Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Azure Native
  3. API Docs
  4. securityinsights
  5. AnomalySecurityMLAnalyticsSettings
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi
pulumi/pulumi-azure-native

azure-native.securityinsights.AnomalySecurityMLAnalyticsSettings

Explore with Pulumi AI

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi
pulumi/pulumi-azure-native

Represents Anomaly Security ML Analytics Settings

Uses Azure REST API version 2024-09-01. In version 2.x of the Azure Native provider, it used API version 2023-02-01.

Example Usage

Creates or updates a Anomaly Security ML Analytics Settings.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var anomalySecurityMLAnalyticsSettings = new AzureNative.SecurityInsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", new()
    {
        AnomalySettingsVersion = 0,
        AnomalyVersion = "1.0.5",
        CustomizableObservations = new Dictionary<string, object?>
        {
            ["multiSelectObservations"] = null,
            ["prioritizeExcludeObservations"] = null,
            ["singleSelectObservations"] = new[]
            {
                new Dictionary<string, object?>
                {
                    ["description"] = "Select device vendor of network connection logs from CommonSecurityLog",
                    ["name"] = "Device vendor",
                    ["rerun"] = "RerunAlways",
                    ["sequenceNumber"] = 1,
                    ["supportedValues"] = new[]
                    {
                        "Palo Alto Networks",
                        "Fortinet",
                        "Check Point",
                    },
                    ["supportedValuesKql"] = null,
                    ["value"] = new[]
                    {
                        "Palo Alto Networks",
                    },
                    ["valuesKql"] = null,
                },
            },
            ["singleValueObservations"] = null,
            ["thresholdObservations"] = new[]
            {
                new Dictionary<string, object?>
                {
                    ["description"] = "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
                    ["maximum"] = "100",
                    ["minimum"] = "1",
                    ["name"] = "Daily data transfer threshold in MB",
                    ["rerun"] = "RerunAlways",
                    ["sequenceNumber"] = 1,
                    ["value"] = "25",
                },
                new Dictionary<string, object?>
                {
                    ["description"] = "Triggers anomalies when number of standard deviations is greater than the chosen value",
                    ["maximum"] = "10",
                    ["minimum"] = "2",
                    ["name"] = "Number of standard deviations",
                    ["rerun"] = "RerunAlways",
                    ["sequenceNumber"] = 2,
                    ["value"] = "3",
                },
            },
        },
        Description = "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
        DisplayName = "Login from unusual region",
        Enabled = true,
        Frequency = "PT1H",
        IsDefaultSettings = true,
        Kind = "Anomaly",
        RequiredDataConnectors = new[]
        {
            new AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSourceArgs
            {
                ConnectorId = "AWS",
                DataTypes = new[]
                {
                    "AWSCloudTrail",
                },
            },
        },
        ResourceGroupName = "myRg",
        SettingsDefinitionId = "f209187f-1d17-4431-94af-c141bf5f23db",
        SettingsResourceName = "f209187f-1d17-4431-94af-c141bf5f23db",
        SettingsStatus = AzureNative.SecurityInsights.SettingsStatus.Production,
        Tactics = new[]
        {
            AzureNative.SecurityInsights.AttackTactic.Exfiltration,
            AzureNative.SecurityInsights.AttackTactic.CommandAndControl,
        },
        Techniques = new[]
        {
            "T1037",
            "T1021",
        },
        WorkspaceName = "myWorkspace",
    });

});
Copy
package main

import (
	securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := securityinsights.NewAnomalySecurityMLAnalyticsSettings(ctx, "anomalySecurityMLAnalyticsSettings", &securityinsights.AnomalySecurityMLAnalyticsSettingsArgs{
			AnomalySettingsVersion: pulumi.Int(0),
			AnomalyVersion:         pulumi.String("1.0.5"),
			CustomizableObservations: pulumi.Any(map[string]interface{}{
				"multiSelectObservations":       nil,
				"prioritizeExcludeObservations": nil,
				"singleSelectObservations": []map[string]interface{}{
					map[string]interface{}{
						"description":    "Select device vendor of network connection logs from CommonSecurityLog",
						"name":           "Device vendor",
						"rerun":          "RerunAlways",
						"sequenceNumber": 1,
						"supportedValues": []string{
							"Palo Alto Networks",
							"Fortinet",
							"Check Point",
						},
						"supportedValuesKql": nil,
						"value": []string{
							"Palo Alto Networks",
						},
						"valuesKql": nil,
					},
				},
				"singleValueObservations": nil,
				"thresholdObservations": []interface{}{
					map[string]interface{}{
						"description":    "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
						"maximum":        "100",
						"minimum":        "1",
						"name":           "Daily data transfer threshold in MB",
						"rerun":          "RerunAlways",
						"sequenceNumber": 1,
						"value":          "25",
					},
					map[string]interface{}{
						"description":    "Triggers anomalies when number of standard deviations is greater than the chosen value",
						"maximum":        "10",
						"minimum":        "2",
						"name":           "Number of standard deviations",
						"rerun":          "RerunAlways",
						"sequenceNumber": 2,
						"value":          "3",
					},
				},
			}),
			Description:       pulumi.String("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
			DisplayName:       pulumi.String("Login from unusual region"),
			Enabled:           pulumi.Bool(true),
			Frequency:         pulumi.String("PT1H"),
			IsDefaultSettings: pulumi.Bool(true),
			Kind:              pulumi.String("Anomaly"),
			RequiredDataConnectors: securityinsights.SecurityMLAnalyticsSettingsDataSourceArray{
				&securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs{
					ConnectorId: pulumi.String("AWS"),
					DataTypes: pulumi.StringArray{
						pulumi.String("AWSCloudTrail"),
					},
				},
			},
			ResourceGroupName:    pulumi.String("myRg"),
			SettingsDefinitionId: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
			SettingsResourceName: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
			SettingsStatus:       pulumi.String(securityinsights.SettingsStatusProduction),
			Tactics: pulumi.StringArray{
				pulumi.String(securityinsights.AttackTacticExfiltration),
				pulumi.String(securityinsights.AttackTacticCommandAndControl),
			},
			Techniques: pulumi.StringArray{
				pulumi.String("T1037"),
				pulumi.String("T1021"),
			},
			WorkspaceName: pulumi.String("myWorkspace"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AnomalySecurityMLAnalyticsSettings;
import com.pulumi.azurenative.securityinsights.AnomalySecurityMLAnalyticsSettingsArgs;
import com.pulumi.azurenative.securityinsights.inputs.SecurityMLAnalyticsSettingsDataSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var anomalySecurityMLAnalyticsSettings = new AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", AnomalySecurityMLAnalyticsSettingsArgs.builder()
            .anomalySettingsVersion(0)
            .anomalyVersion("1.0.5")
            .customizableObservations(Map.ofEntries(
                Map.entry("multiSelectObservations", null),
                Map.entry("prioritizeExcludeObservations", null),
                Map.entry("singleSelectObservations", Map.ofEntries(
                    Map.entry("description", "Select device vendor of network connection logs from CommonSecurityLog"),
                    Map.entry("name", "Device vendor"),
                    Map.entry("rerun", "RerunAlways"),
                    Map.entry("sequenceNumber", 1),
                    Map.entry("supportedValues",                     
                        "Palo Alto Networks",
                        "Fortinet",
                        "Check Point"),
                    Map.entry("supportedValuesKql", null),
                    Map.entry("value", "Palo Alto Networks"),
                    Map.entry("valuesKql", null)
                )),
                Map.entry("singleValueObservations", null),
                Map.entry("thresholdObservations",                 
                    Map.ofEntries(
                        Map.entry("description", "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value"),
                        Map.entry("maximum", "100"),
                        Map.entry("minimum", "1"),
                        Map.entry("name", "Daily data transfer threshold in MB"),
                        Map.entry("rerun", "RerunAlways"),
                        Map.entry("sequenceNumber", 1),
                        Map.entry("value", "25")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "Triggers anomalies when number of standard deviations is greater than the chosen value"),
                        Map.entry("maximum", "10"),
                        Map.entry("minimum", "2"),
                        Map.entry("name", "Number of standard deviations"),
                        Map.entry("rerun", "RerunAlways"),
                        Map.entry("sequenceNumber", 2),
                        Map.entry("value", "3")
                    ))
            ))
            .description("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.")
            .displayName("Login from unusual region")
            .enabled(true)
            .frequency("PT1H")
            .isDefaultSettings(true)
            .kind("Anomaly")
            .requiredDataConnectors(SecurityMLAnalyticsSettingsDataSourceArgs.builder()
                .connectorId("AWS")
                .dataTypes("AWSCloudTrail")
                .build())
            .resourceGroupName("myRg")
            .settingsDefinitionId("f209187f-1d17-4431-94af-c141bf5f23db")
            .settingsResourceName("f209187f-1d17-4431-94af-c141bf5f23db")
            .settingsStatus("Production")
            .tactics(            
                "Exfiltration",
                "CommandAndControl")
            .techniques(            
                "T1037",
                "T1021")
            .workspaceName("myWorkspace")
            .build());

    }
}
Copy
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const anomalySecurityMLAnalyticsSettings = new azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", {
    anomalySettingsVersion: 0,
    anomalyVersion: "1.0.5",
    customizableObservations: {
        multiSelectObservations: null,
        prioritizeExcludeObservations: null,
        singleSelectObservations: [{
            description: "Select device vendor of network connection logs from CommonSecurityLog",
            name: "Device vendor",
            rerun: "RerunAlways",
            sequenceNumber: 1,
            supportedValues: [
                "Palo Alto Networks",
                "Fortinet",
                "Check Point",
            ],
            supportedValuesKql: null,
            value: ["Palo Alto Networks"],
            valuesKql: null,
        }],
        singleValueObservations: null,
        thresholdObservations: [
            {
                description: "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
                maximum: "100",
                minimum: "1",
                name: "Daily data transfer threshold in MB",
                rerun: "RerunAlways",
                sequenceNumber: 1,
                value: "25",
            },
            {
                description: "Triggers anomalies when number of standard deviations is greater than the chosen value",
                maximum: "10",
                minimum: "2",
                name: "Number of standard deviations",
                rerun: "RerunAlways",
                sequenceNumber: 2,
                value: "3",
            },
        ],
    },
    description: "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
    displayName: "Login from unusual region",
    enabled: true,
    frequency: "PT1H",
    isDefaultSettings: true,
    kind: "Anomaly",
    requiredDataConnectors: [{
        connectorId: "AWS",
        dataTypes: ["AWSCloudTrail"],
    }],
    resourceGroupName: "myRg",
    settingsDefinitionId: "f209187f-1d17-4431-94af-c141bf5f23db",
    settingsResourceName: "f209187f-1d17-4431-94af-c141bf5f23db",
    settingsStatus: azure_native.securityinsights.SettingsStatus.Production,
    tactics: [
        azure_native.securityinsights.AttackTactic.Exfiltration,
        azure_native.securityinsights.AttackTactic.CommandAndControl,
    ],
    techniques: [
        "T1037",
        "T1021",
    ],
    workspaceName: "myWorkspace",
});
Copy
import pulumi
import pulumi_azure_native as azure_native

anomaly_security_ml_analytics_settings = azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings",
    anomaly_settings_version=0,
    anomaly_version="1.0.5",
    customizable_observations={
        "multiSelectObservations": None,
        "prioritizeExcludeObservations": None,
        "singleSelectObservations": [{
            "description": "Select device vendor of network connection logs from CommonSecurityLog",
            "name": "Device vendor",
            "rerun": "RerunAlways",
            "sequenceNumber": 1,
            "supportedValues": [
                "Palo Alto Networks",
                "Fortinet",
                "Check Point",
            ],
            "supportedValuesKql": None,
            "value": ["Palo Alto Networks"],
            "valuesKql": None,
        }],
        "singleValueObservations": None,
        "thresholdObservations": [
            {
                "description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
                "maximum": "100",
                "minimum": "1",
                "name": "Daily data transfer threshold in MB",
                "rerun": "RerunAlways",
                "sequenceNumber": 1,
                "value": "25",
            },
            {
                "description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
                "maximum": "10",
                "minimum": "2",
                "name": "Number of standard deviations",
                "rerun": "RerunAlways",
                "sequenceNumber": 2,
                "value": "3",
            },
        ],
    },
    description="When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
    display_name="Login from unusual region",
    enabled=True,
    frequency="PT1H",
    is_default_settings=True,
    kind="Anomaly",
    required_data_connectors=[{
        "connector_id": "AWS",
        "data_types": ["AWSCloudTrail"],
    }],
    resource_group_name="myRg",
    settings_definition_id="f209187f-1d17-4431-94af-c141bf5f23db",
    settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db",
    settings_status=azure_native.securityinsights.SettingsStatus.PRODUCTION,
    tactics=[
        azure_native.securityinsights.AttackTactic.EXFILTRATION,
        azure_native.securityinsights.AttackTactic.COMMAND_AND_CONTROL,
    ],
    techniques=[
        "T1037",
        "T1021",
    ],
    workspace_name="myWorkspace")
Copy
resources:
  anomalySecurityMLAnalyticsSettings:
    type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
    properties:
      anomalySettingsVersion: 0
      anomalyVersion: 1.0.5
      customizableObservations:
        multiSelectObservations: null
        prioritizeExcludeObservations: null
        singleSelectObservations:
          - description: Select device vendor of network connection logs from CommonSecurityLog
            name: Device vendor
            rerun: RerunAlways
            sequenceNumber: 1
            supportedValues:
              - Palo Alto Networks
              - Fortinet
              - Check Point
            supportedValuesKql: null
            value:
              - Palo Alto Networks
            valuesKql: null
        singleValueObservations: null
        thresholdObservations:
          - description: Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value
            maximum: '100'
            minimum: '1'
            name: Daily data transfer threshold in MB
            rerun: RerunAlways
            sequenceNumber: 1
            value: '25'
          - description: Triggers anomalies when number of standard deviations is greater than the chosen value
            maximum: '10'
            minimum: '2'
            name: Number of standard deviations
            rerun: RerunAlways
            sequenceNumber: 2
            value: '3'
      description: When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.
      displayName: Login from unusual region
      enabled: true
      frequency: PT1H
      isDefaultSettings: true
      kind: Anomaly
      requiredDataConnectors:
        - connectorId: AWS
          dataTypes:
            - AWSCloudTrail
      resourceGroupName: myRg
      settingsDefinitionId: f209187f-1d17-4431-94af-c141bf5f23db
      settingsResourceName: f209187f-1d17-4431-94af-c141bf5f23db
      settingsStatus: Production
      tactics:
        - Exfiltration
        - CommandAndControl
      techniques:
        - T1037
        - T1021
      workspaceName: myWorkspace
Copy

Create AnomalySecurityMLAnalyticsSettings Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AnomalySecurityMLAnalyticsSettings(name: string, args: AnomalySecurityMLAnalyticsSettingsArgs, opts?: CustomResourceOptions);
@overload
def AnomalySecurityMLAnalyticsSettings(resource_name: str,
                                       args: AnomalySecurityMLAnalyticsSettingsArgs,
                                       opts: Optional[ResourceOptions] = None)

@overload
def AnomalySecurityMLAnalyticsSettings(resource_name: str,
                                       opts: Optional[ResourceOptions] = None,
                                       settings_status: Optional[Union[str, SettingsStatus]] = None,
                                       workspace_name: Optional[str] = None,
                                       resource_group_name: Optional[str] = None,
                                       display_name: Optional[str] = None,
                                       enabled: Optional[bool] = None,
                                       frequency: Optional[str] = None,
                                       is_default_settings: Optional[bool] = None,
                                       anomaly_version: Optional[str] = None,
                                       required_data_connectors: Optional[Sequence[SecurityMLAnalyticsSettingsDataSourceArgs]] = None,
                                       anomaly_settings_version: Optional[int] = None,
                                       settings_definition_id: Optional[str] = None,
                                       settings_resource_name: Optional[str] = None,
                                       description: Optional[str] = None,
                                       tactics: Optional[Sequence[Union[str, AttackTactic]]] = None,
                                       techniques: Optional[Sequence[str]] = None,
                                       customizable_observations: Optional[Any] = None)
func NewAnomalySecurityMLAnalyticsSettings(ctx *Context, name string, args AnomalySecurityMLAnalyticsSettingsArgs, opts ...ResourceOption) (*AnomalySecurityMLAnalyticsSettings, error)
public AnomalySecurityMLAnalyticsSettings(string name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions? opts = null)
public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args)
public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions options)

type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. AnomalySecurityMLAnalyticsSettingsArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var anomalySecurityMLAnalyticsSettingsResource = new AzureNative.SecurityInsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettingsResource", new()
{
    Kind = "string",
    SettingsStatus = "string",
    WorkspaceName = "string",
    ResourceGroupName = "string",
    DisplayName = "string",
    Enabled = false,
    Frequency = "string",
    IsDefaultSettings = false,
    AnomalyVersion = "string",
    RequiredDataConnectors = new[]
    {
        new AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSourceArgs
        {
            ConnectorId = "string",
            DataTypes = new[]
            {
                "string",
            },
        },
    },
    AnomalySettingsVersion = 0,
    SettingsDefinitionId = "string",
    SettingsResourceName = "string",
    Description = "string",
    Tactics = new[]
    {
        "string",
    },
    Techniques = new[]
    {
        "string",
    },
    CustomizableObservations = "any",
});
Copy
example, err := securityinsights.NewAnomalySecurityMLAnalyticsSettings(ctx, "anomalySecurityMLAnalyticsSettingsResource", &securityinsights.AnomalySecurityMLAnalyticsSettingsArgs{
	Kind:              pulumi.String("string"),
	SettingsStatus:    pulumi.String("string"),
	WorkspaceName:     pulumi.String("string"),
	ResourceGroupName: pulumi.String("string"),
	DisplayName:       pulumi.String("string"),
	Enabled:           pulumi.Bool(false),
	Frequency:         pulumi.String("string"),
	IsDefaultSettings: pulumi.Bool(false),
	AnomalyVersion:    pulumi.String("string"),
	RequiredDataConnectors: securityinsights.SecurityMLAnalyticsSettingsDataSourceArray{
		&securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs{
			ConnectorId: pulumi.String("string"),
			DataTypes: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
	},
	AnomalySettingsVersion: pulumi.Int(0),
	SettingsDefinitionId:   pulumi.String("string"),
	SettingsResourceName:   pulumi.String("string"),
	Description:            pulumi.String("string"),
	Tactics: pulumi.StringArray{
		pulumi.String("string"),
	},
	Techniques: pulumi.StringArray{
		pulumi.String("string"),
	},
	CustomizableObservations: pulumi.Any("any"),
})
Copy
var anomalySecurityMLAnalyticsSettingsResource = new AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettingsResource", AnomalySecurityMLAnalyticsSettingsArgs.builder()
    .kind("string")
    .settingsStatus("string")
    .workspaceName("string")
    .resourceGroupName("string")
    .displayName("string")
    .enabled(false)
    .frequency("string")
    .isDefaultSettings(false)
    .anomalyVersion("string")
    .requiredDataConnectors(SecurityMLAnalyticsSettingsDataSourceArgs.builder()
        .connectorId("string")
        .dataTypes("string")
        .build())
    .anomalySettingsVersion(0)
    .settingsDefinitionId("string")
    .settingsResourceName("string")
    .description("string")
    .tactics("string")
    .techniques("string")
    .customizableObservations("any")
    .build());
Copy
anomaly_security_ml_analytics_settings_resource = azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettingsResource",
    kind="string",
    settings_status="string",
    workspace_name="string",
    resource_group_name="string",
    display_name="string",
    enabled=False,
    frequency="string",
    is_default_settings=False,
    anomaly_version="string",
    required_data_connectors=[{
        "connector_id": "string",
        "data_types": ["string"],
    }],
    anomaly_settings_version=0,
    settings_definition_id="string",
    settings_resource_name="string",
    description="string",
    tactics=["string"],
    techniques=["string"],
    customizable_observations="any")
Copy
const anomalySecurityMLAnalyticsSettingsResource = new azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettingsResource", {
    kind: "string",
    settingsStatus: "string",
    workspaceName: "string",
    resourceGroupName: "string",
    displayName: "string",
    enabled: false,
    frequency: "string",
    isDefaultSettings: false,
    anomalyVersion: "string",
    requiredDataConnectors: [{
        connectorId: "string",
        dataTypes: ["string"],
    }],
    anomalySettingsVersion: 0,
    settingsDefinitionId: "string",
    settingsResourceName: "string",
    description: "string",
    tactics: ["string"],
    techniques: ["string"],
    customizableObservations: "any",
});
Copy
type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
properties:
    anomalySettingsVersion: 0
    anomalyVersion: string
    customizableObservations: any
    description: string
    displayName: string
    enabled: false
    frequency: string
    isDefaultSettings: false
    kind: string
    requiredDataConnectors:
        - connectorId: string
          dataTypes:
            - string
    resourceGroupName: string
    settingsDefinitionId: string
    settingsResourceName: string
    settingsStatus: string
    tactics:
        - string
    techniques:
        - string
    workspaceName: string
Copy

AnomalySecurityMLAnalyticsSettings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AnomalySecurityMLAnalyticsSettings resource accepts the following input properties:

AnomalyVersion This property is required. string
The anomaly version of the AnomalySecurityMLAnalyticsSettings.
DisplayName This property is required. string
The display name for settings created by this SecurityMLAnalyticsSettings.
Enabled This property is required. bool
Determines whether this settings is enabled or disabled.
Frequency This property is required. string
The frequency that this SecurityMLAnalyticsSettings will be run.
IsDefaultSettings This property is required. bool
Determines whether this anomaly security ml analytics settings is a default settings
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group. The name is case insensitive.
SettingsStatus This property is required. string | Pulumi.AzureNative.SecurityInsights.SettingsStatus
The anomaly SecurityMLAnalyticsSettings status
WorkspaceName
This property is required.
Changes to this property will trigger replacement.
string
The name of the workspace.
AnomalySettingsVersion int
The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
CustomizableObservations object
The customizable observations of the AnomalySecurityMLAnalyticsSettings.
Description string
The description of the SecurityMLAnalyticsSettings.
RequiredDataConnectors List<Pulumi.AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSource>
The required data sources for this SecurityMLAnalyticsSettings
SettingsDefinitionId string
The anomaly settings definition Id
SettingsResourceName Changes to this property will trigger replacement. string
Security ML Analytics Settings resource name
Tactics List<Union<string, Pulumi.AzureNative.SecurityInsights.AttackTactic>>
The tactics of the SecurityMLAnalyticsSettings
Techniques List<string>
The techniques of the SecurityMLAnalyticsSettings
AnomalyVersion This property is required. string
The anomaly version of the AnomalySecurityMLAnalyticsSettings.
DisplayName This property is required. string
The display name for settings created by this SecurityMLAnalyticsSettings.
Enabled This property is required. bool
Determines whether this settings is enabled or disabled.
Frequency This property is required. string
The frequency that this SecurityMLAnalyticsSettings will be run.
IsDefaultSettings This property is required. bool
Determines whether this anomaly security ml analytics settings is a default settings
ResourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group. The name is case insensitive.
SettingsStatus This property is required. string | SettingsStatus
The anomaly SecurityMLAnalyticsSettings status
WorkspaceName
This property is required.
Changes to this property will trigger replacement.
string
The name of the workspace.
AnomalySettingsVersion int
The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
CustomizableObservations interface{}
The customizable observations of the AnomalySecurityMLAnalyticsSettings.
Description string
The description of the SecurityMLAnalyticsSettings.
RequiredDataConnectors []SecurityMLAnalyticsSettingsDataSourceArgs
The required data sources for this SecurityMLAnalyticsSettings
SettingsDefinitionId string
The anomaly settings definition Id
SettingsResourceName Changes to this property will trigger replacement. string
Security ML Analytics Settings resource name
Tactics []string
The tactics of the SecurityMLAnalyticsSettings
Techniques []string
The techniques of the SecurityMLAnalyticsSettings
anomalyVersion This property is required. String
The anomaly version of the AnomalySecurityMLAnalyticsSettings.
displayName This property is required. String
The display name for settings created by this SecurityMLAnalyticsSettings.
enabled This property is required. Boolean
Determines whether this settings is enabled or disabled.
frequency This property is required. String
The frequency that this SecurityMLAnalyticsSettings will be run.
isDefaultSettings This property is required. Boolean
Determines whether this anomaly security ml analytics settings is a default settings
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the resource group. The name is case insensitive.
settingsStatus This property is required. String | SettingsStatus
The anomaly SecurityMLAnalyticsSettings status
workspaceName
This property is required.
Changes to this property will trigger replacement.
String
The name of the workspace.
anomalySettingsVersion Integer
The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
customizableObservations Object
The customizable observations of the AnomalySecurityMLAnalyticsSettings.
description String
The description of the SecurityMLAnalyticsSettings.
requiredDataConnectors List<SecurityMLAnalyticsSettingsDataSource>
The required data sources for this SecurityMLAnalyticsSettings
settingsDefinitionId String
The anomaly settings definition Id
settingsResourceName Changes to this property will trigger replacement. String
Security ML Analytics Settings resource name
tactics List<Either<String,AttackTactic>>
The tactics of the SecurityMLAnalyticsSettings
techniques List<String>
The techniques of the SecurityMLAnalyticsSettings
anomalyVersion This property is required. string
The anomaly version of the AnomalySecurityMLAnalyticsSettings.
displayName This property is required. string
The display name for settings created by this SecurityMLAnalyticsSettings.
enabled This property is required. boolean
Determines whether this settings is enabled or disabled.
frequency This property is required. string
The frequency that this SecurityMLAnalyticsSettings will be run.
isDefaultSettings This property is required. boolean
Determines whether this anomaly security ml analytics settings is a default settings
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
string
The name of the resource group. The name is case insensitive.
settingsStatus This property is required. string | SettingsStatus
The anomaly SecurityMLAnalyticsSettings status
workspaceName
This property is required.
Changes to this property will trigger replacement.
string
The name of the workspace.
anomalySettingsVersion number
The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
customizableObservations any
The customizable observations of the AnomalySecurityMLAnalyticsSettings.
description string
The description of the SecurityMLAnalyticsSettings.
requiredDataConnectors SecurityMLAnalyticsSettingsDataSource[]
The required data sources for this SecurityMLAnalyticsSettings
settingsDefinitionId string
The anomaly settings definition Id
settingsResourceName Changes to this property will trigger replacement. string
Security ML Analytics Settings resource name
tactics (string | AttackTactic)[]
The tactics of the SecurityMLAnalyticsSettings
techniques string[]
The techniques of the SecurityMLAnalyticsSettings
anomaly_version This property is required. str
The anomaly version of the AnomalySecurityMLAnalyticsSettings.
display_name This property is required. str
The display name for settings created by this SecurityMLAnalyticsSettings.
enabled This property is required. bool
Determines whether this settings is enabled or disabled.
frequency This property is required. str
The frequency that this SecurityMLAnalyticsSettings will be run.
is_default_settings This property is required. bool
Determines whether this anomaly security ml analytics settings is a default settings
resource_group_name
This property is required.
Changes to this property will trigger replacement.
str
The name of the resource group. The name is case insensitive.
settings_status This property is required. str | SettingsStatus
The anomaly SecurityMLAnalyticsSettings status
workspace_name
This property is required.
Changes to this property will trigger replacement.
str
The name of the workspace.
anomaly_settings_version int
The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
customizable_observations Any
The customizable observations of the AnomalySecurityMLAnalyticsSettings.
description str
The description of the SecurityMLAnalyticsSettings.
required_data_connectors Sequence[SecurityMLAnalyticsSettingsDataSourceArgs]
The required data sources for this SecurityMLAnalyticsSettings
settings_definition_id str
The anomaly settings definition Id
settings_resource_name Changes to this property will trigger replacement. str
Security ML Analytics Settings resource name
tactics Sequence[Union[str, AttackTactic]]
The tactics of the SecurityMLAnalyticsSettings
techniques Sequence[str]
The techniques of the SecurityMLAnalyticsSettings
anomalyVersion This property is required. String
The anomaly version of the AnomalySecurityMLAnalyticsSettings.
displayName This property is required. String
The display name for settings created by this SecurityMLAnalyticsSettings.
enabled This property is required. Boolean
Determines whether this settings is enabled or disabled.
frequency This property is required. String
The frequency that this SecurityMLAnalyticsSettings will be run.
isDefaultSettings This property is required. Boolean
Determines whether this anomaly security ml analytics settings is a default settings
resourceGroupName
This property is required.
Changes to this property will trigger replacement.
String
The name of the resource group. The name is case insensitive.
settingsStatus This property is required. String | "Production" | "Flighting"
The anomaly SecurityMLAnalyticsSettings status
workspaceName
This property is required.
Changes to this property will trigger replacement.
String
The name of the workspace.
anomalySettingsVersion Number
The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
customizableObservations Any
The customizable observations of the AnomalySecurityMLAnalyticsSettings.
description String
The description of the SecurityMLAnalyticsSettings.
requiredDataConnectors List<Property Map>
The required data sources for this SecurityMLAnalyticsSettings
settingsDefinitionId String
The anomaly settings definition Id
settingsResourceName Changes to this property will trigger replacement. String
Security ML Analytics Settings resource name
tactics List<String | "Reconnaissance" | "ResourceDevelopment" | "InitialAccess" | "Execution" | "Persistence" | "PrivilegeEscalation" | "DefenseEvasion" | "CredentialAccess" | "Discovery" | "LateralMovement" | "Collection" | "Exfiltration" | "CommandAndControl" | "Impact" | "PreAttack" | "ImpairProcessControl" | "InhibitResponseFunction">
The tactics of the SecurityMLAnalyticsSettings
techniques List<String>
The techniques of the SecurityMLAnalyticsSettings

Outputs

All input properties are implicitly available as output properties. Additionally, the AnomalySecurityMLAnalyticsSettings resource produces the following output properties:

AzureApiVersion string
The Azure API version of the resource.
Id string
The provider-assigned unique ID for this managed resource.
LastModifiedUtc string
The last time that this SecurityMLAnalyticsSettings has been modified.
Name string
The name of the resource
SystemData Pulumi.AzureNative.SecurityInsights.Outputs.SystemDataResponse
Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Etag string
Etag of the azure resource
AzureApiVersion string
The Azure API version of the resource.
Id string
The provider-assigned unique ID for this managed resource.
LastModifiedUtc string
The last time that this SecurityMLAnalyticsSettings has been modified.
Name string
The name of the resource
SystemData SystemDataResponse
Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
Etag string
Etag of the azure resource
azureApiVersion String
The Azure API version of the resource.
id String
The provider-assigned unique ID for this managed resource.
lastModifiedUtc String
The last time that this SecurityMLAnalyticsSettings has been modified.
name String
The name of the resource
systemData SystemDataResponse
Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag String
Etag of the azure resource
azureApiVersion string
The Azure API version of the resource.
id string
The provider-assigned unique ID for this managed resource.
lastModifiedUtc string
The last time that this SecurityMLAnalyticsSettings has been modified.
name string
The name of the resource
systemData SystemDataResponse
Azure Resource Manager metadata containing createdBy and modifiedBy information.
type string
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag string
Etag of the azure resource
azure_api_version str
The Azure API version of the resource.
id str
The provider-assigned unique ID for this managed resource.
last_modified_utc str
The last time that this SecurityMLAnalyticsSettings has been modified.
name str
The name of the resource
system_data SystemDataResponse
Azure Resource Manager metadata containing createdBy and modifiedBy information.
type str
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag str
Etag of the azure resource
azureApiVersion String
The Azure API version of the resource.
id String
The provider-assigned unique ID for this managed resource.
lastModifiedUtc String
The last time that this SecurityMLAnalyticsSettings has been modified.
name String
The name of the resource
systemData Property Map
Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
etag String
Etag of the azure resource

Supporting Types

AttackTactic
, AttackTacticArgs

Reconnaissance
Reconnaissance
ResourceDevelopment
ResourceDevelopment
InitialAccess
InitialAccess
Execution
Execution
Persistence
Persistence
PrivilegeEscalation
PrivilegeEscalation
DefenseEvasion
DefenseEvasion
CredentialAccess
CredentialAccess
Discovery
Discovery
LateralMovement
LateralMovement
Collection
Collection
Exfiltration
Exfiltration
CommandAndControl
CommandAndControl
Impact
Impact
PreAttack
PreAttack
ImpairProcessControl
ImpairProcessControl
InhibitResponseFunction
InhibitResponseFunction
AttackTacticReconnaissance
Reconnaissance
AttackTacticResourceDevelopment
ResourceDevelopment
AttackTacticInitialAccess
InitialAccess
AttackTacticExecution
Execution
AttackTacticPersistence
Persistence
AttackTacticPrivilegeEscalation
PrivilegeEscalation
AttackTacticDefenseEvasion
DefenseEvasion
AttackTacticCredentialAccess
CredentialAccess
AttackTacticDiscovery
Discovery
AttackTacticLateralMovement
LateralMovement
AttackTacticCollection
Collection
AttackTacticExfiltration
Exfiltration
AttackTacticCommandAndControl
CommandAndControl
AttackTacticImpact
Impact
AttackTacticPreAttack
PreAttack
AttackTacticImpairProcessControl
ImpairProcessControl
AttackTacticInhibitResponseFunction
InhibitResponseFunction
Reconnaissance
Reconnaissance
ResourceDevelopment
ResourceDevelopment
InitialAccess
InitialAccess
Execution
Execution
Persistence
Persistence
PrivilegeEscalation
PrivilegeEscalation
DefenseEvasion
DefenseEvasion
CredentialAccess
CredentialAccess
Discovery
Discovery
LateralMovement
LateralMovement
Collection
Collection
Exfiltration
Exfiltration
CommandAndControl
CommandAndControl
Impact
Impact
PreAttack
PreAttack
ImpairProcessControl
ImpairProcessControl
InhibitResponseFunction
InhibitResponseFunction
Reconnaissance
Reconnaissance
ResourceDevelopment
ResourceDevelopment
InitialAccess
InitialAccess
Execution
Execution
Persistence
Persistence
PrivilegeEscalation
PrivilegeEscalation
DefenseEvasion
DefenseEvasion
CredentialAccess
CredentialAccess
Discovery
Discovery
LateralMovement
LateralMovement
Collection
Collection
Exfiltration
Exfiltration
CommandAndControl
CommandAndControl
Impact
Impact
PreAttack
PreAttack
ImpairProcessControl
ImpairProcessControl
InhibitResponseFunction
InhibitResponseFunction
RECONNAISSANCE
Reconnaissance
RESOURCE_DEVELOPMENT
ResourceDevelopment
INITIAL_ACCESS
InitialAccess
EXECUTION
Execution
PERSISTENCE
Persistence
PRIVILEGE_ESCALATION
PrivilegeEscalation
DEFENSE_EVASION
DefenseEvasion
CREDENTIAL_ACCESS
CredentialAccess
DISCOVERY
Discovery
LATERAL_MOVEMENT
LateralMovement
COLLECTION
Collection
EXFILTRATION
Exfiltration
COMMAND_AND_CONTROL
CommandAndControl
IMPACT
Impact
PRE_ATTACK
PreAttack
IMPAIR_PROCESS_CONTROL
ImpairProcessControl
INHIBIT_RESPONSE_FUNCTION
InhibitResponseFunction
"Reconnaissance"
Reconnaissance
"ResourceDevelopment"
ResourceDevelopment
"InitialAccess"
InitialAccess
"Execution"
Execution
"Persistence"
Persistence
"PrivilegeEscalation"
PrivilegeEscalation
"DefenseEvasion"
DefenseEvasion
"CredentialAccess"
CredentialAccess
"Discovery"
Discovery
"LateralMovement"
LateralMovement
"Collection"
Collection
"Exfiltration"
Exfiltration
"CommandAndControl"
CommandAndControl
"Impact"
Impact
"PreAttack"
PreAttack
"ImpairProcessControl"
ImpairProcessControl
"InhibitResponseFunction"
InhibitResponseFunction

SecurityMLAnalyticsSettingsDataSource
, SecurityMLAnalyticsSettingsDataSourceArgs

ConnectorId string
The connector id that provides the following data types
DataTypes List<string>
The data types used by the security ml analytics settings
ConnectorId string
The connector id that provides the following data types
DataTypes []string
The data types used by the security ml analytics settings
connectorId String
The connector id that provides the following data types
dataTypes List<String>
The data types used by the security ml analytics settings
connectorId string
The connector id that provides the following data types
dataTypes string[]
The data types used by the security ml analytics settings
connector_id str
The connector id that provides the following data types
data_types Sequence[str]
The data types used by the security ml analytics settings
connectorId String
The connector id that provides the following data types
dataTypes List<String>
The data types used by the security ml analytics settings

SecurityMLAnalyticsSettingsDataSourceResponse
, SecurityMLAnalyticsSettingsDataSourceResponseArgs

ConnectorId string
The connector id that provides the following data types
DataTypes List<string>
The data types used by the security ml analytics settings
ConnectorId string
The connector id that provides the following data types
DataTypes []string
The data types used by the security ml analytics settings
connectorId String
The connector id that provides the following data types
dataTypes List<String>
The data types used by the security ml analytics settings
connectorId string
The connector id that provides the following data types
dataTypes string[]
The data types used by the security ml analytics settings
connector_id str
The connector id that provides the following data types
data_types Sequence[str]
The data types used by the security ml analytics settings
connectorId String
The connector id that provides the following data types
dataTypes List<String>
The data types used by the security ml analytics settings

SettingsStatus
, SettingsStatusArgs

Production
ProductionAnomaly settings status in Production mode
Flighting
FlightingAnomaly settings status in Flighting mode
SettingsStatusProduction
ProductionAnomaly settings status in Production mode
SettingsStatusFlighting
FlightingAnomaly settings status in Flighting mode
Production
ProductionAnomaly settings status in Production mode
Flighting
FlightingAnomaly settings status in Flighting mode
Production
ProductionAnomaly settings status in Production mode
Flighting
FlightingAnomaly settings status in Flighting mode
PRODUCTION
ProductionAnomaly settings status in Production mode
FLIGHTING
FlightingAnomaly settings status in Flighting mode
"Production"
ProductionAnomaly settings status in Production mode
"Flighting"
FlightingAnomaly settings status in Flighting mode

SystemDataResponse
, SystemDataResponseArgs

CreatedAt string
The timestamp of resource creation (UTC).
CreatedBy string
The identity that created the resource.
CreatedByType string
The type of identity that created the resource.
LastModifiedAt string
The timestamp of resource last modification (UTC)
LastModifiedBy string
The identity that last modified the resource.
LastModifiedByType string
The type of identity that last modified the resource.
CreatedAt string
The timestamp of resource creation (UTC).
CreatedBy string
The identity that created the resource.
CreatedByType string
The type of identity that created the resource.
LastModifiedAt string
The timestamp of resource last modification (UTC)
LastModifiedBy string
The identity that last modified the resource.
LastModifiedByType string
The type of identity that last modified the resource.
createdAt String
The timestamp of resource creation (UTC).
createdBy String
The identity that created the resource.
createdByType String
The type of identity that created the resource.
lastModifiedAt String
The timestamp of resource last modification (UTC)
lastModifiedBy String
The identity that last modified the resource.
lastModifiedByType String
The type of identity that last modified the resource.
createdAt string
The timestamp of resource creation (UTC).
createdBy string
The identity that created the resource.
createdByType string
The type of identity that created the resource.
lastModifiedAt string
The timestamp of resource last modification (UTC)
lastModifiedBy string
The identity that last modified the resource.
lastModifiedByType string
The type of identity that last modified the resource.
created_at str
The timestamp of resource creation (UTC).
created_by str
The identity that created the resource.
created_by_type str
The type of identity that created the resource.
last_modified_at str
The timestamp of resource last modification (UTC)
last_modified_by str
The identity that last modified the resource.
last_modified_by_type str
The type of identity that last modified the resource.
createdAt String
The timestamp of resource creation (UTC).
createdBy String
The identity that created the resource.
createdByType String
The type of identity that created the resource.
lastModifiedAt String
The timestamp of resource last modification (UTC)
lastModifiedBy String
The identity that last modified the resource.
lastModifiedByType String
The type of identity that last modified the resource.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings f209187f-1d17-4431-94af-c141bf5f23db /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Azure Native pulumi/pulumi-azure-native
License
Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi
pulumi/pulumi-azure-native