azure.sentinel.getAlertRuleAnomaly
Use this data source to access information about an existing Anomaly Alert Rule.
Using getAlertRuleAnomaly
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAlertRuleAnomaly(args: GetAlertRuleAnomalyArgs, opts?: InvokeOptions): Promise<GetAlertRuleAnomalyResult>
function getAlertRuleAnomalyOutput(args: GetAlertRuleAnomalyOutputArgs, opts?: InvokeOptions): Output<GetAlertRuleAnomalyResult>
def get_alert_rule_anomaly(display_name: Optional[str] = None,
log_analytics_workspace_id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAlertRuleAnomalyResult
def get_alert_rule_anomaly_output(display_name: Optional[pulumi.Input[str]] = None,
log_analytics_workspace_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAlertRuleAnomalyResult]
func GetAlertRuleAnomaly(ctx *Context, args *GetAlertRuleAnomalyArgs, opts ...InvokeOption) (*GetAlertRuleAnomalyResult, error)
func GetAlertRuleAnomalyOutput(ctx *Context, args *GetAlertRuleAnomalyOutputArgs, opts ...InvokeOption) GetAlertRuleAnomalyResultOutput
> Note: This function is named GetAlertRuleAnomaly
in the Go SDK.
public static class GetAlertRuleAnomaly
{
public static Task<GetAlertRuleAnomalyResult> InvokeAsync(GetAlertRuleAnomalyArgs args, InvokeOptions? opts = null)
public static Output<GetAlertRuleAnomalyResult> Invoke(GetAlertRuleAnomalyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAlertRuleAnomalyResult> getAlertRuleAnomaly(GetAlertRuleAnomalyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: azure:sentinel/getAlertRuleAnomaly:getAlertRuleAnomaly
arguments:
# arguments dictionary
The following arguments are supported:
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace.
- Display
Name string The display name of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.
- Log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace.
- Display
Name string The display name of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace.
- display
Name String The display name of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.
- log
Analytics stringWorkspace Id The ID of the Log Analytics Workspace.
- display
Name string The display name of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.
- log_
analytics_ strworkspace_ id The ID of the Log Analytics Workspace.
- display_
name str The display name of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- name str
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.
- log
Analytics StringWorkspace Id The ID of the Log Analytics Workspace.
- display
Name String The display name of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.
getAlertRuleAnomaly Result
The following output properties are available:
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Display
Name string - Enabled bool
Is the Anomaly Alert Rule enabled?
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Id string
The provider-assigned unique ID for this managed resource.
- Log
Analytics stringWorkspace Id - Mode string
- Multi
Select List<GetObservations Alert Rule Anomaly Multi Select Observation> A list of
multi_select_observation
blocks as defined below.- Name string
The name of the threshold observation.
- Prioritized
Exclude List<GetObservations Alert Rule Anomaly Prioritized Exclude Observation> A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data List<GetConnectors Alert Rule Anomaly Required Data Connector> A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select List<GetObservations Alert Rule Anomaly Single Select Observation> A list of
single_select_observation
blocks as defined below.- Tactics List<string>
A list of categories of attacks by which to classify the rule.
- Techniques List<string>
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations List<GetAlert Rule Anomaly Threshold Observation> A list of
threshold_observation
blocks as defined below.
- Anomaly
Settings intVersion The version of the Anomaly Security ML Analytics Settings.
- Anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- Description string
The description of the threshold observation.
- Display
Name string - Enabled bool
Is the Anomaly Alert Rule enabled?
- Frequency string
The frequency the Anomaly Alert Rule will be run.
- Id string
The provider-assigned unique ID for this managed resource.
- Log
Analytics stringWorkspace Id - Mode string
- Multi
Select []GetObservations Alert Rule Anomaly Multi Select Observation A list of
multi_select_observation
blocks as defined below.- Name string
The name of the threshold observation.
- Prioritized
Exclude []GetObservations Alert Rule Anomaly Prioritized Exclude Observation A list of
prioritized_exclude_observation
blocks as defined below.- Required
Data []GetConnectors Alert Rule Anomaly Required Data Connector A
required_data_connector
block as defined below.- Settings
Definition stringId The ID of the anomaly settings definition Id.
- Single
Select []GetObservations Alert Rule Anomaly Single Select Observation A list of
single_select_observation
blocks as defined below.- Tactics []string
A list of categories of attacks by which to classify the rule.
- Techniques []string
A list of techniques of attacks by which to classify the rule.
- Threshold
Observations []GetAlert Rule Anomaly Threshold Observation A list of
threshold_observation
blocks as defined below.
- anomaly
Settings IntegerVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- display
Name String - enabled Boolean
Is the Anomaly Alert Rule enabled?
- frequency String
The frequency the Anomaly Alert Rule will be run.
- id String
The provider-assigned unique ID for this managed resource.
- log
Analytics StringWorkspace Id - mode String
- multi
Select List<GetObservations Alert Rule Anomaly Multi Select Observation> A list of
multi_select_observation
blocks as defined below.- name String
The name of the threshold observation.
- prioritized
Exclude List<GetObservations Alert Rule Anomaly Prioritized Exclude Observation> A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<GetConnectors Alert Rule Anomaly Required Data Connector> A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<GetObservations Alert Rule Anomaly Single Select Observation> A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<GetAlert Rule Anomaly Threshold Observation> A list of
threshold_observation
blocks as defined below.
- anomaly
Settings numberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version string The anomaly version of the Anomaly Alert Rule.
- description string
The description of the threshold observation.
- display
Name string - enabled boolean
Is the Anomaly Alert Rule enabled?
- frequency string
The frequency the Anomaly Alert Rule will be run.
- id string
The provider-assigned unique ID for this managed resource.
- log
Analytics stringWorkspace Id - mode string
- multi
Select GetObservations Alert Rule Anomaly Multi Select Observation[] A list of
multi_select_observation
blocks as defined below.- name string
The name of the threshold observation.
- prioritized
Exclude GetObservations Alert Rule Anomaly Prioritized Exclude Observation[] A list of
prioritized_exclude_observation
blocks as defined below.- required
Data GetConnectors Alert Rule Anomaly Required Data Connector[] A
required_data_connector
block as defined below.- settings
Definition stringId The ID of the anomaly settings definition Id.
- single
Select GetObservations Alert Rule Anomaly Single Select Observation[] A list of
single_select_observation
blocks as defined below.- tactics string[]
A list of categories of attacks by which to classify the rule.
- techniques string[]
A list of techniques of attacks by which to classify the rule.
- threshold
Observations GetAlert Rule Anomaly Threshold Observation[] A list of
threshold_observation
blocks as defined below.
- anomaly_
settings_ intversion The version of the Anomaly Security ML Analytics Settings.
- anomaly_
version str The anomaly version of the Anomaly Alert Rule.
- description str
The description of the threshold observation.
- display_
name str - enabled bool
Is the Anomaly Alert Rule enabled?
- frequency str
The frequency the Anomaly Alert Rule will be run.
- id str
The provider-assigned unique ID for this managed resource.
- log_
analytics_ strworkspace_ id - mode str
- multi_
select_ Sequence[Getobservations Alert Rule Anomaly Multi Select Observation] A list of
multi_select_observation
blocks as defined below.- name str
The name of the threshold observation.
- prioritized_
exclude_ Sequence[Getobservations Alert Rule Anomaly Prioritized Exclude Observation] A list of
prioritized_exclude_observation
blocks as defined below.- required_
data_ Sequence[Getconnectors Alert Rule Anomaly Required Data Connector] A
required_data_connector
block as defined below.- settings_
definition_ strid The ID of the anomaly settings definition Id.
- single_
select_ Sequence[Getobservations Alert Rule Anomaly Single Select Observation] A list of
single_select_observation
blocks as defined below.- tactics Sequence[str]
A list of categories of attacks by which to classify the rule.
- techniques Sequence[str]
A list of techniques of attacks by which to classify the rule.
- threshold_
observations Sequence[GetAlert Rule Anomaly Threshold Observation] A list of
threshold_observation
blocks as defined below.
- anomaly
Settings NumberVersion The version of the Anomaly Security ML Analytics Settings.
- anomaly
Version String The anomaly version of the Anomaly Alert Rule.
- description String
The description of the threshold observation.
- display
Name String - enabled Boolean
Is the Anomaly Alert Rule enabled?
- frequency String
The frequency the Anomaly Alert Rule will be run.
- id String
The provider-assigned unique ID for this managed resource.
- log
Analytics StringWorkspace Id - mode String
- multi
Select List<Property Map>Observations A list of
multi_select_observation
blocks as defined below.- name String
The name of the threshold observation.
- prioritized
Exclude List<Property Map>Observations A list of
prioritized_exclude_observation
blocks as defined below.- required
Data List<Property Map>Connectors A
required_data_connector
block as defined below.- settings
Definition StringId The ID of the anomaly settings definition Id.
- single
Select List<Property Map>Observations A list of
single_select_observation
blocks as defined below.- tactics List<String>
A list of categories of attacks by which to classify the rule.
- techniques List<String>
A list of techniques of attacks by which to classify the rule.
- threshold
Observations List<Property Map> A list of
threshold_observation
blocks as defined below.
Supporting Types
GetAlertRuleAnomalyMultiSelectObservation
- Description string
The description of the threshold observation.
- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Supported
Values List<string> A list of supported values of the single select observation.
- Values List<string>
A list of values of the single select observation.
- Description string
The description of the threshold observation.
- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Supported
Values []string A list of supported values of the single select observation.
- Values []string
A list of values of the single select observation.
- description String
The description of the threshold observation.
- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- supported
Values List<String> A list of supported values of the single select observation.
- values List<String>
A list of values of the single select observation.
- description string
The description of the threshold observation.
- name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- supported
Values string[] A list of supported values of the single select observation.
- values string[]
A list of values of the single select observation.
- description str
The description of the threshold observation.
- name str
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- supported_
values Sequence[str] A list of supported values of the single select observation.
- values Sequence[str]
A list of values of the single select observation.
- description String
The description of the threshold observation.
- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- supported
Values List<String> A list of supported values of the single select observation.
- values List<String>
A list of values of the single select observation.
GetAlertRuleAnomalyPrioritizedExcludeObservation
- Description string
The description of the threshold observation.
- Exclude string
The excluded value per
description
.- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Prioritize string
The prioritized value per
description
.
- Description string
The description of the threshold observation.
- Exclude string
The excluded value per
description
.- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Prioritize string
The prioritized value per
description
.
- description String
The description of the threshold observation.
- exclude String
The excluded value per
description
.- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- prioritize String
The prioritized value per
description
.
- description string
The description of the threshold observation.
- exclude string
The excluded value per
description
.- name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- prioritize string
The prioritized value per
description
.
- description str
The description of the threshold observation.
- exclude str
The excluded value per
description
.- name str
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- prioritize str
The prioritized value per
description
.
- description String
The description of the threshold observation.
- exclude String
The excluded value per
description
.- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- prioritize String
The prioritized value per
description
.
GetAlertRuleAnomalyRequiredDataConnector
- Connector
Id string The ID of the required Data Connector.
- Data
Types List<string> A list of data types of the required Data Connector.
- Connector
Id string The ID of the required Data Connector.
- Data
Types []string A list of data types of the required Data Connector.
- connector
Id String The ID of the required Data Connector.
- data
Types List<String> A list of data types of the required Data Connector.
- connector
Id string The ID of the required Data Connector.
- data
Types string[] A list of data types of the required Data Connector.
- connector_
id str The ID of the required Data Connector.
- data_
types Sequence[str] A list of data types of the required Data Connector.
- connector
Id String The ID of the required Data Connector.
- data
Types List<String> A list of data types of the required Data Connector.
GetAlertRuleAnomalySingleSelectObservation
- Description string
The description of the threshold observation.
- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Supported
Values List<string> A list of supported values of the single select observation.
- Value string
The value of the threshold observation.
- Description string
The description of the threshold observation.
- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Supported
Values []string A list of supported values of the single select observation.
- Value string
The value of the threshold observation.
- description String
The description of the threshold observation.
- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- supported
Values List<String> A list of supported values of the single select observation.
- value String
The value of the threshold observation.
- description string
The description of the threshold observation.
- name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- supported
Values string[] A list of supported values of the single select observation.
- value string
The value of the threshold observation.
- description str
The description of the threshold observation.
- name str
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- supported_
values Sequence[str] A list of supported values of the single select observation.
- value str
The value of the threshold observation.
- description String
The description of the threshold observation.
- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- supported
Values List<String> A list of supported values of the single select observation.
- value String
The value of the threshold observation.
GetAlertRuleAnomalyThresholdObservation
- Description string
The description of the threshold observation.
- Max string
The max value of the threshold observation.
- Min string
The min value of the threshold observation.
- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Value string
The value of the threshold observation.
- Description string
The description of the threshold observation.
- Max string
The max value of the threshold observation.
- Min string
The min value of the threshold observation.
- Name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- Value string
The value of the threshold observation.
- description String
The description of the threshold observation.
- max String
The max value of the threshold observation.
- min String
The min value of the threshold observation.
- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- value String
The value of the threshold observation.
- description string
The description of the threshold observation.
- max string
The max value of the threshold observation.
- min string
The min value of the threshold observation.
- name string
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- value string
The value of the threshold observation.
- description str
The description of the threshold observation.
- max str
The max value of the threshold observation.
- min str
The min value of the threshold observation.
- name str
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- value str
The value of the threshold observation.
- description String
The description of the threshold observation.
- max String
The max value of the threshold observation.
- min String
The min value of the threshold observation.
- name String
The guid of this Sentinel Alert Rule Template. Either
display_name
orname
have to be specified.- value String
The value of the threshold observation.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.