com.pulumi.azure.sentinel.kotlin.AlertRuleAnomalyDuplicate.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-azure-kotlin Show documentation
Show all versions of pulumi-azure-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.sentinel.kotlin
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicateMultiSelectObservation
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicatePrioritizedExcludeObservation
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicateRequiredDataConnector
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicateSingleSelectObservation
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicateThresholdObservation
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicateMultiSelectObservation.Companion.toKotlin as alertRuleAnomalyDuplicateMultiSelectObservationToKotlin
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicatePrioritizedExcludeObservation.Companion.toKotlin as alertRuleAnomalyDuplicatePrioritizedExcludeObservationToKotlin
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicateRequiredDataConnector.Companion.toKotlin as alertRuleAnomalyDuplicateRequiredDataConnectorToKotlin
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicateSingleSelectObservation.Companion.toKotlin as alertRuleAnomalyDuplicateSingleSelectObservationToKotlin
import com.pulumi.azure.sentinel.kotlin.outputs.AlertRuleAnomalyDuplicateThresholdObservation.Companion.toKotlin as alertRuleAnomalyDuplicateThresholdObservationToKotlin
/**
* Builder for [AlertRuleAnomalyDuplicate].
*/
@PulumiTagMarker
public class AlertRuleAnomalyDuplicateResourceBuilder internal constructor() {
public var name: String? = null
public var args: AlertRuleAnomalyDuplicateArgs = AlertRuleAnomalyDuplicateArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AlertRuleAnomalyDuplicateArgsBuilder.() -> Unit) {
val builder = AlertRuleAnomalyDuplicateArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): AlertRuleAnomalyDuplicate {
val builtJavaResource =
com.pulumi.azure.sentinel.AlertRuleAnomalyDuplicate(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return AlertRuleAnomalyDuplicate(builtJavaResource)
}
}
/**
* Manages a Duplicated Anomaly Alert Rule.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* const exampleResourceGroup = new azure.core.ResourceGroup("example", {
* name: "example-resources",
* location: "West Europe",
* });
* const exampleAnalyticsWorkspace = new azure.operationalinsights.AnalyticsWorkspace("example", {
* name: "example-law",
* location: exampleResourceGroup.location,
* resourceGroupName: exampleResourceGroup.name,
* sku: "PerGB2018",
* });
* const exampleLogAnalyticsWorkspaceOnboarding = new azure.sentinel.LogAnalyticsWorkspaceOnboarding("example", {
* workspaceId: exampleAnalyticsWorkspace.id,
* customerManagedKeyEnabled: false,
* });
* const example = azure.sentinel.getAlertRuleAnomalyOutput({
* logAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.workspaceId,
* displayName: "UEBA Anomalous Sign In",
* });
* const exampleAlertRuleAnomalyDuplicate = new azure.sentinel.AlertRuleAnomalyDuplicate("example", {
* displayName: "example duplicated UEBA Anomalous Sign In",
* logAnalyticsWorkspaceId: exampleAnalyticsWorkspace.id,
* builtInRuleId: example.apply(example => example.id),
* enabled: true,
* mode: "Flighting",
* thresholdObservations: [{
* name: "Anomaly score threshold",
* value: "0.6",
* }],
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* example_resource_group = azure.core.ResourceGroup("example",
* name="example-resources",
* location="West Europe")
* example_analytics_workspace = azure.operationalinsights.AnalyticsWorkspace("example",
* name="example-law",
* location=example_resource_group.location,
* resource_group_name=example_resource_group.name,
* sku="PerGB2018")
* example_log_analytics_workspace_onboarding = azure.sentinel.LogAnalyticsWorkspaceOnboarding("example",
* workspace_id=example_analytics_workspace.id,
* customer_managed_key_enabled=False)
* example = azure.sentinel.get_alert_rule_anomaly_output(log_analytics_workspace_id=example_log_analytics_workspace_onboarding.workspace_id,
* display_name="UEBA Anomalous Sign In")
* example_alert_rule_anomaly_duplicate = azure.sentinel.AlertRuleAnomalyDuplicate("example",
* display_name="example duplicated UEBA Anomalous Sign In",
* log_analytics_workspace_id=example_analytics_workspace.id,
* built_in_rule_id=example.id,
* enabled=True,
* mode="Flighting",
* threshold_observations=[{
* "name": "Anomaly score threshold",
* "value": "0.6",
* }])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* return await Deployment.RunAsync(() =>
* {
* var exampleResourceGroup = new Azure.Core.ResourceGroup("example", new()
* {
* Name = "example-resources",
* Location = "West Europe",
* });
* var exampleAnalyticsWorkspace = new Azure.OperationalInsights.AnalyticsWorkspace("example", new()
* {
* Name = "example-law",
* Location = exampleResourceGroup.Location,
* ResourceGroupName = exampleResourceGroup.Name,
* Sku = "PerGB2018",
* });
* var exampleLogAnalyticsWorkspaceOnboarding = new Azure.Sentinel.LogAnalyticsWorkspaceOnboarding("example", new()
* {
* WorkspaceId = exampleAnalyticsWorkspace.Id,
* CustomerManagedKeyEnabled = false,
* });
* var example = Azure.Sentinel.GetAlertRuleAnomaly.Invoke(new()
* {
* LogAnalyticsWorkspaceId = exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
* DisplayName = "UEBA Anomalous Sign In",
* });
* var exampleAlertRuleAnomalyDuplicate = new Azure.Sentinel.AlertRuleAnomalyDuplicate("example", new()
* {
* DisplayName = "example duplicated UEBA Anomalous Sign In",
* LogAnalyticsWorkspaceId = exampleAnalyticsWorkspace.Id,
* BuiltInRuleId = example.Apply(getAlertRuleAnomalyResult => getAlertRuleAnomalyResult.Id),
* Enabled = true,
* Mode = "Flighting",
* ThresholdObservations = new[]
* {
* new Azure.Sentinel.Inputs.AlertRuleAnomalyDuplicateThresholdObservationArgs
* {
* Name = "Anomaly score threshold",
* Value = "0.6",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* exampleResourceGroup, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
* Name: pulumi.String("example-resources"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "example", &operationalinsights.AnalyticsWorkspaceArgs{
* Name: pulumi.String("example-law"),
* Location: exampleResourceGroup.Location,
* ResourceGroupName: exampleResourceGroup.Name,
* Sku: pulumi.String("PerGB2018"),
* })
* if err != nil {
* return err
* }
* exampleLogAnalyticsWorkspaceOnboarding, err := sentinel.NewLogAnalyticsWorkspaceOnboarding(ctx, "example", &sentinel.LogAnalyticsWorkspaceOnboardingArgs{
* WorkspaceId: exampleAnalyticsWorkspace.ID(),
* CustomerManagedKeyEnabled: pulumi.Bool(false),
* })
* if err != nil {
* return err
* }
* example := sentinel.GetAlertRuleAnomalyOutput(ctx, sentinel.GetAlertRuleAnomalyOutputArgs{
* LogAnalyticsWorkspaceId: exampleLogAnalyticsWorkspaceOnboarding.WorkspaceId,
* DisplayName: pulumi.String("UEBA Anomalous Sign In"),
* }, nil)
* _, err = sentinel.NewAlertRuleAnomalyDuplicate(ctx, "example", &sentinel.AlertRuleAnomalyDuplicateArgs{
* DisplayName: pulumi.String("example duplicated UEBA Anomalous Sign In"),
* LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.ID(),
* BuiltInRuleId: pulumi.String(example.ApplyT(func(example sentinel.GetAlertRuleAnomalyResult) (*string, error) {
* return &example.Id, nil
* }).(pulumi.StringPtrOutput)),
* Enabled: pulumi.Bool(true),
* Mode: pulumi.String("Flighting"),
* ThresholdObservations: sentinel.AlertRuleAnomalyDuplicateThresholdObservationArray{
* &sentinel.AlertRuleAnomalyDuplicateThresholdObservationArgs{
* Name: pulumi.String("Anomaly score threshold"),
* Value: pulumi.String("0.6"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.operationalinsights.AnalyticsWorkspace;
* import com.pulumi.azure.operationalinsights.AnalyticsWorkspaceArgs;
* import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboarding;
* import com.pulumi.azure.sentinel.LogAnalyticsWorkspaceOnboardingArgs;
* import com.pulumi.azure.sentinel.SentinelFunctions;
* import com.pulumi.azure.sentinel.inputs.GetAlertRuleAnomalyArgs;
* import com.pulumi.azure.sentinel.AlertRuleAnomalyDuplicate;
* import com.pulumi.azure.sentinel.AlertRuleAnomalyDuplicateArgs;
* import com.pulumi.azure.sentinel.inputs.AlertRuleAnomalyDuplicateThresholdObservationArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
* .name("example-resources")
* .location("West Europe")
* .build());
* var exampleAnalyticsWorkspace = new AnalyticsWorkspace("exampleAnalyticsWorkspace", AnalyticsWorkspaceArgs.builder()
* .name("example-law")
* .location(exampleResourceGroup.location())
* .resourceGroupName(exampleResourceGroup.name())
* .sku("PerGB2018")
* .build());
* var exampleLogAnalyticsWorkspaceOnboarding = new LogAnalyticsWorkspaceOnboarding("exampleLogAnalyticsWorkspaceOnboarding", LogAnalyticsWorkspaceOnboardingArgs.builder()
* .workspaceId(exampleAnalyticsWorkspace.id())
* .customerManagedKeyEnabled(false)
* .build());
* final var example = SentinelFunctions.getAlertRuleAnomaly(GetAlertRuleAnomalyArgs.builder()
* .logAnalyticsWorkspaceId(exampleLogAnalyticsWorkspaceOnboarding.workspaceId())
* .displayName("UEBA Anomalous Sign In")
* .build());
* var exampleAlertRuleAnomalyDuplicate = new AlertRuleAnomalyDuplicate("exampleAlertRuleAnomalyDuplicate", AlertRuleAnomalyDuplicateArgs.builder()
* .displayName("example duplicated UEBA Anomalous Sign In")
* .logAnalyticsWorkspaceId(exampleAnalyticsWorkspace.id())
* .builtInRuleId(example.applyValue(getAlertRuleAnomalyResult -> getAlertRuleAnomalyResult).applyValue(example -> example.applyValue(getAlertRuleAnomalyResult -> getAlertRuleAnomalyResult.id())))
* .enabled(true)
* .mode("Flighting")
* .thresholdObservations(AlertRuleAnomalyDuplicateThresholdObservationArgs.builder()
* .name("Anomaly score threshold")
* .value("0.6")
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* exampleResourceGroup:
* type: azure:core:ResourceGroup
* name: example
* properties:
* name: example-resources
* location: West Europe
* exampleAnalyticsWorkspace:
* type: azure:operationalinsights:AnalyticsWorkspace
* name: example
* properties:
* name: example-law
* location: ${exampleResourceGroup.location}
* resourceGroupName: ${exampleResourceGroup.name}
* sku: PerGB2018
* exampleLogAnalyticsWorkspaceOnboarding:
* type: azure:sentinel:LogAnalyticsWorkspaceOnboarding
* name: example
* properties:
* workspaceId: ${exampleAnalyticsWorkspace.id}
* customerManagedKeyEnabled: false
* exampleAlertRuleAnomalyDuplicate:
* type: azure:sentinel:AlertRuleAnomalyDuplicate
* name: example
* properties:
* displayName: example duplicated UEBA Anomalous Sign In
* logAnalyticsWorkspaceId: ${exampleAnalyticsWorkspace.id}
* builtInRuleId: ${example.id}
* enabled: true
* mode: Flighting
* thresholdObservations:
* - name: Anomaly score threshold
* value: '0.6'
* variables:
* example:
* fn::invoke:
* Function: azure:sentinel:getAlertRuleAnomaly
* Arguments:
* logAnalyticsWorkspaceId: ${exampleLogAnalyticsWorkspaceOnboarding.workspaceId}
* displayName: UEBA Anomalous Sign In
* ```
*
* ## Import
* Built In Anomaly Alert Rules can be imported using the `resource id`, e.g.
* ```sh
* $ pulumi import azure:sentinel/alertRuleAnomalyDuplicate:AlertRuleAnomalyDuplicate example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/setting1
* ```
*/
public class AlertRuleAnomalyDuplicate internal constructor(
override val javaResource: com.pulumi.azure.sentinel.AlertRuleAnomalyDuplicate,
) : KotlinCustomResource(javaResource, AlertRuleAnomalyDuplicateMapper) {
/**
* The version of the Anomaly Security ML Analytics Settings.
*/
public val anomalySettingsVersion: Output
get() = javaResource.anomalySettingsVersion().applyValue({ args0 -> args0 })
/**
* The anomaly version of the Anomaly Alert Rule.
*/
public val anomalyVersion: Output
get() = javaResource.anomalyVersion().applyValue({ args0 -> args0 })
/**
* The ID of the built-in Anomaly Alert Rule. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
*/
public val builtInRuleId: Output
get() = javaResource.builtInRuleId().applyValue({ args0 -> args0 })
/**
* The description of the Anomaly Alert Rule.
*/
public val description: Output
get() = javaResource.description().applyValue({ args0 -> args0 })
/**
* The Display Name of the built-in Anomaly Alert Rule.
*/
public val displayName: Output
get() = javaResource.displayName().applyValue({ args0 -> args0 })
/**
* Should the Duplicated Anomaly Alert Rule be enabled?
*/
public val enabled: Output
get() = javaResource.enabled().applyValue({ args0 -> args0 })
/**
* The frequency the Anomaly Alert Rule will be run, such as "P1D".
*/
public val frequency: Output
get() = javaResource.frequency().applyValue({ args0 -> args0 })
/**
* Whether the current settings of the Anomaly Alert Rule equals default settings.
*/
public val isDefaultSettings: Output
get() = javaResource.isDefaultSettings().applyValue({ args0 -> args0 })
/**
* The ID of the Log Analytics Workspace. Changing this forces a new Duplicated Anomaly Alert Rule to be created.
*/
public val logAnalyticsWorkspaceId: Output
get() = javaResource.logAnalyticsWorkspaceId().applyValue({ args0 -> args0 })
/**
* mode of the Duplicated Anomaly Alert Rule. Possible Values are `Production` and `Flighting`.
*/
public val mode: Output
get() = javaResource.mode().applyValue({ args0 -> args0 })
/**
* A list of `multi_select_observation` blocks as defined below.
*/
public val multiSelectObservations: Output>
get() = javaResource.multiSelectObservations().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> alertRuleAnomalyDuplicateMultiSelectObservationToKotlin(args0) })
})
})
public val name: Output
get() = javaResource.name().applyValue({ args0 -> args0 })
/**
* A list of `prioritized_exclude_observation` blocks as defined below.
*/
public val prioritizedExcludeObservations:
Output>
get() = javaResource.prioritizedExcludeObservations().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 ->
alertRuleAnomalyDuplicatePrioritizedExcludeObservationToKotlin(args0)
})
})
})
/**
* A `required_data_connector` block as defined below.
*/
public val requiredDataConnectors: Output>
get() = javaResource.requiredDataConnectors().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> alertRuleAnomalyDuplicateRequiredDataConnectorToKotlin(args0) })
})
})
/**
* The ID of the anomaly settings definition Id.
*/
public val settingsDefinitionId: Output
get() = javaResource.settingsDefinitionId().applyValue({ args0 -> args0 })
/**
* A list of `single_select_observation` blocks as defined below.
*/
public val singleSelectObservations:
Output>
get() = javaResource.singleSelectObservations().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> alertRuleAnomalyDuplicateSingleSelectObservationToKotlin(args0) })
})
})
/**
* A list of categories of attacks by which to classify the rule.
*/
public val tactics: Output>
get() = javaResource.tactics().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* A list of techniques of attacks by which to classify the rule.
*/
public val techniques: Output>
get() = javaResource.techniques().applyValue({ args0 -> args0.map({ args0 -> args0 }) })
/**
* A list of `threshold_observation` blocks as defined below.
* > **NOTE:** un-specified `multi_select_observation`, `single_select_observation`, `prioritized_exclude_observation` and `threshold_observation` will be inherited from the built-in Anomaly Alert Rule.
*/
public val thresholdObservations: Output>
get() = javaResource.thresholdObservations().applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> alertRuleAnomalyDuplicateThresholdObservationToKotlin(args0) })
})
})
}
public object AlertRuleAnomalyDuplicateMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.azure.sentinel.AlertRuleAnomalyDuplicate::class == javaResource::class
override fun map(javaResource: Resource): AlertRuleAnomalyDuplicate =
AlertRuleAnomalyDuplicate(javaResource as com.pulumi.azure.sentinel.AlertRuleAnomalyDuplicate)
}
/**
* @see [AlertRuleAnomalyDuplicate].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [AlertRuleAnomalyDuplicate].
*/
public suspend fun alertRuleAnomalyDuplicate(
name: String,
block: suspend AlertRuleAnomalyDuplicateResourceBuilder.() -> Unit,
): AlertRuleAnomalyDuplicate {
val builder = AlertRuleAnomalyDuplicateResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [AlertRuleAnomalyDuplicate].
* @param name The _unique_ name of the resulting resource.
*/
public fun alertRuleAnomalyDuplicate(name: String): AlertRuleAnomalyDuplicate {
val builder = AlertRuleAnomalyDuplicateResourceBuilder()
builder.name(name)
return builder.build()
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy