Docs Home
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi
azure-native.securityinsights.AnomalySecurityMLAnalyticsSettings
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi
Represents Anomaly Security ML Analytics Settings
Uses Azure REST API version 2024-09-01. In version 2.x of the Azure Native provider, it used API version 2023-02-01.
Example Usage
Creates or updates a Anomaly Security ML Analytics Settings.
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var anomalySecurityMLAnalyticsSettings = new AzureNative.SecurityInsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", new()
{
AnomalySettingsVersion = 0,
AnomalyVersion = "1.0.5",
CustomizableObservations = new Dictionary<string, object?>
{
["multiSelectObservations"] = null,
["prioritizeExcludeObservations"] = null,
["singleSelectObservations"] = new[]
{
new Dictionary<string, object?>
{
["description"] = "Select device vendor of network connection logs from CommonSecurityLog",
["name"] = "Device vendor",
["rerun"] = "RerunAlways",
["sequenceNumber"] = 1,
["supportedValues"] = new[]
{
"Palo Alto Networks",
"Fortinet",
"Check Point",
},
["supportedValuesKql"] = null,
["value"] = new[]
{
"Palo Alto Networks",
},
["valuesKql"] = null,
},
},
["singleValueObservations"] = null,
["thresholdObservations"] = new[]
{
new Dictionary<string, object?>
{
["description"] = "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
["maximum"] = "100",
["minimum"] = "1",
["name"] = "Daily data transfer threshold in MB",
["rerun"] = "RerunAlways",
["sequenceNumber"] = 1,
["value"] = "25",
},
new Dictionary<string, object?>
{
["description"] = "Triggers anomalies when number of standard deviations is greater than the chosen value",
["maximum"] = "10",
["minimum"] = "2",
["name"] = "Number of standard deviations",
["rerun"] = "RerunAlways",
["sequenceNumber"] = 2,
["value"] = "3",
},
},
},
Description = "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
DisplayName = "Login from unusual region",
Enabled = true,
Frequency = "PT1H",
IsDefaultSettings = true,
Kind = "Anomaly",
RequiredDataConnectors = new[]
{
new AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSourceArgs
{
ConnectorId = "AWS",
DataTypes = new[]
{
"AWSCloudTrail",
},
},
},
ResourceGroupName = "myRg",
SettingsDefinitionId = "f209187f-1d17-4431-94af-c141bf5f23db",
SettingsResourceName = "f209187f-1d17-4431-94af-c141bf5f23db",
SettingsStatus = AzureNative.SecurityInsights.SettingsStatus.Production,
Tactics = new[]
{
AzureNative.SecurityInsights.AttackTactic.Exfiltration,
AzureNative.SecurityInsights.AttackTactic.CommandAndControl,
},
Techniques = new[]
{
"T1037",
"T1021",
},
WorkspaceName = "myWorkspace",
});
});
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewAnomalySecurityMLAnalyticsSettings(ctx, "anomalySecurityMLAnalyticsSettings", &securityinsights.AnomalySecurityMLAnalyticsSettingsArgs{
AnomalySettingsVersion: pulumi.Int(0),
AnomalyVersion: pulumi.String("1.0.5"),
CustomizableObservations: pulumi.Any(map[string]interface{}{
"multiSelectObservations": nil,
"prioritizeExcludeObservations": nil,
"singleSelectObservations": []map[string]interface{}{
map[string]interface{}{
"description": "Select device vendor of network connection logs from CommonSecurityLog",
"name": "Device vendor",
"rerun": "RerunAlways",
"sequenceNumber": 1,
"supportedValues": []string{
"Palo Alto Networks",
"Fortinet",
"Check Point",
},
"supportedValuesKql": nil,
"value": []string{
"Palo Alto Networks",
},
"valuesKql": nil,
},
},
"singleValueObservations": nil,
"thresholdObservations": []interface{}{
map[string]interface{}{
"description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
"maximum": "100",
"minimum": "1",
"name": "Daily data transfer threshold in MB",
"rerun": "RerunAlways",
"sequenceNumber": 1,
"value": "25",
},
map[string]interface{}{
"description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
"maximum": "10",
"minimum": "2",
"name": "Number of standard deviations",
"rerun": "RerunAlways",
"sequenceNumber": 2,
"value": "3",
},
},
}),
Description: pulumi.String("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered."),
DisplayName: pulumi.String("Login from unusual region"),
Enabled: pulumi.Bool(true),
Frequency: pulumi.String("PT1H"),
IsDefaultSettings: pulumi.Bool(true),
Kind: pulumi.String("Anomaly"),
RequiredDataConnectors: securityinsights.SecurityMLAnalyticsSettingsDataSourceArray{
&securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs{
ConnectorId: pulumi.String("AWS"),
DataTypes: pulumi.StringArray{
pulumi.String("AWSCloudTrail"),
},
},
},
ResourceGroupName: pulumi.String("myRg"),
SettingsDefinitionId: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
SettingsResourceName: pulumi.String("f209187f-1d17-4431-94af-c141bf5f23db"),
SettingsStatus: pulumi.String(securityinsights.SettingsStatusProduction),
Tactics: pulumi.StringArray{
pulumi.String(securityinsights.AttackTacticExfiltration),
pulumi.String(securityinsights.AttackTacticCommandAndControl),
},
Techniques: pulumi.StringArray{
pulumi.String("T1037"),
pulumi.String("T1021"),
},
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AnomalySecurityMLAnalyticsSettings;
import com.pulumi.azurenative.securityinsights.AnomalySecurityMLAnalyticsSettingsArgs;
import com.pulumi.azurenative.securityinsights.inputs.SecurityMLAnalyticsSettingsDataSourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var anomalySecurityMLAnalyticsSettings = new AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", AnomalySecurityMLAnalyticsSettingsArgs.builder()
.anomalySettingsVersion(0)
.anomalyVersion("1.0.5")
.customizableObservations(Map.ofEntries(
Map.entry("multiSelectObservations", null),
Map.entry("prioritizeExcludeObservations", null),
Map.entry("singleSelectObservations", Map.ofEntries(
Map.entry("description", "Select device vendor of network connection logs from CommonSecurityLog"),
Map.entry("name", "Device vendor"),
Map.entry("rerun", "RerunAlways"),
Map.entry("sequenceNumber", 1),
Map.entry("supportedValues",
"Palo Alto Networks",
"Fortinet",
"Check Point"),
Map.entry("supportedValuesKql", null),
Map.entry("value", "Palo Alto Networks"),
Map.entry("valuesKql", null)
)),
Map.entry("singleValueObservations", null),
Map.entry("thresholdObservations",
Map.ofEntries(
Map.entry("description", "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value"),
Map.entry("maximum", "100"),
Map.entry("minimum", "1"),
Map.entry("name", "Daily data transfer threshold in MB"),
Map.entry("rerun", "RerunAlways"),
Map.entry("sequenceNumber", 1),
Map.entry("value", "25")
),
Map.ofEntries(
Map.entry("description", "Triggers anomalies when number of standard deviations is greater than the chosen value"),
Map.entry("maximum", "10"),
Map.entry("minimum", "2"),
Map.entry("name", "Number of standard deviations"),
Map.entry("rerun", "RerunAlways"),
Map.entry("sequenceNumber", 2),
Map.entry("value", "3")
))
))
.description("When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.")
.displayName("Login from unusual region")
.enabled(true)
.frequency("PT1H")
.isDefaultSettings(true)
.kind("Anomaly")
.requiredDataConnectors(SecurityMLAnalyticsSettingsDataSourceArgs.builder()
.connectorId("AWS")
.dataTypes("AWSCloudTrail")
.build())
.resourceGroupName("myRg")
.settingsDefinitionId("f209187f-1d17-4431-94af-c141bf5f23db")
.settingsResourceName("f209187f-1d17-4431-94af-c141bf5f23db")
.settingsStatus("Production")
.tactics(
"Exfiltration",
"CommandAndControl")
.techniques(
"T1037",
"T1021")
.workspaceName("myWorkspace")
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const anomalySecurityMLAnalyticsSettings = new azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings", {
anomalySettingsVersion: 0,
anomalyVersion: "1.0.5",
customizableObservations: {
multiSelectObservations: null,
prioritizeExcludeObservations: null,
singleSelectObservations: [{
description: "Select device vendor of network connection logs from CommonSecurityLog",
name: "Device vendor",
rerun: "RerunAlways",
sequenceNumber: 1,
supportedValues: [
"Palo Alto Networks",
"Fortinet",
"Check Point",
],
supportedValuesKql: null,
value: ["Palo Alto Networks"],
valuesKql: null,
}],
singleValueObservations: null,
thresholdObservations: [
{
description: "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
maximum: "100",
minimum: "1",
name: "Daily data transfer threshold in MB",
rerun: "RerunAlways",
sequenceNumber: 1,
value: "25",
},
{
description: "Triggers anomalies when number of standard deviations is greater than the chosen value",
maximum: "10",
minimum: "2",
name: "Number of standard deviations",
rerun: "RerunAlways",
sequenceNumber: 2,
value: "3",
},
],
},
description: "When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
displayName: "Login from unusual region",
enabled: true,
frequency: "PT1H",
isDefaultSettings: true,
kind: "Anomaly",
requiredDataConnectors: [{
connectorId: "AWS",
dataTypes: ["AWSCloudTrail"],
}],
resourceGroupName: "myRg",
settingsDefinitionId: "f209187f-1d17-4431-94af-c141bf5f23db",
settingsResourceName: "f209187f-1d17-4431-94af-c141bf5f23db",
settingsStatus: azure_native.securityinsights.SettingsStatus.Production,
tactics: [
azure_native.securityinsights.AttackTactic.Exfiltration,
azure_native.securityinsights.AttackTactic.CommandAndControl,
],
techniques: [
"T1037",
"T1021",
],
workspaceName: "myWorkspace",
});
import pulumi
import pulumi_azure_native as azure_native
anomaly_security_ml_analytics_settings = azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettings",
anomaly_settings_version=0,
anomaly_version="1.0.5",
customizable_observations={
"multiSelectObservations": None,
"prioritizeExcludeObservations": None,
"singleSelectObservations": [{
"description": "Select device vendor of network connection logs from CommonSecurityLog",
"name": "Device vendor",
"rerun": "RerunAlways",
"sequenceNumber": 1,
"supportedValues": [
"Palo Alto Networks",
"Fortinet",
"Check Point",
],
"supportedValuesKql": None,
"value": ["Palo Alto Networks"],
"valuesKql": None,
}],
"singleValueObservations": None,
"thresholdObservations": [
{
"description": "Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value",
"maximum": "100",
"minimum": "1",
"name": "Daily data transfer threshold in MB",
"rerun": "RerunAlways",
"sequenceNumber": 1,
"value": "25",
},
{
"description": "Triggers anomalies when number of standard deviations is greater than the chosen value",
"maximum": "10",
"minimum": "2",
"name": "Number of standard deviations",
"rerun": "RerunAlways",
"sequenceNumber": 2,
"value": "3",
},
],
},
description="When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.",
display_name="Login from unusual region",
enabled=True,
frequency="PT1H",
is_default_settings=True,
kind="Anomaly",
required_data_connectors=[{
"connector_id": "AWS",
"data_types": ["AWSCloudTrail"],
}],
resource_group_name="myRg",
settings_definition_id="f209187f-1d17-4431-94af-c141bf5f23db",
settings_resource_name="f209187f-1d17-4431-94af-c141bf5f23db",
settings_status=azure_native.securityinsights.SettingsStatus.PRODUCTION,
tactics=[
azure_native.securityinsights.AttackTactic.EXFILTRATION,
azure_native.securityinsights.AttackTactic.COMMAND_AND_CONTROL,
],
techniques=[
"T1037",
"T1021",
],
workspace_name="myWorkspace")
resources:
anomalySecurityMLAnalyticsSettings:
type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
properties:
anomalySettingsVersion: 0
anomalyVersion: 1.0.5
customizableObservations:
multiSelectObservations: null
prioritizeExcludeObservations: null
singleSelectObservations:
- description: Select device vendor of network connection logs from CommonSecurityLog
name: Device vendor
rerun: RerunAlways
sequenceNumber: 1
supportedValues:
- Palo Alto Networks
- Fortinet
- Check Point
supportedValuesKql: null
value:
- Palo Alto Networks
valuesKql: null
singleValueObservations: null
thresholdObservations:
- description: Suppress anomalies when daily data transfered (in MB) per hour is less than the chosen value
maximum: '100'
minimum: '1'
name: Daily data transfer threshold in MB
rerun: RerunAlways
sequenceNumber: 1
value: '25'
- description: Triggers anomalies when number of standard deviations is greater than the chosen value
maximum: '10'
minimum: '2'
name: Number of standard deviations
rerun: RerunAlways
sequenceNumber: 2
value: '3'
description: When account logs from a source region that has rarely been logged in from during the last 14 days, an anomaly is triggered.
displayName: Login from unusual region
enabled: true
frequency: PT1H
isDefaultSettings: true
kind: Anomaly
requiredDataConnectors:
- connectorId: AWS
dataTypes:
- AWSCloudTrail
resourceGroupName: myRg
settingsDefinitionId: f209187f-1d17-4431-94af-c141bf5f23db
settingsResourceName: f209187f-1d17-4431-94af-c141bf5f23db
settingsStatus: Production
tactics:
- Exfiltration
- CommandAndControl
techniques:
- T1037
- T1021
workspaceName: myWorkspace
Create AnomalySecurityMLAnalyticsSettings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AnomalySecurityMLAnalyticsSettings(name: string, args: AnomalySecurityMLAnalyticsSettingsArgs, opts?: CustomResourceOptions);@overload
def AnomalySecurityMLAnalyticsSettings(resource_name: str,
args: AnomalySecurityMLAnalyticsSettingsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AnomalySecurityMLAnalyticsSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
settings_status: Optional[Union[str, SettingsStatus]] = None,
workspace_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
display_name: Optional[str] = None,
enabled: Optional[bool] = None,
frequency: Optional[str] = None,
is_default_settings: Optional[bool] = None,
anomaly_version: Optional[str] = None,
required_data_connectors: Optional[Sequence[SecurityMLAnalyticsSettingsDataSourceArgs]] = None,
anomaly_settings_version: Optional[int] = None,
settings_definition_id: Optional[str] = None,
settings_resource_name: Optional[str] = None,
description: Optional[str] = None,
tactics: Optional[Sequence[Union[str, AttackTactic]]] = None,
techniques: Optional[Sequence[str]] = None,
customizable_observations: Optional[Any] = None)func NewAnomalySecurityMLAnalyticsSettings(ctx *Context, name string, args AnomalySecurityMLAnalyticsSettingsArgs, opts ...ResourceOption) (*AnomalySecurityMLAnalyticsSettings, error)public AnomalySecurityMLAnalyticsSettings(string name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions? opts = null)
public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args)
public AnomalySecurityMLAnalyticsSettings(String name, AnomalySecurityMLAnalyticsSettingsArgs args, CustomResourceOptions options)
type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AnomalySecurityMLAnalyticsSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var anomalySecurityMLAnalyticsSettingsResource = new AzureNative.SecurityInsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettingsResource", new()
{
Kind = "string",
SettingsStatus = "string",
WorkspaceName = "string",
ResourceGroupName = "string",
DisplayName = "string",
Enabled = false,
Frequency = "string",
IsDefaultSettings = false,
AnomalyVersion = "string",
RequiredDataConnectors = new[]
{
new AzureNative.SecurityInsights.Inputs.SecurityMLAnalyticsSettingsDataSourceArgs
{
ConnectorId = "string",
DataTypes = new[]
{
"string",
},
},
},
AnomalySettingsVersion = 0,
SettingsDefinitionId = "string",
SettingsResourceName = "string",
Description = "string",
Tactics = new[]
{
"string",
},
Techniques = new[]
{
"string",
},
CustomizableObservations = "any",
});
example, err := securityinsights.NewAnomalySecurityMLAnalyticsSettings(ctx, "anomalySecurityMLAnalyticsSettingsResource", &securityinsights.AnomalySecurityMLAnalyticsSettingsArgs{
Kind: pulumi.String("string"),
SettingsStatus: pulumi.String("string"),
WorkspaceName: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
DisplayName: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Frequency: pulumi.String("string"),
IsDefaultSettings: pulumi.Bool(false),
AnomalyVersion: pulumi.String("string"),
RequiredDataConnectors: securityinsights.SecurityMLAnalyticsSettingsDataSourceArray{
&securityinsights.SecurityMLAnalyticsSettingsDataSourceArgs{
ConnectorId: pulumi.String("string"),
DataTypes: pulumi.StringArray{
pulumi.String("string"),
},
},
},
AnomalySettingsVersion: pulumi.Int(0),
SettingsDefinitionId: pulumi.String("string"),
SettingsResourceName: pulumi.String("string"),
Description: pulumi.String("string"),
Tactics: pulumi.StringArray{
pulumi.String("string"),
},
Techniques: pulumi.StringArray{
pulumi.String("string"),
},
CustomizableObservations: pulumi.Any("any"),
})
var anomalySecurityMLAnalyticsSettingsResource = new AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettingsResource", AnomalySecurityMLAnalyticsSettingsArgs.builder()
.kind("string")
.settingsStatus("string")
.workspaceName("string")
.resourceGroupName("string")
.displayName("string")
.enabled(false)
.frequency("string")
.isDefaultSettings(false)
.anomalyVersion("string")
.requiredDataConnectors(SecurityMLAnalyticsSettingsDataSourceArgs.builder()
.connectorId("string")
.dataTypes("string")
.build())
.anomalySettingsVersion(0)
.settingsDefinitionId("string")
.settingsResourceName("string")
.description("string")
.tactics("string")
.techniques("string")
.customizableObservations("any")
.build());
anomaly_security_ml_analytics_settings_resource = azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettingsResource",
kind="string",
settings_status="string",
workspace_name="string",
resource_group_name="string",
display_name="string",
enabled=False,
frequency="string",
is_default_settings=False,
anomaly_version="string",
required_data_connectors=[{
"connector_id": "string",
"data_types": ["string"],
}],
anomaly_settings_version=0,
settings_definition_id="string",
settings_resource_name="string",
description="string",
tactics=["string"],
techniques=["string"],
customizable_observations="any")
const anomalySecurityMLAnalyticsSettingsResource = new azure_native.securityinsights.AnomalySecurityMLAnalyticsSettings("anomalySecurityMLAnalyticsSettingsResource", {
kind: "string",
settingsStatus: "string",
workspaceName: "string",
resourceGroupName: "string",
displayName: "string",
enabled: false,
frequency: "string",
isDefaultSettings: false,
anomalyVersion: "string",
requiredDataConnectors: [{
connectorId: "string",
dataTypes: ["string"],
}],
anomalySettingsVersion: 0,
settingsDefinitionId: "string",
settingsResourceName: "string",
description: "string",
tactics: ["string"],
techniques: ["string"],
customizableObservations: "any",
});
type: azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings
properties:
anomalySettingsVersion: 0
anomalyVersion: string
customizableObservations: any
description: string
displayName: string
enabled: false
frequency: string
isDefaultSettings: false
kind: string
requiredDataConnectors:
- connectorId: string
dataTypes:
- string
resourceGroupName: string
settingsDefinitionId: string
settingsResourceName: string
settingsStatus: string
tactics:
- string
techniques:
- string
workspaceName: string
AnomalySecurityMLAnalyticsSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AnomalySecurityMLAnalyticsSettings resource accepts the following input properties:
- Anomaly
Version string - The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- Display
Name string - The display name for settings created by this SecurityMLAnalyticsSettings.
- Enabled bool
- Determines whether this settings is enabled or disabled.
- Frequency string
- The frequency that this SecurityMLAnalyticsSettings will be run.
- Is
Default boolSettings - Determines whether this anomaly security ml analytics settings is a default settings
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Settings
Status string | Pulumi.Azure Native. Security Insights. Settings Status - The anomaly SecurityMLAnalyticsSettings status
- Workspace
Name string - The name of the workspace.
- Anomaly
Settings intVersion - The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- Customizable
Observations object - The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- Description string
- The description of the SecurityMLAnalyticsSettings.
- Required
Data List<Pulumi.Connectors Azure Native. Security Insights. Inputs. Security MLAnalytics Settings Data Source> - The required data sources for this SecurityMLAnalyticsSettings
- Settings
Definition stringId - The anomaly settings definition Id
- Settings
Resource stringName - Security ML Analytics Settings resource name
- Tactics
List<Union<string, Pulumi.
Azure Native. Security Insights. Attack Tactic>> - The tactics of the SecurityMLAnalyticsSettings
- Techniques List<string>
- The techniques of the SecurityMLAnalyticsSettings
- Anomaly
Version string - The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- Display
Name string - The display name for settings created by this SecurityMLAnalyticsSettings.
- Enabled bool
- Determines whether this settings is enabled or disabled.
- Frequency string
- The frequency that this SecurityMLAnalyticsSettings will be run.
- Is
Default boolSettings - Determines whether this anomaly security ml analytics settings is a default settings
- Resource
Group stringName - The name of the resource group. The name is case insensitive.
- Settings
Status string | SettingsStatus - The anomaly SecurityMLAnalyticsSettings status
- Workspace
Name string - The name of the workspace.
- Anomaly
Settings intVersion - The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- Customizable
Observations interface{} - The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- Description string
- The description of the SecurityMLAnalyticsSettings.
- Required
Data []SecurityConnectors MLAnalytics Settings Data Source Args - The required data sources for this SecurityMLAnalyticsSettings
- Settings
Definition stringId - The anomaly settings definition Id
- Settings
Resource stringName - Security ML Analytics Settings resource name
- Tactics []string
- The tactics of the SecurityMLAnalyticsSettings
- Techniques []string
- The techniques of the SecurityMLAnalyticsSettings
- anomaly
Version String - The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- display
Name String - The display name for settings created by this SecurityMLAnalyticsSettings.
- enabled Boolean
- Determines whether this settings is enabled or disabled.
- frequency String
- The frequency that this SecurityMLAnalyticsSettings will be run.
- is
Default BooleanSettings - Determines whether this anomaly security ml analytics settings is a default settings
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- settings
Status String | SettingsStatus - The anomaly SecurityMLAnalyticsSettings status
- workspace
Name String - The name of the workspace.
- anomaly
Settings IntegerVersion - The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- customizable
Observations Object - The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- description String
- The description of the SecurityMLAnalyticsSettings.
- required
Data List<SecurityConnectors MLAnalytics Settings Data Source> - The required data sources for this SecurityMLAnalyticsSettings
- settings
Definition StringId - The anomaly settings definition Id
- settings
Resource StringName - Security ML Analytics Settings resource name
- tactics
List<Either<String,Attack
Tactic>> - The tactics of the SecurityMLAnalyticsSettings
- techniques List<String>
- The techniques of the SecurityMLAnalyticsSettings
- anomaly
Version string - The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- display
Name string - The display name for settings created by this SecurityMLAnalyticsSettings.
- enabled boolean
- Determines whether this settings is enabled or disabled.
- frequency string
- The frequency that this SecurityMLAnalyticsSettings will be run.
- is
Default booleanSettings - Determines whether this anomaly security ml analytics settings is a default settings
- resource
Group stringName - The name of the resource group. The name is case insensitive.
- settings
Status string | SettingsStatus - The anomaly SecurityMLAnalyticsSettings status
- workspace
Name string - The name of the workspace.
- anomaly
Settings numberVersion - The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- customizable
Observations any - The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- description string
- The description of the SecurityMLAnalyticsSettings.
- required
Data SecurityConnectors MLAnalytics Settings Data Source[] - The required data sources for this SecurityMLAnalyticsSettings
- settings
Definition stringId - The anomaly settings definition Id
- settings
Resource stringName - Security ML Analytics Settings resource name
- tactics
(string | Attack
Tactic)[] - The tactics of the SecurityMLAnalyticsSettings
- techniques string[]
- The techniques of the SecurityMLAnalyticsSettings
- anomaly_
version str - The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- display_
name str - The display name for settings created by this SecurityMLAnalyticsSettings.
- enabled bool
- Determines whether this settings is enabled or disabled.
- frequency str
- The frequency that this SecurityMLAnalyticsSettings will be run.
- is_
default_ boolsettings - Determines whether this anomaly security ml analytics settings is a default settings
- resource_
group_ strname - The name of the resource group. The name is case insensitive.
- settings_
status str | SettingsStatus - The anomaly SecurityMLAnalyticsSettings status
- workspace_
name str - The name of the workspace.
- anomaly_
settings_ intversion - The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- customizable_
observations Any - The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- description str
- The description of the SecurityMLAnalyticsSettings.
- required_
data_ Sequence[Securityconnectors MLAnalytics Settings Data Source Args] - The required data sources for this SecurityMLAnalyticsSettings
- settings_
definition_ strid - The anomaly settings definition Id
- settings_
resource_ strname - Security ML Analytics Settings resource name
- tactics
Sequence[Union[str, Attack
Tactic]] - The tactics of the SecurityMLAnalyticsSettings
- techniques Sequence[str]
- The techniques of the SecurityMLAnalyticsSettings
- anomaly
Version String - The anomaly version of the AnomalySecurityMLAnalyticsSettings.
- display
Name String - The display name for settings created by this SecurityMLAnalyticsSettings.
- enabled Boolean
- Determines whether this settings is enabled or disabled.
- frequency String
- The frequency that this SecurityMLAnalyticsSettings will be run.
- is
Default BooleanSettings - Determines whether this anomaly security ml analytics settings is a default settings
- resource
Group StringName - The name of the resource group. The name is case insensitive.
- settings
Status String | "Production" | "Flighting" - The anomaly SecurityMLAnalyticsSettings status
- workspace
Name String - The name of the workspace.
- anomaly
Settings NumberVersion - The anomaly settings version of the Anomaly security ml analytics settings that dictates whether job version gets updated or not.
- customizable
Observations Any - The customizable observations of the AnomalySecurityMLAnalyticsSettings.
- description String
- The description of the SecurityMLAnalyticsSettings.
- required
Data List<Property Map>Connectors - The required data sources for this SecurityMLAnalyticsSettings
- settings
Definition StringId - The anomaly settings definition Id
- settings
Resource StringName - Security ML Analytics Settings resource name
- tactics
List<String | "Reconnaissance" | "Resource
Development" | "Initial Access" | "Execution" | "Persistence" | "Privilege Escalation" | "Defense Evasion" | "Credential Access" | "Discovery" | "Lateral Movement" | "Collection" | "Exfiltration" | "Command And Control" | "Impact" | "Pre Attack" | "Impair Process Control" | "Inhibit Response Function"> - The tactics of the SecurityMLAnalyticsSettings
- techniques List<String>
- The techniques of the SecurityMLAnalyticsSettings
Outputs
All input properties are implicitly available as output properties. Additionally, the AnomalySecurityMLAnalyticsSettings resource produces the following output properties:
- Azure
Api stringVersion - The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc - The last time that this SecurityMLAnalyticsSettings has been modified.
- Name string
- The name of the resource
- System
Data Pulumi.Azure Native. Security Insights. Outputs. System Data Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- Azure
Api stringVersion - The Azure API version of the resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Modified stringUtc - The last time that this SecurityMLAnalyticsSettings has been modified.
- Name string
- The name of the resource
- System
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- Type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- Etag string
- Etag of the azure resource
- azure
Api StringVersion - The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc - The last time that this SecurityMLAnalyticsSettings has been modified.
- name String
- The name of the resource
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
- azure
Api stringVersion - The Azure API version of the resource.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Modified stringUtc - The last time that this SecurityMLAnalyticsSettings has been modified.
- name string
- The name of the resource
- system
Data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type string
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag string
- Etag of the azure resource
- azure_
api_ strversion - The Azure API version of the resource.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
modified_ strutc - The last time that this SecurityMLAnalyticsSettings has been modified.
- name str
- The name of the resource
- system_
data SystemData Response - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type str
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag str
- Etag of the azure resource
- azure
Api StringVersion - The Azure API version of the resource.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Modified StringUtc - The last time that this SecurityMLAnalyticsSettings has been modified.
- name String
- The name of the resource
- system
Data Property Map - Azure Resource Manager metadata containing createdBy and modifiedBy information.
- type String
- The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
- etag String
- Etag of the azure resource
Supporting Types
AttackTactic, AttackTacticArgs
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- Attack
Tactic Reconnaissance - Reconnaissance
- Attack
Tactic Resource Development - ResourceDevelopment
- Attack
Tactic Initial Access - InitialAccess
- Attack
Tactic Execution - Execution
- Attack
Tactic Persistence - Persistence
- Attack
Tactic Privilege Escalation - PrivilegeEscalation
- Attack
Tactic Defense Evasion - DefenseEvasion
- Attack
Tactic Credential Access - CredentialAccess
- Attack
Tactic Discovery - Discovery
- Attack
Tactic Lateral Movement - LateralMovement
- Attack
Tactic Collection - Collection
- Attack
Tactic Exfiltration - Exfiltration
- Attack
Tactic Command And Control - CommandAndControl
- Attack
Tactic Impact - Impact
- Attack
Tactic Pre Attack - PreAttack
- Attack
Tactic Impair Process Control - ImpairProcessControl
- Attack
Tactic Inhibit Response Function - InhibitResponseFunction
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- Reconnaissance
- Reconnaissance
- Resource
Development - ResourceDevelopment
- Initial
Access - InitialAccess
- Execution
- Execution
- Persistence
- Persistence
- Privilege
Escalation - PrivilegeEscalation
- Defense
Evasion - DefenseEvasion
- Credential
Access - CredentialAccess
- Discovery
- Discovery
- Lateral
Movement - LateralMovement
- Collection
- Collection
- Exfiltration
- Exfiltration
- Command
And Control - CommandAndControl
- Impact
- Impact
- Pre
Attack - PreAttack
- Impair
Process Control - ImpairProcessControl
- Inhibit
Response Function - InhibitResponseFunction
- RECONNAISSANCE
- Reconnaissance
- RESOURCE_DEVELOPMENT
- ResourceDevelopment
- INITIAL_ACCESS
- InitialAccess
- EXECUTION
- Execution
- PERSISTENCE
- Persistence
- PRIVILEGE_ESCALATION
- PrivilegeEscalation
- DEFENSE_EVASION
- DefenseEvasion
- CREDENTIAL_ACCESS
- CredentialAccess
- DISCOVERY
- Discovery
- LATERAL_MOVEMENT
- LateralMovement
- COLLECTION
- Collection
- EXFILTRATION
- Exfiltration
- COMMAND_AND_CONTROL
- CommandAndControl
- IMPACT
- Impact
- PRE_ATTACK
- PreAttack
- IMPAIR_PROCESS_CONTROL
- ImpairProcessControl
- INHIBIT_RESPONSE_FUNCTION
- InhibitResponseFunction
- "Reconnaissance"
- Reconnaissance
- "Resource
Development" - ResourceDevelopment
- "Initial
Access" - InitialAccess
- "Execution"
- Execution
- "Persistence"
- Persistence
- "Privilege
Escalation" - PrivilegeEscalation
- "Defense
Evasion" - DefenseEvasion
- "Credential
Access" - CredentialAccess
- "Discovery"
- Discovery
- "Lateral
Movement" - LateralMovement
- "Collection"
- Collection
- "Exfiltration"
- Exfiltration
- "Command
And Control" - CommandAndControl
- "Impact"
- Impact
- "Pre
Attack" - PreAttack
- "Impair
Process Control" - ImpairProcessControl
- "Inhibit
Response Function" - InhibitResponseFunction
SecurityMLAnalyticsSettingsDataSource, SecurityMLAnalyticsSettingsDataSourceArgs
- Connector
Id string - The connector id that provides the following data types
- Data
Types List<string> - The data types used by the security ml analytics settings
- Connector
Id string - The connector id that provides the following data types
- Data
Types []string - The data types used by the security ml analytics settings
- connector
Id String - The connector id that provides the following data types
- data
Types List<String> - The data types used by the security ml analytics settings
- connector
Id string - The connector id that provides the following data types
- data
Types string[] - The data types used by the security ml analytics settings
- connector_
id str - The connector id that provides the following data types
- data_
types Sequence[str] - The data types used by the security ml analytics settings
- connector
Id String - The connector id that provides the following data types
- data
Types List<String> - The data types used by the security ml analytics settings
SecurityMLAnalyticsSettingsDataSourceResponse, SecurityMLAnalyticsSettingsDataSourceResponseArgs
- Connector
Id string - The connector id that provides the following data types
- Data
Types List<string> - The data types used by the security ml analytics settings
- Connector
Id string - The connector id that provides the following data types
- Data
Types []string - The data types used by the security ml analytics settings
- connector
Id String - The connector id that provides the following data types
- data
Types List<String> - The data types used by the security ml analytics settings
- connector
Id string - The connector id that provides the following data types
- data
Types string[] - The data types used by the security ml analytics settings
- connector_
id str - The connector id that provides the following data types
- data_
types Sequence[str] - The data types used by the security ml analytics settings
- connector
Id String - The connector id that provides the following data types
- data
Types List<String> - The data types used by the security ml analytics settings
SettingsStatus, SettingsStatusArgs
- Production
- ProductionAnomaly settings status in Production mode
- Flighting
- FlightingAnomaly settings status in Flighting mode
- Settings
Status Production - ProductionAnomaly settings status in Production mode
- Settings
Status Flighting - FlightingAnomaly settings status in Flighting mode
- Production
- ProductionAnomaly settings status in Production mode
- Flighting
- FlightingAnomaly settings status in Flighting mode
- Production
- ProductionAnomaly settings status in Production mode
- Flighting
- FlightingAnomaly settings status in Flighting mode
- PRODUCTION
- ProductionAnomaly settings status in Production mode
- FLIGHTING
- FlightingAnomaly settings status in Flighting mode
- "Production"
- ProductionAnomaly settings status in Production mode
- "Flighting"
- FlightingAnomaly settings status in Flighting mode
SystemDataResponse, SystemDataResponseArgs
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- Created
At string - The timestamp of resource creation (UTC).
- Created
By string - The identity that created the resource.
- Created
By stringType - The type of identity that created the resource.
- Last
Modified stringAt - The timestamp of resource last modification (UTC)
- Last
Modified stringBy - The identity that last modified the resource.
- Last
Modified stringBy Type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
- created
At string - The timestamp of resource creation (UTC).
- created
By string - The identity that created the resource.
- created
By stringType - The type of identity that created the resource.
- last
Modified stringAt - The timestamp of resource last modification (UTC)
- last
Modified stringBy - The identity that last modified the resource.
- last
Modified stringBy Type - The type of identity that last modified the resource.
- created_
at str - The timestamp of resource creation (UTC).
- created_
by str - The identity that created the resource.
- created_
by_ strtype - The type of identity that created the resource.
- last_
modified_ strat - The timestamp of resource last modification (UTC)
- last_
modified_ strby - The identity that last modified the resource.
- last_
modified_ strby_ type - The type of identity that last modified the resource.
- created
At String - The timestamp of resource creation (UTC).
- created
By String - The identity that created the resource.
- created
By StringType - The type of identity that created the resource.
- last
Modified StringAt - The timestamp of resource last modification (UTC)
- last
Modified StringBy - The identity that last modified the resource.
- last
Modified StringBy Type - The type of identity that last modified the resource.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:securityinsights:AnomalySecurityMLAnalyticsSettings f209187f-1d17-4431-94af-c141bf5f23db /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Azure Native v3.1.0 published on Tuesday, Apr 8, 2025 by Pulumi