import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
 * Manages a Duplicated Anomaly Alert Rule.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 *
 * const exampleResourceGroup = new azure.core.ResourceGroup("example", {
 *     name: "example-resources",
 *     location: "West Europe",
 * });
 * const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
 *     name: "example-law",
 *     location: exampleResourceGroup.location,
 *     resourceGroupName: exampleResourceGroup.name,
 *     sku: "PerGB2018",
 * });
 * const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {
 *     workspaceId: exampleAnalyticsWorkspace.id,
 *     customerManagedKeyEnabled: false,
 * });
 * const example = azure.sentinel.getAlertRuleAnomalyOutput({
 *     logAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId,
 *     displayName: "UEBA Anomalous Sign In",
 * });
 * const exampleAlertRuleAnomalyDuplicate = new azure.sentinel.AlertRuleAnomalyDuplicate("example", {
 *     displayName: "example duplicated UEBA Anomalous Sign In",
 *     logAnalyticsWorkspaceId: exampleAnalyticsWorkspace.id,
 *     builtInRuleId: example.apply(example => example.id),
 *     enabled: true,
 *     mode: "Flighting",
 *     thresholdObservations: [{
 *         name: "Anomaly score threshold",
 *         value: "0.6",
 *     }],
 * });
 * ```
 *
 * ## Import
 *
 * Built In Anomaly Alert Rules can be imported using the `resource id`, e.g.
 *
 * ```sh
 * $ pulumi import azure:sentinel/alertRuleAnomalyDuplicate:AlertRuleAnomalyDuplicate example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1
 * ```
 */
export declare class AlertRuleAnomalyDuplicate extends pulumi.CustomResource {
    /**
     * Get an existing AlertRuleAnomalyDuplicate resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AlertRuleAnomalyDuplicateState, opts?: pulumi.CustomResourceOptions): AlertRuleAnomalyDuplicate;
    /**
     * Returns true if the given object is an instance of AlertRuleAnomalyDuplicate.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is AlertRuleAnomalyDuplicate;
    /**
     * The version of the Anomaly Security ML Analytics Settings.
     */
    readonly anomalySettingsVersion: pulumi.Output<number>;
    /**
     * The anomaly version of the Anomaly Alert Rule.
     */
    readonly anomalyVersion: pulumi.Output<string>;
    /**
     * The ID of the built-in Anomaly Alert Rule. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
     */
    readonly builtInRuleId: pulumi.Output<string>;
    /**
     * The description of the Anomaly Alert Rule.
     */
    readonly description: pulumi.Output<string>;
    /**
     * The Display Name of the built-in Anomaly Alert Rule.
     */
    readonly displayName: pulumi.Output<string>;
    /**
     * Should the Duplicated Anomaly Alert Rule be enabled?
     */
    readonly enabled: pulumi.Output<boolean>;
    /**
     * The frequency the Anomaly Alert Rule will be run, such as "P1D".
     */
    readonly frequency: pulumi.Output<string>;
    /**
     * Whether the current settings of the Anomaly Alert Rule equals default settings.
     */
    readonly isDefaultSettings: pulumi.Output<boolean>;
    /**
     * The ID of the Log Analytics Workspace. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
     */
    readonly logAnalyticsWorkspaceId: pulumi.Output<string>;
    /**
     * mode of the Duplicated Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
     */
    readonly mode: pulumi.Output<string>;
    /**
     * A list of `multiSelectObservation` blocks as defined below.
     */
    readonly multiSelectObservations: pulumi.Output<outputs.sentinel.AlertRuleAnomalyDuplicateMultiSelectObservation[]>;
    readonly name: pulumi.Output<string>;
    /**
     * A list of `prioritizedExcludeObservation` blocks as defined below.
     */
    readonly prioritizedExcludeObservations: pulumi.Output<outputs.sentinel.AlertRuleAnomalyDuplicatePrioritizedExcludeObservation[]>;
    /**
     * A `requiredDataConnector` block as defined below.
     */
    readonly requiredDataConnectors: pulumi.Output<outputs.sentinel.AlertRuleAnomalyDuplicateRequiredDataConnector[]>;
    /**
     * The ID of the anomaly settings definition Id.
     */
    readonly settingsDefinitionId: pulumi.Output<string>;
    /**
     * A list of `singleSelectObservation` blocks as defined below.
     */
    readonly singleSelectObservations: pulumi.Output<outputs.sentinel.AlertRuleAnomalyDuplicateSingleSelectObservation[]>;
    /**
     * A list of categories of attacks by which to classify the rule.
     */
    readonly tactics: pulumi.Output<string[]>;
    /**
     * A list of techniques of attacks by which to classify the rule.
     */
    readonly techniques: pulumi.Output<string[]>;
    /**
     * A list of `thresholdObservation` blocks as defined below.
     *
     * > **Note:** un-specified `multiSelectObservation`, `singleSelectObservation`, `prioritizedExcludeObservation` and `thresholdObservation` will be inherited from the built-in Anomaly Alert Rule.
     */
    readonly thresholdObservations: pulumi.Output<outputs.sentinel.AlertRuleAnomalyDuplicateThresholdObservation[]>;
    /**
     * Create a AlertRuleAnomalyDuplicate resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: AlertRuleAnomalyDuplicateArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering AlertRuleAnomalyDuplicate resources.
 */
export interface AlertRuleAnomalyDuplicateState {
    /**
     * The version of the Anomaly Security ML Analytics Settings.
     */
    anomalySettingsVersion?: pulumi.Input<number>;
    /**
     * The anomaly version of the Anomaly Alert Rule.
     */
    anomalyVersion?: pulumi.Input<string>;
    /**
     * The ID of the built-in Anomaly Alert Rule. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
     */
    builtInRuleId?: pulumi.Input<string>;
    /**
     * The description of the Anomaly Alert Rule.
     */
    description?: pulumi.Input<string>;
    /**
     * The Display Name of the built-in Anomaly Alert Rule.
     */
    displayName?: pulumi.Input<string>;
    /**
     * Should the Duplicated Anomaly Alert Rule be enabled?
     */
    enabled?: pulumi.Input<boolean>;
    /**
     * The frequency the Anomaly Alert Rule will be run, such as "P1D".
     */
    frequency?: pulumi.Input<string>;
    /**
     * Whether the current settings of the Anomaly Alert Rule equals default settings.
     */
    isDefaultSettings?: pulumi.Input<boolean>;
    /**
     * The ID of the Log Analytics Workspace. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
     */
    logAnalyticsWorkspaceId?: pulumi.Input<string>;
    /**
     * mode of the Duplicated Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
     */
    mode?: pulumi.Input<string>;
    /**
     * A list of `multiSelectObservation` blocks as defined below.
     */
    multiSelectObservations?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicateMultiSelectObservation>[]>;
    name?: pulumi.Input<string>;
    /**
     * A list of `prioritizedExcludeObservation` blocks as defined below.
     */
    prioritizedExcludeObservations?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicatePrioritizedExcludeObservation>[]>;
    /**
     * A `requiredDataConnector` block as defined below.
     */
    requiredDataConnectors?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicateRequiredDataConnector>[]>;
    /**
     * The ID of the anomaly settings definition Id.
     */
    settingsDefinitionId?: pulumi.Input<string>;
    /**
     * A list of `singleSelectObservation` blocks as defined below.
     */
    singleSelectObservations?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicateSingleSelectObservation>[]>;
    /**
     * A list of categories of attacks by which to classify the rule.
     */
    tactics?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * A list of techniques of attacks by which to classify the rule.
     */
    techniques?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * A list of `thresholdObservation` blocks as defined below.
     *
     * > **Note:** un-specified `multiSelectObservation`, `singleSelectObservation`, `prioritizedExcludeObservation` and `thresholdObservation` will be inherited from the built-in Anomaly Alert Rule.
     */
    thresholdObservations?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicateThresholdObservation>[]>;
}
/**
 * The set of arguments for constructing a AlertRuleAnomalyDuplicate resource.
 */
export interface AlertRuleAnomalyDuplicateArgs {
    /**
     * The ID of the built-in Anomaly Alert Rule. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
     */
    builtInRuleId: pulumi.Input<string>;
    /**
     * The Display Name of the built-in Anomaly Alert Rule.
     */
    displayName: pulumi.Input<string>;
    /**
     * Should the Duplicated Anomaly Alert Rule be enabled?
     */
    enabled: pulumi.Input<boolean>;
    /**
     * The ID of the Log Analytics Workspace. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
     */
    logAnalyticsWorkspaceId: pulumi.Input<string>;
    /**
     * mode of the Duplicated Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
     */
    mode: pulumi.Input<string>;
    /**
     * A list of `multiSelectObservation` blocks as defined below.
     */
    multiSelectObservations?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicateMultiSelectObservation>[]>;
    /**
     * A list of `prioritizedExcludeObservation` blocks as defined below.
     */
    prioritizedExcludeObservations?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicatePrioritizedExcludeObservation>[]>;
    /**
     * A list of `singleSelectObservation` blocks as defined below.
     */
    singleSelectObservations?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicateSingleSelectObservation>[]>;
    /**
     * A list of `thresholdObservation` blocks as defined below.
     *
     * > **Note:** un-specified `multiSelectObservation`, `singleSelectObservation`, `prioritizedExcludeObservation` and `thresholdObservation` will be inherited from the built-in Anomaly Alert Rule.
     */
    thresholdObservations?: pulumi.Input<pulumi.Input<inputs.sentinel.AlertRuleAnomalyDuplicateThresholdObservation>[]>;
}