Exclude []AlertObservations Rule Anomaly Built In Prioritized Exclude Observation A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data []AlertConnectors Rule Anomaly Built In Required Data Connector A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select []AlertObservations Rule Anomaly Built In Single Select Observation A list of
single_select_observation
blocks as defined below.- Tactics []string
A list of categories of attacks by which to classify the rule.
- Techniques []string
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations []AlertRule Anomaly Built In Threshold Observation A list of
threshold_observation
blocks as defined below.
- anomaly
Settings IntegerVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- frequency String
The frequency the Anomaly Alert Rule will be run.
- id String
The provider-assigned unique ID for this managed resource.
- multi
Select List<AlertObservations Rule Anomaly Built In Multi Select Observation> A list of
multi_select_observation
blocks as defined below.- prioritized
Exclude List<AlertObservations Rule Anomaly Built In Prioritized Exclude Observation> A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<AlertConnectors Rule Anomaly Built In Required Data Connector> A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<AlertObservations Rule Anomaly Built In Single Select Observation> A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<AlertRule Anomaly Built In Threshold Observation> A list of
threshold_observation
blocks as defined below.
- anomaly
Settings numberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- description string
The description of the threshold observation.
- frequency string
The frequency the Anomaly Alert Rule will be run.
- id string
The provider-assigned unique ID for this managed resource.
- multi
Select AlertObservations Rule Anomaly Built In Multi Select Observation[] A list of
multi_select_observation
blocks as defined below.- prioritized
Exclude AlertObservations Rule Anomaly Built In Prioritized Exclude Observation[] A list of
prioritized_exclude_observation
blocks as defined below.- required
Data AlertConnectors Rule Anomaly Built In Required Data Connector[] A
required_data_connector
block as defined below.- settings
Definition stringId The ID of the anomaly settings definition Id.
- single
Select AlertObservations Rule Anomaly Built In Single Select Observation[] A list of
single_select_observation
blocks as defined below.- tactics string[]
A list of categories of attacks by which to classify the rule.
- techniques string[]
A list of techniques of attacks by which to classify the rule.
- threshold
Observations AlertRule Anomaly Built In Threshold Observation[] A list of
threshold_observation
blocks as defined below.
- anomaly_
settings_ intversion The version of the Anomaly Security ML Analytics Settings.
- anomaly_
version str The anomaly version of the Anomaly Alert Rule.
- description str
The description of the threshold observation.
- frequency str
The frequency the Anomaly Alert Rule will be run.
- id str
The provider-assigned unique ID for this managed resource.
- multi_
select_ Sequence[Alertobservations Rule Anomaly Built In Multi Select Observation] A list of
multi_select_observation
blocks as defined below.- prioritized_
exclude_ Sequence[Alertobservations Rule Anomaly Built In Prioritized Exclude Observation] A list of
prioritized_exclude_observation
blocks as defined below.- required_
data_ Sequence[Alertconnectors Rule Anomaly Built In Required Data Connector] A
required_data_connector
block as defined below.- settings_
definition_ strid The ID of the anomaly settings definition Id.
- single_
select_ Sequence[Alertobservations Rule Anomaly Built In Single Select Observation] A list of
single_select_observation
blocks as defined below.- tactics Sequence[str]
A list of categories of attacks by which to classify the rule.
- techniques Sequence[str]
A list of techniques of attacks by which to classify the rule.
- threshold_
observations Sequence[AlertRule Anomaly Built In Threshold Observation] A list of
threshold_observation
blocks as defined below.
- anomaly
Settings NumberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- frequency String
The frequency the Anomaly Alert Rule will be run.
- id String
The provider-assigned unique ID for this managed resource.
- multi
Select List<Property Map>Observations A list of
multi_select_observation
blocks as defined below.- prioritized
Exclude List<Property Map>Observations A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<Property Map>Connectors A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<Property Map>Observations A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<Property Map> A list of
threshold_observation
blocks as defined below.
Look up Existing AlertRuleAnomalyBuiltIn Resource
Get an existing AlertRuleAnomalyBuiltIn resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AlertRuleAnomalyBuiltInState, opts?: CustomResourceOptions): AlertRuleAnomalyBuiltIn
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
anomaly_settings_version: Optional[int] = None,
anomaly_version: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
enabled: Optional[bool] = None,
frequency: Optional[str] = None,
log_analytics_workspace_id: Optional[str] = None,
mode: Optional[str] = None,
multi_select_observations: Optional[Sequence[AlertRuleAnomalyBuiltInMultiSelectObservationArgs]] = None,
name: Optional[str] = None,
prioritized_exclude_observations: Optional[Sequence[AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs]] = None,
required_data_connectors: Optional[Sequence[AlertRuleAnomalyBuiltInRequiredDataConnectorArgs]] = None,
settings_definition_id: Optional[str] = None,
single_select_observations: Optional[Sequence[AlertRuleAnomalyBuiltInSingleSelectObservationArgs]] = None,
tactics: Optional[Sequence[str]] = None,
techniques: Optional[Sequence[str]] = None,
threshold_observations: Optional[Sequence[AlertRuleAnomalyBuiltInThresholdObservationArgs]] = None) -> AlertRuleAnomalyBuiltIn
func GetAlertRuleAnomalyBuiltIn(ctx *Context, name string, id IDInput, state *AlertRuleAnomalyBuiltInState, opts ...ResourceOption) (*AlertRuleAnomalyBuiltIn, error)
public static AlertRuleAnomalyBuiltIn Get(string name, Input<string> id, AlertRuleAnomalyBuiltInState? state, CustomResourceOptions? opts = null)
public static AlertRuleAnomalyBuiltIn get(String name, Output<String> id, AlertRuleAnomalyBuiltInState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- Enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- Multi
Select List<AlertObservations Rule Anomaly Built In Multi Select Observation> A list of
multi_select_observation
blocks as defined below.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Prioritized
Exclude List<AlertObservations Rule Anomaly Built In Prioritized Exclude Observation> A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data List<AlertConnectors Rule Anomaly Built In Required Data Connector> A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select List<AlertObservations Rule Anomaly Built In Single Select Observation> A list of
single_select_observation
blocks as defined below.- Tactics List<string>
A list of categories of attacks by which to classify the rule.
- Techniques List<string>
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations List<AlertRule Anomaly Built In Threshold Observation> A list of
threshold_observation
blocks as defined below.
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- Enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- Multi
Select []AlertObservations Rule Anomaly Built In Multi Select Observation Args A list of
multi_select_observation
blocks as defined below.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Prioritized
Exclude []AlertObservations Rule Anomaly Built In Prioritized Exclude Observation Args A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data []AlertConnectors Rule Anomaly Built In Required Data Connector Args A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select []AlertObservations Rule Anomaly Built In Single Select Observation Args A list of
single_select_observation
blocks as defined below.- Tactics []string
A list of categories of attacks by which to classify the rule.
- Techniques []string
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations []AlertRule Anomaly Built In Threshold Observation Args A list of
threshold_observation
blocks as defined below.
- anomaly
Settings IntegerVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- display
Name String The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- enabled Boolean
Should the Built-in Anomaly Alert Rule be enabled?
- frequency String
The frequency the Anomaly Alert Rule will be run.
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode String
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- multi
Select List<AlertObservations Rule Anomaly Built In Multi Select Observation> A list of
multi_select_observation
blocks as defined below.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritized
Exclude List<AlertObservations Rule Anomaly Built In Prioritized Exclude Observation> A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<AlertConnectors Rule Anomaly Built In Required Data Connector> A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<AlertObservations Rule Anomaly Built In Single Select Observation> A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<AlertRule Anomaly Built In Threshold Observation> A list of
threshold_observation
blocks as defined below.
- anomaly
Settings numberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- description string
The description of the threshold observation.
- display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- enabled boolean
Should the Built-in Anomaly Alert Rule be enabled?
- frequency string
The frequency the Anomaly Alert Rule will be run.
- log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- multi
Select AlertObservations Rule Anomaly Built In Multi Select Observation[] A list of
multi_select_observation
blocks as defined below.- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritized
Exclude AlertObservations Rule Anomaly Built In Prioritized Exclude Observation[] A list of
prioritized_exclude_observation
blocks as defined below.- required
Data AlertConnectors Rule Anomaly Built In Required Data Connector[] A
required_data_connector
block as defined below.- settings
Definition stringId The ID of the anomaly settings definition Id.
- single
Select AlertObservations Rule Anomaly Built In Single Select Observation[] A list of
single_select_observation
blocks as defined below.- tactics string[]
A list of categories of attacks by which to classify the rule.
- techniques string[]
A list of techniques of attacks by which to classify the rule.
- threshold
Observations AlertRule Anomaly Built In Threshold Observation[] A list of
threshold_observation
blocks as defined below.
- anomaly_
settings_ intversion The version of the Anomaly Security ML Analytics Settings.
- anomaly_
version str The anomaly version of the Anomaly Alert Rule.
- description str
The description of the threshold observation.
- display_
name str The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- frequency str
The frequency the Anomaly Alert Rule will be run.
- log_
analytics_ strworkspace_ id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode str
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- multi_
select_ Sequence[Alertobservations Rule Anomaly Built In Multi Select Observation Args] A list of
multi_select_observation
blocks as defined below.- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritized_
exclude_ Sequence[Alertobservations Rule Anomaly Built In Prioritized Exclude Observation Args] A list of
prioritized_exclude_observation
blocks as defined below.- required_
data_ Sequence[Alertconnectors Rule Anomaly Built In Required Data Connector Args] A
required_data_connector
block as defined below.- settings_
definition_ strid The ID of the anomaly settings definition Id.
- single_
select_ Sequence[Alertobservations Rule Anomaly Built In Single Select Observation Args] A list of
single_select_observation
blocks as defined below.- tactics Sequence[str]
A list of categories of attacks by which to classify the rule.
- techniques Sequence[str]
A list of techniques of attacks by which to classify the rule.
- threshold_
observations Sequence[AlertRule Anomaly Built In Threshold Observation Args] A list of
threshold_observation
blocks as defined below.
- anomaly
Settings NumberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- display
Name String The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Note: One of
name
ordisplay_name
block must be specified.- enabled Boolean
Should the Built-in Anomaly Alert Rule be enabled?
- frequency String
The frequency the Anomaly Alert Rule will be run.
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode String
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- multi
Select List<Property Map>Observations A list of
multi_select_observation
blocks as defined below.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritized
Exclude List<Property Map>Observations A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<Property Map>Connectors A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<Property Map>Observations A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<Property Map> A list of
threshold_observation
blocks as defined below.
Supporting Types
AlertRuleAnomalyBuiltInMultiSelectObservation, AlertRuleAnomalyBuiltInMultiSelectObservationArgs
- Description string
The description of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Supported
Values List<string> A list of supported values of the single select observation.
- Values List<string>
A list of values of the single select observation.
- Description string
The description of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Supported
Values []string A list of supported values of the single select observation.
- Values []string
A list of values of the single select observation.
- description String
The description of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values List<String> A list of supported values of the single select observation.
- values List<String>
A list of values of the single select observation.
- description string
The description of the threshold observation.
- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values string[] A list of supported values of the single select observation.
- values string[]
A list of values of the single select observation.
- description str
The description of the threshold observation.
- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported_
values Sequence[str] A list of supported values of the single select observation.
- values Sequence[str]
A list of values of the single select observation.
- description String
The description of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values List<String> A list of supported values of the single select observation.
- values List<String>
A list of values of the single select observation.
AlertRuleAnomalyBuiltInPrioritizedExcludeObservation, AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs
- Description string
The description of the threshold observation.
- Exclude string
The excluded value per
description
.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Prioritize string
The prioritized value per
description
.
- Description string
The description of the threshold observation.
- Exclude string
The excluded value per
description
.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Prioritize string
The prioritized value per
description
.
- description String
The description of the threshold observation.
- exclude String
The excluded value per
description
.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritize String
The prioritized value per
description
.
- description string
The description of the threshold observation.
- exclude string
The excluded value per
description
.- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritize string
The prioritized value per
description
.
- description str
The description of the threshold observation.
- exclude str
The excluded value per
description
.- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritize str
The prioritized value per
description
.
- description String
The description of the threshold observation.
- exclude String
The excluded value per
description
.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritize String
The prioritized value per
description
.
AlertRuleAnomalyBuiltInRequiredDataConnector, AlertRuleAnomalyBuiltInRequiredDataConnectorArgs
- Connector
Id string The ID of the required Data Connector.
- Data
Types List<string> A list of data types of the required Data Connector.
- Connector
Id string The ID of the required Data Connector.
- Data
Types []string A list of data types of the required Data Connector.
- connector
Id String The ID of the required Data Connector.
- data
Types List<String> A list of data types of the required Data Connector.
- connector
Id string The ID of the required Data Connector.
- data
Types string[] A list of data types of the required Data Connector.
- connector_
id str The ID of the required Data Connector.
- data_
types Sequence[str] A list of data types of the required Data Connector.
- connector
Id String The ID of the required Data Connector.
- data
Types List<String> A list of data types of the required Data Connector.
AlertRuleAnomalyBuiltInSingleSelectObservation, AlertRuleAnomalyBuiltInSingleSelectObservationArgs
- Description string
The description of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Supported
Values List<string> A list of supported values of the single select observation.
- Value string
The value of the threshold observation.
- Description string
The description of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Supported
Values []string A list of supported values of the single select observation.
- Value string
The value of the threshold observation.
- description String
The description of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values List<String> A list of supported values of the single select observation.
- value String
The value of the threshold observation.
- description string
The description of the threshold observation.
- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values string[] A list of supported values of the single select observation.
- value string
The value of the threshold observation.
- description str
The description of the threshold observation.
- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported_
values Sequence[str] A list of supported values of the single select observation.
- value str
The value of the threshold observation.
- description String
The description of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values List<String> A list of supported values of the single select observation.
- value String
The value of the threshold observation.
AlertRuleAnomalyBuiltInThresholdObservation, AlertRuleAnomalyBuiltInThresholdObservationArgs
- Description string
The description of the threshold observation.
- Max string
The max value of the threshold observation.
- Min string
The min value of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Value string
The value of the threshold observation.
- Description string
The description of the threshold observation.
- Max string
The max value of the threshold observation.
- Min string
The min value of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Value string
The value of the threshold observation.
- description String
The description of the threshold observation.
- max String
The max value of the threshold observation.
- min String
The min value of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- value String
The value of the threshold observation.
- description string
The description of the threshold observation.
- max string
The max value of the threshold observation.
- min string
The min value of the threshold observation.
- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- value string
The value of the threshold observation.
- description str
The description of the threshold observation.
- max str
The max value of the threshold observation.
- min str
The min value of the threshold observation.
- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- value str
The value of the threshold observation.
- description String
The description of the threshold observation.
- max String
The max value of the threshold observation.
- min String
The min value of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- value String
The value of the threshold observation.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.