Azure Classic v5.52.0, Oct 2 23

We recommend using Azure Native.

Azure Classic v5.52.0 published on Monday, Oct 2, 2023 by Pulumi

pulumi/pulumi-azure

azure.sentinel.getAlertRuleAnomaly

Explore with Pulumi AI

We recommend using Azure Native.

Azure Classic v5.52.0 published on Monday, Oct 2, 2023 by Pulumi

pulumi/pulumi-azure

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
    {
        Location = "West Europe",
    });

    var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("exampleAnalyticsWorkspace", new()
    {
        Location = exampleResourceGroup.Location,
        ResourceGroupName = exampleResourceGroup.Name,
        Sku = "PerGB2018",
    });

    var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", new()
    {
        WorkspaceId = exampleAnalyticsWorkspace.Id,
        CustomerManagedKeyEnabled = false,
    });

    var exampleAlertRuleAnomaly = Azure.Sentinel.GetAlertRuleAnomaly.Invoke(new()
    {
        LogAnalyticsWorkspaceId = exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
        DisplayName = "Potential data staging",
    });

    return new Dictionary<string, object?>
    {
        ["id"] = exampleAlertRuleAnomaly.Apply(getAlertRuleAnomalyResult => getAlertRuleAnomalyResult.Id),
    };
});

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "exampleLogAnalyticsWorkspaceOnboarding", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
			WorkspaceId:               exampleAnalyticsWorkspace.ID(),
			CustomerManagedKeyEnabled: pulumi.Bool(false),
		})
		if err != nil {
			return err
		}
		exampleAlertRuleAnomaly := sentinel.GetAlertRuleAnomalyOutput(ctx, sentinel.GetAlertRuleAnomalyOutputArgs{
			LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
			DisplayName:             pulumi.String("Potential data staging"),
		}, nil)
		ctx.Export("id", exampleAlertRuleAnomaly.ApplyT(func(exampleAlertRuleAnomaly sentinel.GetAlertRuleAnomalyResult) (*string, error) {
			return &exampleAlertRuleAnomaly.Id, nil
		}).(pulumi.StringPtrOutput))
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
import com.pulumi.azure.sentinel.SentinelFunctions;
import com.pulumi.azure.sentinel.inputs.GetAlertRuleAnomalyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .sku("PerGB2018")
            .build());

        var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()        
            .workspaceId(exampleAnalyticsWorkspace.id())
            .customerManagedKeyEnabled(false)
            .build());

        final var exampleAlertRuleAnomaly = SentinelFunctions.getAlertRuleAnomaly(GetAlertRuleAnomalyArgs.builder()
            .logAnalyticsWorkspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
            .displayName("Potential data staging")
            .build());

        ctx.export("id", exampleAlertRuleAnomaly.applyValue(getAlertRuleAnomalyResult -> getAlertRuleAnomalyResult).applyValue(exampleAlertRuleAnomaly -> exampleAlertRuleAnomaly.applyValue(getAlertRuleAnomalyResult -> getAlertRuleAnomalyResult.id())));
    }
}

import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("exampleAnalyticsWorkspace",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    sku="PerGB2018")
example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding",
    workspace_id=example_analytics_workspace.id,
    customer_managed_key_enabled=False)
example_alert_rule_anomaly = azure.sentinel.get_alert_rule_anomaly_output(log_analytics_workspace_id=example_log_analytics_workspace_onboarding.workspace_id,
    display_name="Potential data staging")
pulumi.export("id", example_alert_rule_anomaly.id)

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("exampleAnalyticsWorkspace", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    sku: "PerGB2018",
});
const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", {
    workspaceId: exampleAnalyticsWorkspace.id,
    customerManagedKeyEnabled: false,
});
const exampleAlertRuleAnomaly = azure.sentinel.getAlertRuleAnomalyOutput({
    logAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId,
    displayName: "Potential data staging",
});
export const id = exampleAlertRuleAnomaly.apply(exampleAlertRuleAnomaly => exampleAlertRuleAnomaly.id);

resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleAnalyticsWorkspace:
    type: azure:operationalinsights:AnalyticsWorkspace
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      sku: PerGB2018
  exampleLogAnalyticsWorkspaceOnboarding:
    type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
    properties:
      workspaceId: ${exampleAnalyticsWorkspace.id}
      customerManagedKeyEnabled: false
variables:
  exampleAlertRuleAnomaly:
    fn::invoke:
      Function: azure:sentinel:getAlertRuleAnomaly
      Arguments:
        logAnalyticsWorkspaceId: ${exampleLogAnalyticsWorkspaceOnboarding.workspaceId}
        displayName: Potential data staging
outputs:
  id: ${exampleAlertRuleAnomaly.id}

Using getAlertRuleAnomaly

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAlertRuleAnomaly(args: GetAlertRuleAnomalyArgs, opts?: InvokeOptions): Promise<GetAlertRuleAnomalyResult>
function getAlertRuleAnomalyOutput(args: GetAlertRuleAnomalyOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleAnomalyResult>

def get_alert_rule_anomaly(display_name: Optional[str] = None,
                           log_analytics_workspace_id: Optional[str] = None,
                           name: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetAlertRuleAnomalyResult
def get_alert_rule_anomaly_output(display_name: Optional[pulumi.Input[str]] = None,
                           log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
                           name: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleAnomalyResult]

func GetAlertRuleAnomaly(ctx *Context, args *GetAlertRuleAnomalyArgs, opts ...InvokeOption) (*GetAlertRuleAnomalyResult, error)
func GetAlertRuleAnomalyOutput(ctx *Context, args *GetAlertRuleAnomalyOutputArgs, opts ...InvokeOption) GetAlertRuleAnomalyResultOutput

> Note: This function is named GetAlertRuleAnomaly in the Go SDK.

public static class GetAlertRuleAnomaly 
{
    public static Task<GetAlertRuleAnomalyResult> InvokeAsync(GetAlertRuleAnomalyArgs args, InvokeOptions? opts = null)
    public static Output<GetAlertRuleAnomalyResult> Invoke(GetAlertRuleAnomalyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetAlertRuleAnomalyResult> getAlertRuleAnomaly(GetAlertRuleAnomalyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: azure:sentinel/getAlertRuleAnomaly:getAlertRuleAnomaly
  arguments:
    # arguments dictionary

The following arguments are supported:

LogAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace.
DisplayName string: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE One of name or display_name must be specified.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

LogAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace.
DisplayName string: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE One of name or display_name must be specified.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId String: The ID of the Log Analytics Workspace.
displayName String: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE One of name or display_name must be specified.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId string: The ID of the Log Analytics Workspace.
displayName string: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE One of name or display_name must be specified.
name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

log_analytics_workspace_id str: The ID of the Log Analytics Workspace.
display_name str: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE One of name or display_name must be specified.
name str: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

logAnalyticsWorkspaceId String: The ID of the Log Analytics Workspace.
displayName String: The display name of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
NOTE One of name or display_name must be specified.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.

getAlertRuleAnomaly Result

The following output properties are available:

AnomalySettingsVersion int: The version of the Anomaly Security ML Analytics Settings.
AnomalyVersion string: The anomaly version of the Anomaly Alert Rule.
Description string: The description of the threshold observation.
DisplayName string
Enabled bool: Is the Anomaly Alert Rule enabled?
Frequency string: The frequency the Anomaly Alert Rule will be run.
Id string: The provider-assigned unique ID for this managed resource.
LogAnalyticsWorkspaceId string
Mode string
MultiSelectObservations List<GetAlertRuleAnomalyMultiSelectObservation>: A list of multi_select_observation blocks as defined below.
Name string: The name of the threshold observation.
PrioritizedExcludeObservations List<GetAlertRuleAnomalyPrioritizedExcludeObservation>: A list of prioritized_exclude_observation blocks as defined below.
RequiredDataConnectors List<GetAlertRuleAnomalyRequiredDataConnector>: A required_data_connector block as defined below.
SettingsDefinitionId string: The ID of the anomaly settings definition Id.
SingleSelectObservations List<GetAlertRuleAnomalySingleSelectObservation>: A list of single_select_observation blocks as defined below.
Tactics List<string>: A list of categories of attacks by which to classify the rule.
Techniques List<string>: A list of techniques of attacks by which to classify the rule.
ThresholdObservations List<GetAlertRuleAnomalyThresholdObservation>: A list of threshold_observation blocks as defined below.

AnomalySettingsVersion int: The version of the Anomaly Security ML Analytics Settings.
AnomalyVersion string: The anomaly version of the Anomaly Alert Rule.
Description string: The description of the threshold observation.
DisplayName string
Enabled bool: Is the Anomaly Alert Rule enabled?
Frequency string: The frequency the Anomaly Alert Rule will be run.
Id string: The provider-assigned unique ID for this managed resource.
LogAnalyticsWorkspaceId string
Mode string
MultiSelectObservations []GetAlertRuleAnomalyMultiSelectObservation: A list of multi_select_observation blocks as defined below.
Name string: The name of the threshold observation.
PrioritizedExcludeObservations []GetAlertRuleAnomalyPrioritizedExcludeObservation: A list of prioritized_exclude_observation blocks as defined below.
RequiredDataConnectors []GetAlertRuleAnomalyRequiredDataConnector: A required_data_connector block as defined below.
SettingsDefinitionId string: The ID of the anomaly settings definition Id.
SingleSelectObservations []GetAlertRuleAnomalySingleSelectObservation: A list of single_select_observation blocks as defined below.
Tactics []string: A list of categories of attacks by which to classify the rule.
Techniques []string: A list of techniques of attacks by which to classify the rule.
ThresholdObservations []GetAlertRuleAnomalyThresholdObservation: A list of threshold_observation blocks as defined below.

anomalySettingsVersion Integer: The version of the Anomaly Security ML Analytics Settings.
anomalyVersion String: The anomaly version of the Anomaly Alert Rule.
description String: The description of the threshold observation.
displayName String
enabled Boolean: Is the Anomaly Alert Rule enabled?
frequency String: The frequency the Anomaly Alert Rule will be run.
id String: The provider-assigned unique ID for this managed resource.
logAnalyticsWorkspaceId String
mode String
multiSelectObservations List<GetAlertRuleAnomalyMultiSelectObservation>: A list of multi_select_observation blocks as defined below.
name String: The name of the threshold observation.
prioritizedExcludeObservations List<GetAlertRuleAnomalyPrioritizedExcludeObservation>: A list of prioritized_exclude_observation blocks as defined below.
requiredDataConnectors List<GetAlertRuleAnomalyRequiredDataConnector>: A required_data_connector block as defined below.
settingsDefinitionId String: The ID of the anomaly settings definition Id.
singleSelectObservations List<GetAlertRuleAnomalySingleSelectObservation>: A list of single_select_observation blocks as defined below.
tactics List<String>: A list of categories of attacks by which to classify the rule.
techniques List<String>: A list of techniques of attacks by which to classify the rule.
thresholdObservations List<GetAlertRuleAnomalyThresholdObservation>: A list of threshold_observation blocks as defined below.

anomalySettingsVersion number: The version of the Anomaly Security ML Analytics Settings.
anomalyVersion string: The anomaly version of the Anomaly Alert Rule.
description string: The description of the threshold observation.
displayName string
enabled boolean: Is the Anomaly Alert Rule enabled?
frequency string: The frequency the Anomaly Alert Rule will be run.
id string: The provider-assigned unique ID for this managed resource.
logAnalyticsWorkspaceId string
mode string
multiSelectObservations GetAlertRuleAnomalyMultiSelectObservation[]: A list of multi_select_observation blocks as defined below.
name string: The name of the threshold observation.
prioritizedExcludeObservations GetAlertRuleAnomalyPrioritizedExcludeObservation[]: A list of prioritized_exclude_observation blocks as defined below.
requiredDataConnectors GetAlertRuleAnomalyRequiredDataConnector[]: A required_data_connector block as defined below.
settingsDefinitionId string: The ID of the anomaly settings definition Id.
singleSelectObservations GetAlertRuleAnomalySingleSelectObservation[]: A list of single_select_observation blocks as defined below.
tactics string[]: A list of categories of attacks by which to classify the rule.
techniques string[]: A list of techniques of attacks by which to classify the rule.
thresholdObservations GetAlertRuleAnomalyThresholdObservation[]: A list of threshold_observation blocks as defined below.

anomaly_settings_version int: The version of the Anomaly Security ML Analytics Settings.
anomaly_version str: The anomaly version of the Anomaly Alert Rule.
description str: The description of the threshold observation.
display_name str
enabled bool: Is the Anomaly Alert Rule enabled?
frequency str: The frequency the Anomaly Alert Rule will be run.
id str: The provider-assigned unique ID for this managed resource.
log_analytics_workspace_id str
mode str
multi_select_observations Sequence[GetAlertRuleAnomalyMultiSelectObservation]: A list of multi_select_observation blocks as defined below.
name str: The name of the threshold observation.
prioritized_exclude_observations Sequence[GetAlertRuleAnomalyPrioritizedExcludeObservation]: A list of prioritized_exclude_observation blocks as defined below.
required_data_connectors Sequence[GetAlertRuleAnomalyRequiredDataConnector]: A required_data_connector block as defined below.
settings_definition_id str: The ID of the anomaly settings definition Id.
single_select_observations Sequence[GetAlertRuleAnomalySingleSelectObservation]: A list of single_select_observation blocks as defined below.
tactics Sequence[str]: A list of categories of attacks by which to classify the rule.
techniques Sequence[str]: A list of techniques of attacks by which to classify the rule.
threshold_observations Sequence[GetAlertRuleAnomalyThresholdObservation]: A list of threshold_observation blocks as defined below.

anomalySettingsVersion Number: The version of the Anomaly Security ML Analytics Settings.
anomalyVersion String: The anomaly version of the Anomaly Alert Rule.
description String: The description of the threshold observation.
displayName String
enabled Boolean: Is the Anomaly Alert Rule enabled?
frequency String: The frequency the Anomaly Alert Rule will be run.
id String: The provider-assigned unique ID for this managed resource.
logAnalyticsWorkspaceId String
mode String
multiSelectObservations List<Property Map>: A list of multi_select_observation blocks as defined below.
name String: The name of the threshold observation.
prioritizedExcludeObservations List<Property Map>: A list of prioritized_exclude_observation blocks as defined below.
requiredDataConnectors List<Property Map>: A required_data_connector block as defined below.
settingsDefinitionId String: The ID of the anomaly settings definition Id.
singleSelectObservations List<Property Map>: A list of single_select_observation blocks as defined below.
tactics List<String>: A list of categories of attacks by which to classify the rule.
techniques List<String>: A list of techniques of attacks by which to classify the rule.
thresholdObservations List<Property Map>: A list of threshold_observation blocks as defined below.

Supporting Types

GetAlertRuleAnomalyMultiSelectObservation

Description string: The description of the threshold observation.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
SupportedValues List<string>: A list of supported values of the single select observation.
Values List<string>: A list of values of the single select observation.

Description string: The description of the threshold observation.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
SupportedValues []string: A list of supported values of the single select observation.
Values []string: A list of values of the single select observation.

description String: The description of the threshold observation.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
supportedValues List<String>: A list of supported values of the single select observation.
values List<String>: A list of values of the single select observation.

description string: The description of the threshold observation.
name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
supportedValues string[]: A list of supported values of the single select observation.
values string[]: A list of values of the single select observation.

description str: The description of the threshold observation.
name str: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
supported_values Sequence[str]: A list of supported values of the single select observation.
values Sequence[str]: A list of values of the single select observation.

description String: The description of the threshold observation.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
supportedValues List<String>: A list of supported values of the single select observation.
values List<String>: A list of values of the single select observation.

GetAlertRuleAnomalyPrioritizedExcludeObservation

Description string: The description of the threshold observation.
Exclude string: The excluded value per description.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
Prioritize string: The prioritized value per description.

Description string: The description of the threshold observation.
Exclude string: The excluded value per description.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
Prioritize string: The prioritized value per description.

description String: The description of the threshold observation.
exclude String: The excluded value per description.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
prioritize String: The prioritized value per description.

description string: The description of the threshold observation.
exclude string: The excluded value per description.
name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
prioritize string: The prioritized value per description.

description str: The description of the threshold observation.
exclude str: The excluded value per description.
name str: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
prioritize str: The prioritized value per description.

description String: The description of the threshold observation.
exclude String: The excluded value per description.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
prioritize String: The prioritized value per description.

GetAlertRuleAnomalyRequiredDataConnector

ConnectorId string: The ID of the required Data Connector.
DataTypes List<string>: A list of data types of the required Data Connector.

ConnectorId string: The ID of the required Data Connector.
DataTypes []string: A list of data types of the required Data Connector.

connectorId String: The ID of the required Data Connector.
dataTypes List<String>: A list of data types of the required Data Connector.

connectorId string: The ID of the required Data Connector.
dataTypes string[]: A list of data types of the required Data Connector.

connector_id str: The ID of the required Data Connector.
data_types Sequence[str]: A list of data types of the required Data Connector.

connectorId String: The ID of the required Data Connector.
dataTypes List<String>: A list of data types of the required Data Connector.

GetAlertRuleAnomalySingleSelectObservation

Description string: The description of the threshold observation.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
SupportedValues List<string>: A list of supported values of the single select observation.
Value string: The value of the threshold observation.

Description string: The description of the threshold observation.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
SupportedValues []string: A list of supported values of the single select observation.
Value string: The value of the threshold observation.

description String: The description of the threshold observation.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
supportedValues List<String>: A list of supported values of the single select observation.
value String: The value of the threshold observation.

description string: The description of the threshold observation.
name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
supportedValues string[]: A list of supported values of the single select observation.
value string: The value of the threshold observation.

description str: The description of the threshold observation.
name str: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
supported_values Sequence[str]: A list of supported values of the single select observation.
value str: The value of the threshold observation.

description String: The description of the threshold observation.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
supportedValues List<String>: A list of supported values of the single select observation.
value String: The value of the threshold observation.

GetAlertRuleAnomalyThresholdObservation

Description string: The description of the threshold observation.
Max string: The max value of the threshold observation.
Min string: The min value of the threshold observation.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
Value string: The value of the threshold observation.

Description string: The description of the threshold observation.
Max string: The max value of the threshold observation.
Min string: The min value of the threshold observation.
Name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
Value string: The value of the threshold observation.

description String: The description of the threshold observation.
max String: The max value of the threshold observation.
min String: The min value of the threshold observation.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
value String: The value of the threshold observation.

description string: The description of the threshold observation.
max string: The max value of the threshold observation.
min string: The min value of the threshold observation.
name string: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
value string: The value of the threshold observation.

description str: The description of the threshold observation.
max str: The max value of the threshold observation.
min str: The min value of the threshold observation.
name str: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
value str: The value of the threshold observation.

description String: The description of the threshold observation.
max String: The max value of the threshold observation.
min String: The min value of the threshold observation.
name String: The guid of this Sentinel Alert Rule Template. Either display_name or name have to be specified.
value String: The value of the threshold observation.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Azure Classic v5.52.0 published on Monday, Oct 2, 2023 by Pulumi

pulumi/pulumi-azure

azure.sentinel.getAlertRuleAnomaly

On this page

On this page

Example Usage

Using getAlertRuleAnomaly

getAlertRuleAnomaly Result

Supporting Types

GetAlertRuleAnomalyMultiSelectObservation

GetAlertRuleAnomalyPrioritizedExcludeObservation

GetAlertRuleAnomalyRequiredDataConnector

GetAlertRuleAnomalySingleSelectObservation

GetAlertRuleAnomalyThresholdObservation

Package Details

On this page

On this page