import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages Security Center Automation and Continuous Export. This resource supports three types of destination in the `action`, Logic Apps, Log Analytics and Event Hubs * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const current = azure.core.getClientConfig({}); * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleEventHubNamespace = new azure.eventhub.EventHubNamespace("example", { * name: "example-namespace", * location: example.location, * resourceGroupName: example.name, * sku: "Standard", * capacity: 2, * }); * const exampleEventHub = new azure.eventhub.EventHub("example", { * name: "acceptanceTestEventHub", * namespaceId: exampleEventHubNamespace.id, * partitionCount: 2, * messageRetention: 2, * }); * const exampleAuthorizationRule = new azure.eventhub.AuthorizationRule("example", { * name: "example-rule", * namespaceName: exampleEventHubNamespace.name, * eventhubName: exampleEventHub.name, * resourceGroupName: example.name, * listen: true, * send: false, * manage: false, * }); * const exampleAutomation = new azure.securitycenter.Automation("example", { * name: "example-automation", * location: example.location, * resourceGroupName: example.name, * actions: [{ * type: "EventHub", * resourceId: exampleEventHub.id, * connectionString: exampleAuthorizationRule.primaryConnectionString, * }], * sources: [{ * eventSource: "Alerts", * ruleSets: [{ * rules: [{ * propertyPath: "properties.metadata.severity", * operator: "Equals", * expectedValue: "High", * propertyType: "String", * }], * }], * }], * scopes: [current.then(current => `/subscriptions/${current.subscriptionId}`)], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Security` - 2019-01-01-preview * * ## Import * * Security Center Automations can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:securitycenter/automation:Automation example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Security/automations/automation1 * ``` */ export declare class Automation extends pulumi.CustomResource { /** * Get an existing Automation resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AutomationState, opts?: pulumi.CustomResourceOptions): Automation; /** * Returns true if the given object is an instance of Automation. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Automation; /** * One or more `action` blocks as defined below. An `action` tells this automation where the data is to be sent to upon being evaluated by the rules in the `source`. */ readonly actions: pulumi.Output; /** * Specifies the description for the Security Center Automation. */ readonly description: pulumi.Output; /** * Boolean to enable or disable this Security Center Automation. Defaults to `true`. */ readonly enabled: pulumi.Output; /** * The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created. */ readonly location: pulumi.Output; /** * The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created. * * > **Note:** For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either `ExportToWorkspace` or `ExportToEventHub` must be used. */ readonly name: pulumi.Output; /** * The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created. */ readonly resourceGroupName: pulumi.Output; /** * A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format `/subscriptions/00000000-0000-0000-0000-000000000000`) or a resource group under that subscription (in the format `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example`). The automation will only apply on defined scopes. */ readonly scopes: pulumi.Output; /** * One or more `source` blocks as defined below. A `source` defines what data types will be processed and a set of rules to filter that data. */ readonly sources: pulumi.Output; /** * A mapping of tags assigned to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Create a Automation resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AutomationArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Automation resources. */ export interface AutomationState { /** * One or more `action` blocks as defined below. An `action` tells this automation where the data is to be sent to upon being evaluated by the rules in the `source`. */ actions?: pulumi.Input[]>; /** * Specifies the description for the Security Center Automation. */ description?: pulumi.Input; /** * Boolean to enable or disable this Security Center Automation. Defaults to `true`. */ enabled?: pulumi.Input; /** * The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created. */ location?: pulumi.Input; /** * The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created. * * > **Note:** For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either `ExportToWorkspace` or `ExportToEventHub` must be used. */ name?: pulumi.Input; /** * The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created. */ resourceGroupName?: pulumi.Input; /** * A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format `/subscriptions/00000000-0000-0000-0000-000000000000`) or a resource group under that subscription (in the format `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example`). The automation will only apply on defined scopes. */ scopes?: pulumi.Input[]>; /** * One or more `source` blocks as defined below. A `source` defines what data types will be processed and a set of rules to filter that data. */ sources?: pulumi.Input[]>; /** * A mapping of tags assigned to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * The set of arguments for constructing a Automation resource. */ export interface AutomationArgs { /** * One or more `action` blocks as defined below. An `action` tells this automation where the data is to be sent to upon being evaluated by the rules in the `source`. */ actions: pulumi.Input[]>; /** * Specifies the description for the Security Center Automation. */ description?: pulumi.Input; /** * Boolean to enable or disable this Security Center Automation. Defaults to `true`. */ enabled?: pulumi.Input; /** * The Azure Region where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created. */ location?: pulumi.Input; /** * The name which should be used for this Security Center Automation. Changing this forces a new Security Center Automation to be created. * * > **Note:** For the automation to appear in Azure Portal correctly under Microsoft Defender for Cloud > Environment Settings > Account > Continuous Export, either `ExportToWorkspace` or `ExportToEventHub` must be used. */ name?: pulumi.Input; /** * The name of the Resource Group where the Security Center Automation should exist. Changing this forces a new Security Center Automation to be created. */ resourceGroupName: pulumi.Input; /** * A list of scopes on which the automation logic is applied, at least one is required. Supported scopes are a subscription (in this format `/subscriptions/00000000-0000-0000-0000-000000000000`) or a resource group under that subscription (in the format `/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example`). The automation will only apply on defined scopes. */ scopes: pulumi.Input[]>; /** * One or more `source` blocks as defined below. A `source` defines what data types will be processed and a set of rules to filter that data. */ sources: pulumi.Input[]>; /** * A mapping of tags assigned to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }