com.pulumi.azurenative.securityinsights.ActivityCustomEntityQuery Maven / Gradle / Ivy
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azurenative.securityinsights;
import com.pulumi.azurenative.Utilities;
import com.pulumi.azurenative.securityinsights.ActivityCustomEntityQueryArgs;
import com.pulumi.azurenative.securityinsights.outputs.ActivityEntityQueriesPropertiesResponseQueryDefinitions;
import com.pulumi.azurenative.securityinsights.outputs.SystemDataResponse;
import com.pulumi.core.Alias;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.Boolean;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* Represents Activity entity query.
* Azure REST API version: 2023-06-01-preview. Prior API version in Azure Native 1.x: 2021-03-01-preview.
*
* ## Example Usage
* ### Creates or updates an Activity entity query.
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.securityinsights.ActivityCustomEntityQuery;
* import com.pulumi.azurenative.securityinsights.ActivityCustomEntityQueryArgs;
* import com.pulumi.azurenative.securityinsights.inputs.ActivityEntityQueriesPropertiesQueryDefinitionsArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App }{{@code
* public static void main(String[] args) }{{@code
* Pulumi.run(App::stack);
* }}{@code
*
* public static void stack(Context ctx) }{{@code
* var activityCustomEntityQuery = new ActivityCustomEntityQuery("activityCustomEntityQuery", ActivityCustomEntityQueryArgs.builder()
* .content("On '}{{{@code Computer}}}{@code ' the account '}{{{@code TargetAccount}}}{@code ' was deleted by '}{{{@code AddedBy}}}{@code '")
* .description("Account deleted on host")
* .enabled(true)
* .entitiesFilter(Map.of("Host_OsFamily", "Windows"))
* .entityQueryId("07da3cc8-c8ad-4710-a44e-334cdcb7882b")
* .inputEntityType("Host")
* .kind("Activity")
* .queryDefinitions(ActivityEntityQueriesPropertiesQueryDefinitionsArgs.builder()
* .query("""
* let GetAccountActions = (v_Host_Name:string, v_Host_NTDomain:string, v_Host_DnsDomain:string, v_Host_AzureID:string, v_Host_OMSAgentID:string)}{{@code
* SecurityEvent
* | where EventID in (4725, 4726, 4767, 4720, 4722, 4723, 4724)
* // parsing for Host to handle variety of conventions coming from data
* | extend Host_HostName = case(
* Computer has '}{@literal @}{@code ', tostring(split(Computer, '}{@literal @}{@code ')[0]),
* Computer has '\\', tostring(split(Computer, '\\')[1]),
* Computer has '.', tostring(split(Computer, '.')[0]),
* Computer
* )
* | extend Host_NTDomain = case(
* Computer has '\\', tostring(split(Computer, '\\')[0]),
* Computer has '.', tostring(split(Computer, '.')[-2]),
* Computer
* )
* | extend Host_DnsDomain = case(
* Computer has '\\', tostring(split(Computer, '\\')[0]),
* Computer has '.', strcat_array(array_slice(split(Computer,'.'),-2,-1),'.'),
* Computer
* )
* | where (Host_HostName =~ v_Host_Name and Host_NTDomain =~ v_Host_NTDomain)
* or (Host_HostName =~ v_Host_Name and Host_DnsDomain =~ v_Host_DnsDomain)
* or v_Host_AzureID =~ _ResourceId
* or v_Host_OMSAgentID == SourceComputerId
* | project TimeGenerated, EventID, Activity, Computer, TargetAccount, TargetUserName, TargetDomainName, TargetSid, SubjectUserName, SubjectUserSid, _ResourceId, SourceComputerId
* | extend AddedBy = SubjectUserName
* // Future support for Activities
* | extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = TargetAccount
* }}{@code ;
* GetAccountActions('}{{{@code Host_HostName}}}{@code ', '}{{{@code Host_NTDomain}}}{@code ', '}{{{@code Host_DnsDomain}}}{@code ', '}{{{@code Host_AzureID}}}{@code ', '}{{{@code Host_OMSAgentID}}}{@code ')
*
* | where EventID == 4726 """)
* .build())
* .requiredInputFieldsSets(
*
* "Host_HostName",
* "Host_NTDomain",
*
* "Host_HostName",
* "Host_DnsDomain",
* "Host_AzureID",
* "Host_OMSAgentID")
* .resourceGroupName("myRg")
* .title("An account was deleted on this host")
* .workspaceName("myWorkspace")
* .build());
*
* }}{@code
* }}{@code
*
* }
*
*
* ## Import
*
* An existing resource can be imported using its type token, name, and identifier, e.g.
*
* ```sh
* $ pulumi import azure-native:securityinsights:ActivityCustomEntityQuery 07da3cc8-c8ad-4710-a44e-334cdcb7882b /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}
* ```
*
*/
@ResourceType(type="azure-native:securityinsights:ActivityCustomEntityQuery")
public class ActivityCustomEntityQuery extends com.pulumi.resources.CustomResource {
/**
* The entity query content to display in timeline
*
*/
@Export(name="content", refs={String.class}, tree="[0]")
private Output content;
/**
* @return The entity query content to display in timeline
*
*/
public Output> content() {
return Codegen.optional(this.content);
}
/**
* The time the activity was created
*
*/
@Export(name="createdTimeUtc", refs={String.class}, tree="[0]")
private Output createdTimeUtc;
/**
* @return The time the activity was created
*
*/
public Output createdTimeUtc() {
return this.createdTimeUtc;
}
/**
* The entity query description
*
*/
@Export(name="description", refs={String.class}, tree="[0]")
private Output description;
/**
* @return The entity query description
*
*/
public Output> description() {
return Codegen.optional(this.description);
}
/**
* Determines whether this activity is enabled or disabled.
*
*/
@Export(name="enabled", refs={Boolean.class}, tree="[0]")
private Output enabled;
/**
* @return Determines whether this activity is enabled or disabled.
*
*/
public Output> enabled() {
return Codegen.optional(this.enabled);
}
/**
* The query applied only to entities matching to all filters
*
*/
@Export(name="entitiesFilter", refs={Map.class,String.class,List.class}, tree="[0,1,[2,1]]")
private Output>> entitiesFilter;
/**
* @return The query applied only to entities matching to all filters
*
*/
public Output>>> entitiesFilter() {
return Codegen.optional(this.entitiesFilter);
}
/**
* Etag of the azure resource
*
*/
@Export(name="etag", refs={String.class}, tree="[0]")
private Output etag;
/**
* @return Etag of the azure resource
*
*/
public Output> etag() {
return Codegen.optional(this.etag);
}
/**
* The type of the query's source entity
*
*/
@Export(name="inputEntityType", refs={String.class}, tree="[0]")
private Output inputEntityType;
/**
* @return The type of the query's source entity
*
*/
public Output> inputEntityType() {
return Codegen.optional(this.inputEntityType);
}
/**
* The kind of the entity query
* Expected value is 'Activity'.
*
*/
@Export(name="kind", refs={String.class}, tree="[0]")
private Output kind;
/**
* @return The kind of the entity query
* Expected value is 'Activity'.
*
*/
public Output kind() {
return this.kind;
}
/**
* The last time the activity was updated
*
*/
@Export(name="lastModifiedTimeUtc", refs={String.class}, tree="[0]")
private Output lastModifiedTimeUtc;
/**
* @return The last time the activity was updated
*
*/
public Output lastModifiedTimeUtc() {
return this.lastModifiedTimeUtc;
}
/**
* The name of the resource
*
*/
@Export(name="name", refs={String.class}, tree="[0]")
private Output name;
/**
* @return The name of the resource
*
*/
public Output name() {
return this.name;
}
/**
* The Activity query definitions
*
*/
@Export(name="queryDefinitions", refs={ActivityEntityQueriesPropertiesResponseQueryDefinitions.class}, tree="[0]")
private Output queryDefinitions;
/**
* @return The Activity query definitions
*
*/
public Output> queryDefinitions() {
return Codegen.optional(this.queryDefinitions);
}
/**
* List of the fields of the source entity that are required to run the query
*
*/
@Export(name="requiredInputFieldsSets", refs={List.class,String.class}, tree="[0,[0,1]]")
private Output>> requiredInputFieldsSets;
/**
* @return List of the fields of the source entity that are required to run the query
*
*/
public Output>>> requiredInputFieldsSets() {
return Codegen.optional(this.requiredInputFieldsSets);
}
/**
* Azure Resource Manager metadata containing createdBy and modifiedBy information.
*
*/
@Export(name="systemData", refs={SystemDataResponse.class}, tree="[0]")
private Output systemData;
/**
* @return Azure Resource Manager metadata containing createdBy and modifiedBy information.
*
*/
public Output systemData() {
return this.systemData;
}
/**
* The template id this activity was created from
*
*/
@Export(name="templateName", refs={String.class}, tree="[0]")
private Output templateName;
/**
* @return The template id this activity was created from
*
*/
public Output> templateName() {
return Codegen.optional(this.templateName);
}
/**
* The entity query title
*
*/
@Export(name="title", refs={String.class}, tree="[0]")
private Output title;
/**
* @return The entity query title
*
*/
public Output> title() {
return Codegen.optional(this.title);
}
/**
* The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
*
*/
@Export(name="type", refs={String.class}, tree="[0]")
private Output type;
/**
* @return The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
*
*/
public Output type() {
return this.type;
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public ActivityCustomEntityQuery(java.lang.String name) {
this(name, ActivityCustomEntityQueryArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public ActivityCustomEntityQuery(java.lang.String name, ActivityCustomEntityQueryArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public ActivityCustomEntityQuery(java.lang.String name, ActivityCustomEntityQueryArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure-native:securityinsights:ActivityCustomEntityQuery", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
}
private ActivityCustomEntityQuery(java.lang.String name, Output id, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure-native:securityinsights:ActivityCustomEntityQuery", name, null, makeResourceOptions(options, id), false);
}
private static ActivityCustomEntityQueryArgs makeArgs(ActivityCustomEntityQueryArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
if (options != null && options.getUrn().isPresent()) {
return null;
}
var builder = args == null ? ActivityCustomEntityQueryArgs.builder() : ActivityCustomEntityQueryArgs.builder(args);
return builder
.kind("Activity")
.build();
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.aliases(List.of(
Output.of(Alias.builder().type("azure-native:securityinsights/v20210301preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20210901preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20211001preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220101preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220401preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220501preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220601preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220701preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220801preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20220901preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20221001preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20221101preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20221201preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230201preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230301preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230401preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230501preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230601preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230701preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230801preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20230901preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20231001preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20231201preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20240101preview:ActivityCustomEntityQuery").build()),
Output.of(Alias.builder().type("azure-native:securityinsights/v20240401preview:ActivityCustomEntityQuery").build())
))
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static ActivityCustomEntityQuery get(java.lang.String name, Output id, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new ActivityCustomEntityQuery(name, id, options);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy