import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * ## Disclaimers * * > **Note:** A Built-in Anomaly Alert Rule could not be deleted. delete a Terraform managed Built-in Anomaly Alert Rule will cause the Built-in Anomaly Alert Rule to be disabled. * * Manages a Built-in Anomaly Alert Rule. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const exampleResourceGroup = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", { * name: "example-law", * location: exampleResourceGroup.location, * resourceGroupName: exampleResourceGroup.name, * sku: "PerGB2018", * }); * const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", { * workspaceId: exampleAnalyticsWorkspace.id, * customerManagedKeyEnabled: false, * }); * const example = azure.sentinel.getAlertRuleAnomalyOutput({ * logAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId, * displayName: "Potential data staging", * }); * const exampleAlertRuleAnomalyBuiltIn = new azure.sentinel.AlertRuleAnomalyBuiltIn("example", { * displayName: "Potential data staging", * logAnalyticsWorkspaceId: exampleAnalyticsWorkspace.id, * mode: "Production", * enabled: false, * }); * ``` * * ## Import * * Built In Anomaly Alert Rules can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:sentinel/alertRuleAnomalyBuiltIn:AlertRuleAnomalyBuiltIn example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1 * ``` */ export declare class AlertRuleAnomalyBuiltIn extends pulumi.CustomResource { /** * Get an existing AlertRuleAnomalyBuiltIn resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: AlertRuleAnomalyBuiltInState, opts?: pulumi.CustomResourceOptions): AlertRuleAnomalyBuiltIn; /** * Returns true if the given object is an instance of AlertRuleAnomalyBuiltIn. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is AlertRuleAnomalyBuiltIn; /** * The version of the Anomaly Security ML Analytics Settings. */ readonly anomalySettingsVersion: pulumi.Output; /** * The anomaly version of the Anomaly Alert Rule. */ readonly anomalyVersion: pulumi.Output; /** * The description of the threshold observation. */ readonly description: pulumi.Output; /** * The Display Name of the built-in Anomaly Alert Rule. * * > **Note:** One of `name` or `displayName` block must be specified. */ readonly displayName: pulumi.Output; /** * Should the Built-in Anomaly Alert Rule be enabled? */ readonly enabled: pulumi.Output; /** * The frequency the Anomaly Alert Rule will be run. */ readonly frequency: pulumi.Output; /** * The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created. */ readonly logAnalyticsWorkspaceId: pulumi.Output; /** * mode of the Built-in Anomaly Alert Rule. Possible Values are `Production` and `Flighting`. */ readonly mode: pulumi.Output; /** * A list of `multiSelectObservation` blocks as defined below. */ readonly multiSelectObservations: pulumi.Output; /** * The Name of the built-in Anomaly Alert Rule. */ readonly name: pulumi.Output; /** * A list of `prioritizedExcludeObservation` blocks as defined below. */ readonly prioritizedExcludeObservations: pulumi.Output; /** * A `requiredDataConnector` block as defined below. */ readonly requiredDataConnectors: pulumi.Output; /** * The ID of the anomaly settings definition Id. */ readonly settingsDefinitionId: pulumi.Output; /** * A list of `singleSelectObservation` blocks as defined below. */ readonly singleSelectObservations: pulumi.Output; /** * A list of categories of attacks by which to classify the rule. */ readonly tactics: pulumi.Output; /** * A list of techniques of attacks by which to classify the rule. */ readonly techniques: pulumi.Output; /** * A list of `thresholdObservation` blocks as defined below. */ readonly thresholdObservations: pulumi.Output; /** * Create a AlertRuleAnomalyBuiltIn resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: AlertRuleAnomalyBuiltInArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering AlertRuleAnomalyBuiltIn resources. */ export interface AlertRuleAnomalyBuiltInState { /** * The version of the Anomaly Security ML Analytics Settings. */ anomalySettingsVersion?: pulumi.Input; /** * The anomaly version of the Anomaly Alert Rule. */ anomalyVersion?: pulumi.Input; /** * The description of the threshold observation. */ description?: pulumi.Input; /** * The Display Name of the built-in Anomaly Alert Rule. * * > **Note:** One of `name` or `displayName` block must be specified. */ displayName?: pulumi.Input; /** * Should the Built-in Anomaly Alert Rule be enabled? */ enabled?: pulumi.Input; /** * The frequency the Anomaly Alert Rule will be run. */ frequency?: pulumi.Input; /** * The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created. */ logAnalyticsWorkspaceId?: pulumi.Input; /** * mode of the Built-in Anomaly Alert Rule. Possible Values are `Production` and `Flighting`. */ mode?: pulumi.Input; /** * A list of `multiSelectObservation` blocks as defined below. */ multiSelectObservations?: pulumi.Input[]>; /** * The Name of the built-in Anomaly Alert Rule. */ name?: pulumi.Input; /** * A list of `prioritizedExcludeObservation` blocks as defined below. */ prioritizedExcludeObservations?: pulumi.Input[]>; /** * A `requiredDataConnector` block as defined below. */ requiredDataConnectors?: pulumi.Input[]>; /** * The ID of the anomaly settings definition Id. */ settingsDefinitionId?: pulumi.Input; /** * A list of `singleSelectObservation` blocks as defined below. */ singleSelectObservations?: pulumi.Input[]>; /** * A list of categories of attacks by which to classify the rule. */ tactics?: pulumi.Input[]>; /** * A list of techniques of attacks by which to classify the rule. */ techniques?: pulumi.Input[]>; /** * A list of `thresholdObservation` blocks as defined below. */ thresholdObservations?: pulumi.Input[]>; } /** * The set of arguments for constructing a AlertRuleAnomalyBuiltIn resource. */ export interface AlertRuleAnomalyBuiltInArgs { /** * The Display Name of the built-in Anomaly Alert Rule. * * > **Note:** One of `name` or `displayName` block must be specified. */ displayName?: pulumi.Input; /** * Should the Built-in Anomaly Alert Rule be enabled? */ enabled: pulumi.Input; /** * The ID of the Log Analytics Workspace. Changing this forces a new Built-in Anomaly Alert Rule to be created. */ logAnalyticsWorkspaceId: pulumi.Input; /** * mode of the Built-in Anomaly Alert Rule. Possible Values are `Production` and `Flighting`. */ mode: pulumi.Input; /** * The Name of the built-in Anomaly Alert Rule. */ name?: pulumi.Input; }