azure.sentinel.AlertRuleAnomalyBuiltIn
Import
Built In Anomaly Alert Rules can be imported using the resource id
, e.g.
$ pulumi import azure:sentinel/alertRuleAnomalyBuiltIn:AlertRuleAnomalyBuiltIn example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1
Create AlertRuleAnomalyBuiltIn Resource
new AlertRuleAnomalyBuiltIn(name: string, args: AlertRuleAnomalyBuiltInArgs, opts?: CustomResourceOptions);
@overload
def AlertRuleAnomalyBuiltIn(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
enabled: Optional[bool] = None,
log_analytics_workspace_id: Optional[str] = None,
mode: Optional[str] = None,
name: Optional[str] = None)
@overload
def AlertRuleAnomalyBuiltIn(resource_name: str,
args: AlertRuleAnomalyBuiltInArgs,
opts: Optional[ResourceOptions] = None)
func NewAlertRuleAnomalyBuiltIn(ctx *Context, name string, args AlertRuleAnomalyBuiltInArgs, opts ...ResourceOption) (*AlertRuleAnomalyBuiltIn, error)
public AlertRuleAnomalyBuiltIn(string name, AlertRuleAnomalyBuiltInArgs args, CustomResourceOptions? opts = null)
public AlertRuleAnomalyBuiltIn(String name, AlertRuleAnomalyBuiltInArgs args)
public AlertRuleAnomalyBuiltIn(String name, AlertRuleAnomalyBuiltInArgs args, CustomResourceOptions options)
type: azure:sentinel:AlertRuleAnomalyBuiltIn
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AlertRuleAnomalyBuiltInArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AlertRuleAnomalyBuiltIn Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AlertRuleAnomalyBuiltIn resource accepts the following input properties:
- Enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- Display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- Display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled Boolean
Should the Built-in Anomaly Alert Rule be enabled?
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode String
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- display
Name String The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled boolean
Should the Built-in Anomaly Alert Rule be enabled?
- log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- log_
analytics_ strworkspace_ id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode str
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- display_
name str The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled Boolean
Should the Built-in Anomaly Alert Rule be enabled?
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode String
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- display
Name String The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
Outputs
All input properties are implicitly available as output properties. Additionally, the AlertRuleAnomalyBuiltIn resource produces the following output properties:
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Id string
The provider-assigned unique ID for this managed resource.
- Multi
Select List<AlertObservations Rule Anomaly Built In Multi Select Observation> A list of
multi_select_observation
blocks as defined below.- Prioritized
Exclude List<AlertObservations Rule Anomaly Built In Prioritized Exclude Observation> A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data List<AlertConnectors Rule Anomaly Built In Required Data Connector> A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select List<AlertObservations Rule Anomaly Built In Single Select Observation> A list of
single_select_observation
blocks as defined below.- Tactics List<string>
A list of categories of attacks by which to classify the rule.
- Techniques List<string>
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations List<AlertRule Anomaly Built In Threshold Observation> A list of
threshold_observation
blocks as defined below.
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Id string
The provider-assigned unique ID for this managed resource.
- Multi
Select []AlertObservations Rule Anomaly Built In Multi Select Observation A list of
multi_select_observation
blocks as defined below.- Prioritized
Exclude []AlertObservations Rule Anomaly Built In Prioritized Exclude Observation A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data []AlertConnectors Rule Anomaly Built In Required Data Connector A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select []AlertObservations Rule Anomaly Built In Single Select Observation A list of
single_select_observation
blocks as defined below.- Tactics []string
A list of categories of attacks by which to classify the rule.
- Techniques []string
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations []AlertRule Anomaly Built In Threshold Observation A list of
threshold_observation
blocks as defined below.
- anomaly
Settings IntegerVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- frequency String
The frequency the Anomaly Alert Rule will be run.
- id String
The provider-assigned unique ID for this managed resource.
- multi
Select List<AlertObservations Rule Anomaly Built In Multi Select Observation> A list of
multi_select_observation
blocks as defined below.- prioritized
Exclude List<AlertObservations Rule Anomaly Built In Prioritized Exclude Observation> A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<AlertConnectors Rule Anomaly Built In Required Data Connector> A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<AlertObservations Rule Anomaly Built In Single Select Observation> A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<AlertRule Anomaly Built In Threshold Observation> A list of
threshold_observation
blocks as defined below.
- anomaly
Settings numberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- description string
The description of the threshold observation.
- frequency string
The frequency the Anomaly Alert Rule will be run.
- id string
The provider-assigned unique ID for this managed resource.
- multi
Select AlertObservations Rule Anomaly Built In Multi Select Observation[] A list of
multi_select_observation
blocks as defined below.- prioritized
Exclude AlertObservations Rule Anomaly Built In Prioritized Exclude Observation[] A list of
prioritized_exclude_observation
blocks as defined below.- required
Data AlertConnectors Rule Anomaly Built In Required Data Connector[] A
required_data_connector
block as defined below.- settings
Definition stringId The ID of the anomaly settings definition Id.
- single
Select AlertObservations Rule Anomaly Built In Single Select Observation[] A list of
single_select_observation
blocks as defined below.- tactics string[]
A list of categories of attacks by which to classify the rule.
- techniques string[]
A list of techniques of attacks by which to classify the rule.
- threshold
Observations AlertRule Anomaly Built In Threshold Observation[] A list of
threshold_observation
blocks as defined below.
- anomaly_
settings_ intversion The version of the Anomaly Security ML Analytics Settings.
- anomaly_
version str The anomaly version of the Anomaly Alert Rule.
- description str
The description of the threshold observation.
- frequency str
The frequency the Anomaly Alert Rule will be run.
- id str
The provider-assigned unique ID for this managed resource.
- multi_
select_ Sequence[Alertobservations Rule Anomaly Built In Multi Select Observation] A list of
multi_select_observation
blocks as defined below.- prioritized_
exclude_ Sequence[Alertobservations Rule Anomaly Built In Prioritized Exclude Observation] A list of
prioritized_exclude_observation
blocks as defined below.- required_
data_ Sequence[Alertconnectors Rule Anomaly Built In Required Data Connector] A
required_data_connector
block as defined below.- settings_
definition_ strid The ID of the anomaly settings definition Id.
- single_
select_ Sequence[Alertobservations Rule Anomaly Built In Single Select Observation] A list of
single_select_observation
blocks as defined below.- tactics Sequence[str]
A list of categories of attacks by which to classify the rule.
- techniques Sequence[str]
A list of techniques of attacks by which to classify the rule.
- threshold_
observations Sequence[AlertRule Anomaly Built In Threshold Observation] A list of
threshold_observation
blocks as defined below.
- anomaly
Settings NumberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- frequency String
The frequency the Anomaly Alert Rule will be run.
- id String
The provider-assigned unique ID for this managed resource.
- multi
Select List<Property Map>Observations A list of
multi_select_observation
blocks as defined below.- prioritized
Exclude List<Property Map>Observations A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<Property Map>Connectors A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<Property Map>Observations A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<Property Map> A list of
threshold_observation
blocks as defined below.
Look up Existing AlertRuleAnomalyBuiltIn Resource
Get an existing AlertRuleAnomalyBuiltIn resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AlertRuleAnomalyBuiltInState, opts?: CustomResourceOptions): AlertRuleAnomalyBuiltIn
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
anomaly_settings_version: Optional[int] = None,
anomaly_version: Optional[str] = None,
description: Optional[str] = None,
display_name: Optional[str] = None,
enabled: Optional[bool] = None,
frequency: Optional[str] = None,
log_analytics_workspace_id: Optional[str] = None,
mode: Optional[str] = None,
multi_select_observations: Optional[Sequence[AlertRuleAnomalyBuiltInMultiSelectObservationArgs]] = None,
name: Optional[str] = None,
prioritized_exclude_observations: Optional[Sequence[AlertRuleAnomalyBuiltInPrioritizedExcludeObservationArgs]] = None,
required_data_connectors: Optional[Sequence[AlertRuleAnomalyBuiltInRequiredDataConnectorArgs]] = None,
settings_definition_id: Optional[str] = None,
single_select_observations: Optional[Sequence[AlertRuleAnomalyBuiltInSingleSelectObservationArgs]] = None,
tactics: Optional[Sequence[str]] = None,
techniques: Optional[Sequence[str]] = None,
threshold_observations: Optional[Sequence[AlertRuleAnomalyBuiltInThresholdObservationArgs]] = None) -> AlertRuleAnomalyBuiltIn
func GetAlertRuleAnomalyBuiltIn(ctx *Context, name string, id IDInput, state *AlertRuleAnomalyBuiltInState, opts ...ResourceOption) (*AlertRuleAnomalyBuiltIn, error)
public static AlertRuleAnomalyBuiltIn Get(string name, Input<string> id, AlertRuleAnomalyBuiltInState? state, CustomResourceOptions? opts = null)
public static AlertRuleAnomalyBuiltIn get(String name, Output<String> id, AlertRuleAnomalyBuiltInState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- Multi
Select List<AlertObservations Rule Anomaly Built In Multi Select Observation Args> A list of
multi_select_observation
blocks as defined below.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Prioritized
Exclude List<AlertObservations Rule Anomaly Built In Prioritized Exclude Observation Args> A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data List<AlertConnectors Rule Anomaly Built In Required Data Connector Args> A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select List<AlertObservations Rule Anomaly Built In Single Select Observation Args> A list of
single_select_observation
blocks as defined below.- Tactics List<string>
A list of categories of attacks by which to classify the rule.
- Techniques List<string>
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations List<AlertRule Anomaly Built In Threshold Observation Args> A list of
threshold_observation
blocks as defined below.
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- Multi
Select []AlertObservations Rule Anomaly Built In Multi Select Observation Args A list of
multi_select_observation
blocks as defined below.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Prioritized
Exclude []AlertObservations Rule Anomaly Built In Prioritized Exclude Observation Args A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data []AlertConnectors Rule Anomaly Built In Required Data Connector Args A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select []AlertObservations Rule Anomaly Built In Single Select Observation Args A list of
single_select_observation
blocks as defined below.- Tactics []string
A list of categories of attacks by which to classify the rule.
- Techniques []string
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations []AlertRule Anomaly Built In Threshold Observation Args A list of
threshold_observation
blocks as defined below.
- anomaly
Settings IntegerVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- display
Name String The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled Boolean
Should the Built-in Anomaly Alert Rule be enabled?
- frequency String
The frequency the Anomaly Alert Rule will be run.
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode String
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- multi
Select List<AlertObservations Rule Anomaly Built In Multi Select Observation Args> A list of
multi_select_observation
blocks as defined below.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritized
Exclude List<AlertObservations Rule Anomaly Built In Prioritized Exclude Observation Args> A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<AlertConnectors Rule Anomaly Built In Required Data Connector Args> A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<AlertObservations Rule Anomaly Built In Single Select Observation Args> A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<AlertRule Anomaly Built In Threshold Observation Args> A list of
threshold_observation
blocks as defined below.
- anomaly
Settings numberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- description string
The description of the threshold observation.
- display
Name string The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled boolean
Should the Built-in Anomaly Alert Rule be enabled?
- frequency string
The frequency the Anomaly Alert Rule will be run.
- log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode string
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- multi
Select AlertObservations Rule Anomaly Built In Multi Select Observation Args[] A list of
multi_select_observation
blocks as defined below.- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritized
Exclude AlertObservations Rule Anomaly Built In Prioritized Exclude Observation Args[] A list of
prioritized_exclude_observation
blocks as defined below.- required
Data AlertConnectors Rule Anomaly Built In Required Data Connector Args[] A
required_data_connector
block as defined below.- settings
Definition stringId The ID of the anomaly settings definition Id.
- single
Select AlertObservations Rule Anomaly Built In Single Select Observation Args[] A list of
single_select_observation
blocks as defined below.- tactics string[]
A list of categories of attacks by which to classify the rule.
- techniques string[]
A list of techniques of attacks by which to classify the rule.
- threshold
Observations AlertRule Anomaly Built In Threshold Observation Args[] A list of
threshold_observation
blocks as defined below.
- anomaly_
settings_ intversion The version of the Anomaly Security ML Analytics Settings.
- anomaly_
version str The anomaly version of the Anomaly Alert Rule.
- description str
The description of the threshold observation.
- display_
name str The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled bool
Should the Built-in Anomaly Alert Rule be enabled?
- frequency str
The frequency the Anomaly Alert Rule will be run.
- log_
analytics_ strworkspace_ id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode str
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- multi_
select_ Sequence[Alertobservations Rule Anomaly Built In Multi Select Observation Args] A list of
multi_select_observation
blocks as defined below.- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritized_
exclude_ Sequence[Alertobservations Rule Anomaly Built In Prioritized Exclude Observation Args] A list of
prioritized_exclude_observation
blocks as defined below.- required_
data_ Sequence[Alertconnectors Rule Anomaly Built In Required Data Connector Args] A
required_data_connector
block as defined below.- settings_
definition_ strid The ID of the anomaly settings definition Id.
- single_
select_ Sequence[Alertobservations Rule Anomaly Built In Single Select Observation Args] A list of
single_select_observation
blocks as defined below.- tactics Sequence[str]
A list of categories of attacks by which to classify the rule.
- techniques Sequence[str]
A list of techniques of attacks by which to classify the rule.
- threshold_
observations Sequence[AlertRule Anomaly Built In Threshold Observation Args] A list of
threshold_observation
blocks as defined below.
- anomaly
Settings NumberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- display
Name String The Display Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- enabled Boolean
Should the Built-in Anomaly Alert Rule be enabled?
- frequency String
The frequency the Anomaly Alert Rule will be run.
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- mode String
mode of the Built-in Anomaly Alert Rule. Possible Values are
Production
andFlighting
.- multi
Select List<Property Map>Observations A list of
multi_select_observation
blocks as defined below.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritized
Exclude List<Property Map>Observations A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<Property Map>Connectors A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<Property Map>Observations A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<Property Map> A list of
threshold_observation
blocks as defined below.
Supporting Types
AlertRuleAnomalyBuiltInMultiSelectObservation
- Description string
The description of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Supported
Values List<string> A list of supported values of the single select observation.
- Values List<string>
A list of values of the single select observation.
- Description string
The description of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Supported
Values []string A list of supported values of the single select observation.
- Values []string
A list of values of the single select observation.
- description String
The description of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values List<String> A list of supported values of the single select observation.
- values List<String>
A list of values of the single select observation.
- description string
The description of the threshold observation.
- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values string[] A list of supported values of the single select observation.
- values string[]
A list of values of the single select observation.
- description str
The description of the threshold observation.
- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported_
values Sequence[str] A list of supported values of the single select observation.
- values Sequence[str]
A list of values of the single select observation.
- description String
The description of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values List<String> A list of supported values of the single select observation.
- values List<String>
A list of values of the single select observation.
AlertRuleAnomalyBuiltInPrioritizedExcludeObservation
- Description string
The description of the threshold observation.
- Exclude string
The excluded value per
description
.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Prioritize string
The prioritized value per
description
.
- Description string
The description of the threshold observation.
- Exclude string
The excluded value per
description
.- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Prioritize string
The prioritized value per
description
.
- description String
The description of the threshold observation.
- exclude String
The excluded value per
description
.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritize String
The prioritized value per
description
.
- description string
The description of the threshold observation.
- exclude string
The excluded value per
description
.- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritize string
The prioritized value per
description
.
- description str
The description of the threshold observation.
- exclude str
The excluded value per
description
.- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritize str
The prioritized value per
description
.
- description String
The description of the threshold observation.
- exclude String
The excluded value per
description
.- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- prioritize String
The prioritized value per
description
.
AlertRuleAnomalyBuiltInRequiredDataConnector
- Connector
Id string The ID of the required Data Connector.
- Data
Types List<string> A list of data types of the required Data Connector.
- Connector
Id string The ID of the required Data Connector.
- Data
Types []string A list of data types of the required Data Connector.
- connector
Id String The ID of the required Data Connector.
- data
Types List<String> A list of data types of the required Data Connector.
- connector
Id string The ID of the required Data Connector.
- data
Types string[] A list of data types of the required Data Connector.
- connector_
id str The ID of the required Data Connector.
- data_
types Sequence[str] A list of data types of the required Data Connector.
- connector
Id String The ID of the required Data Connector.
- data
Types List<String> A list of data types of the required Data Connector.
AlertRuleAnomalyBuiltInSingleSelectObservation
- Description string
The description of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Supported
Values List<string> A list of supported values of the single select observation.
- Value string
The value of the threshold observation.
- Description string
The description of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Supported
Values []string A list of supported values of the single select observation.
- Value string
The value of the threshold observation.
- description String
The description of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values List<String> A list of supported values of the single select observation.
- value String
The value of the threshold observation.
- description string
The description of the threshold observation.
- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values string[] A list of supported values of the single select observation.
- value string
The value of the threshold observation.
- description str
The description of the threshold observation.
- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported_
values Sequence[str] A list of supported values of the single select observation.
- value str
The value of the threshold observation.
- description String
The description of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- supported
Values List<String> A list of supported values of the single select observation.
- value String
The value of the threshold observation.
AlertRuleAnomalyBuiltInThresholdObservation
- Description string
The description of the threshold observation.
- Max string
The max value of the threshold observation.
- Min string
The min value of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Value string
The value of the threshold observation.
- Description string
The description of the threshold observation.
- Max string
The max value of the threshold observation.
- Min string
The min value of the threshold observation.
- Name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- Value string
The value of the threshold observation.
- description String
The description of the threshold observation.
- max String
The max value of the threshold observation.
- min String
The min value of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- value String
The value of the threshold observation.
- description string
The description of the threshold observation.
- max string
The max value of the threshold observation.
- min string
The min value of the threshold observation.
- name string
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- value string
The value of the threshold observation.
- description str
The description of the threshold observation.
- max str
The max value of the threshold observation.
- min str
The min value of the threshold observation.
- name str
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- value str
The value of the threshold observation.
- description String
The description of the threshold observation.
- max String
The max value of the threshold observation.
- min String
The min value of the threshold observation.
- name String
The Name of the built-in Anomaly Alert Rule. Changing this forces a new Built-in Anomaly Alert Rule to be created.
- value String
The value of the threshold observation.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.