sentinel

package
v5.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 19, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AlertRuleFusion

type AlertRuleFusion struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringOutput `pulumi:"alertRuleTemplateGuid"`
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Fusion Alert Rule.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleFusion(ctx, "exampleAlertRuleFusion", &sentinel.AlertRuleFusionArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AlertRuleTemplateGuid:   pulumi.String("f71aba3d-28fb-450b-b192-4e76a83015c8"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Fusion Alert Rules can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/alertRuleFusion:AlertRuleFusion example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1

```

func GetAlertRuleFusion

func GetAlertRuleFusion(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleFusionState, opts ...pulumi.ResourceOption) (*AlertRuleFusion, error)

GetAlertRuleFusion gets an existing AlertRuleFusion resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleFusion

func NewAlertRuleFusion(ctx *pulumi.Context,
	name string, args *AlertRuleFusionArgs, opts ...pulumi.ResourceOption) (*AlertRuleFusion, error)

NewAlertRuleFusion registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleFusion) ElementType

func (*AlertRuleFusion) ElementType() reflect.Type

func (*AlertRuleFusion) ToAlertRuleFusionOutput

func (i *AlertRuleFusion) ToAlertRuleFusionOutput() AlertRuleFusionOutput

func (*AlertRuleFusion) ToAlertRuleFusionOutputWithContext

func (i *AlertRuleFusion) ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput

type AlertRuleFusionArgs

type AlertRuleFusionArgs struct {
	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringInput
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a AlertRuleFusion resource.

func (AlertRuleFusionArgs) ElementType

func (AlertRuleFusionArgs) ElementType() reflect.Type

type AlertRuleFusionArray

type AlertRuleFusionArray []AlertRuleFusionInput

func (AlertRuleFusionArray) ElementType

func (AlertRuleFusionArray) ElementType() reflect.Type

func (AlertRuleFusionArray) ToAlertRuleFusionArrayOutput

func (i AlertRuleFusionArray) ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput

func (AlertRuleFusionArray) ToAlertRuleFusionArrayOutputWithContext

func (i AlertRuleFusionArray) ToAlertRuleFusionArrayOutputWithContext(ctx context.Context) AlertRuleFusionArrayOutput

type AlertRuleFusionArrayInput

type AlertRuleFusionArrayInput interface {
	pulumi.Input

	ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput
	ToAlertRuleFusionArrayOutputWithContext(context.Context) AlertRuleFusionArrayOutput
}

AlertRuleFusionArrayInput is an input type that accepts AlertRuleFusionArray and AlertRuleFusionArrayOutput values. You can construct a concrete instance of `AlertRuleFusionArrayInput` via:

AlertRuleFusionArray{ AlertRuleFusionArgs{...} }

type AlertRuleFusionArrayOutput

type AlertRuleFusionArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionArrayOutput) ElementType

func (AlertRuleFusionArrayOutput) ElementType() reflect.Type

func (AlertRuleFusionArrayOutput) Index

func (AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutput

func (o AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutput() AlertRuleFusionArrayOutput

func (AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutputWithContext

func (o AlertRuleFusionArrayOutput) ToAlertRuleFusionArrayOutputWithContext(ctx context.Context) AlertRuleFusionArrayOutput

type AlertRuleFusionInput

type AlertRuleFusionInput interface {
	pulumi.Input

	ToAlertRuleFusionOutput() AlertRuleFusionOutput
	ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput
}

type AlertRuleFusionMap

type AlertRuleFusionMap map[string]AlertRuleFusionInput

func (AlertRuleFusionMap) ElementType

func (AlertRuleFusionMap) ElementType() reflect.Type

func (AlertRuleFusionMap) ToAlertRuleFusionMapOutput

func (i AlertRuleFusionMap) ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput

func (AlertRuleFusionMap) ToAlertRuleFusionMapOutputWithContext

func (i AlertRuleFusionMap) ToAlertRuleFusionMapOutputWithContext(ctx context.Context) AlertRuleFusionMapOutput

type AlertRuleFusionMapInput

type AlertRuleFusionMapInput interface {
	pulumi.Input

	ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput
	ToAlertRuleFusionMapOutputWithContext(context.Context) AlertRuleFusionMapOutput
}

AlertRuleFusionMapInput is an input type that accepts AlertRuleFusionMap and AlertRuleFusionMapOutput values. You can construct a concrete instance of `AlertRuleFusionMapInput` via:

AlertRuleFusionMap{ "key": AlertRuleFusionArgs{...} }

type AlertRuleFusionMapOutput

type AlertRuleFusionMapOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionMapOutput) ElementType

func (AlertRuleFusionMapOutput) ElementType() reflect.Type

func (AlertRuleFusionMapOutput) MapIndex

func (AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutput

func (o AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutput() AlertRuleFusionMapOutput

func (AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutputWithContext

func (o AlertRuleFusionMapOutput) ToAlertRuleFusionMapOutputWithContext(ctx context.Context) AlertRuleFusionMapOutput

type AlertRuleFusionOutput

type AlertRuleFusionOutput struct{ *pulumi.OutputState }

func (AlertRuleFusionOutput) AlertRuleTemplateGuid added in v5.5.0

func (o AlertRuleFusionOutput) AlertRuleTemplateGuid() pulumi.StringOutput

The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.

func (AlertRuleFusionOutput) ElementType

func (AlertRuleFusionOutput) ElementType() reflect.Type

func (AlertRuleFusionOutput) Enabled added in v5.5.0

Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.

func (AlertRuleFusionOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o AlertRuleFusionOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.

func (AlertRuleFusionOutput) Name added in v5.5.0

The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.

func (AlertRuleFusionOutput) ToAlertRuleFusionOutput

func (o AlertRuleFusionOutput) ToAlertRuleFusionOutput() AlertRuleFusionOutput

func (AlertRuleFusionOutput) ToAlertRuleFusionOutputWithContext

func (o AlertRuleFusionOutput) ToAlertRuleFusionOutputWithContext(ctx context.Context) AlertRuleFusionOutput

type AlertRuleFusionState

type AlertRuleFusionState struct {
	// The GUID of the alert rule template which is used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// Should this Sentinel Fusion Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Fusion Alert Rule belongs to. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Fusion Alert Rule. Changing this forces a new Sentinel Fusion Alert Rule to be created.
	Name pulumi.StringPtrInput
}

func (AlertRuleFusionState) ElementType

func (AlertRuleFusionState) ElementType() reflect.Type

type AlertRuleMachineLearningBehaviorAnalytics

type AlertRuleMachineLearningBehaviorAnalytics struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringOutput `pulumi:"alertRuleTemplateGuid"`
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Machine Learning Behavior Analytics Alert Rule.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleMachineLearningBehaviorAnalytics(ctx, "exampleAlertRuleMachineLearningBehaviorAnalytics", &sentinel.AlertRuleMachineLearningBehaviorAnalyticsArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AlertRuleTemplateGuid:   pulumi.String("737a2ce1-70a3-4968-9e90-3e6aca836abf"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Machine Learning Behavior Analytics Rules can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/alertRuleMachineLearningBehaviorAnalytics:AlertRuleMachineLearningBehaviorAnalytics example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1

```

func GetAlertRuleMachineLearningBehaviorAnalytics

func GetAlertRuleMachineLearningBehaviorAnalytics(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleMachineLearningBehaviorAnalyticsState, opts ...pulumi.ResourceOption) (*AlertRuleMachineLearningBehaviorAnalytics, error)

GetAlertRuleMachineLearningBehaviorAnalytics gets an existing AlertRuleMachineLearningBehaviorAnalytics resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleMachineLearningBehaviorAnalytics

func NewAlertRuleMachineLearningBehaviorAnalytics(ctx *pulumi.Context,
	name string, args *AlertRuleMachineLearningBehaviorAnalyticsArgs, opts ...pulumi.ResourceOption) (*AlertRuleMachineLearningBehaviorAnalytics, error)

NewAlertRuleMachineLearningBehaviorAnalytics registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleMachineLearningBehaviorAnalytics) ElementType

func (*AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutput

func (i *AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput

func (*AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext

func (i *AlertRuleMachineLearningBehaviorAnalytics) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput

type AlertRuleMachineLearningBehaviorAnalyticsArgs

type AlertRuleMachineLearningBehaviorAnalyticsArgs struct {
	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringInput
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a AlertRuleMachineLearningBehaviorAnalytics resource.

func (AlertRuleMachineLearningBehaviorAnalyticsArgs) ElementType

type AlertRuleMachineLearningBehaviorAnalyticsArray

type AlertRuleMachineLearningBehaviorAnalyticsArray []AlertRuleMachineLearningBehaviorAnalyticsInput

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ElementType

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput

func (i AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput() AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

func (AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext

func (i AlertRuleMachineLearningBehaviorAnalyticsArray) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

type AlertRuleMachineLearningBehaviorAnalyticsArrayInput

type AlertRuleMachineLearningBehaviorAnalyticsArrayInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput() AlertRuleMachineLearningBehaviorAnalyticsArrayOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput
}

AlertRuleMachineLearningBehaviorAnalyticsArrayInput is an input type that accepts AlertRuleMachineLearningBehaviorAnalyticsArray and AlertRuleMachineLearningBehaviorAnalyticsArrayOutput values. You can construct a concrete instance of `AlertRuleMachineLearningBehaviorAnalyticsArrayInput` via:

AlertRuleMachineLearningBehaviorAnalyticsArray{ AlertRuleMachineLearningBehaviorAnalyticsArgs{...} }

type AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

type AlertRuleMachineLearningBehaviorAnalyticsArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ElementType

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) Index

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutput

func (AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext

func (o AlertRuleMachineLearningBehaviorAnalyticsArrayOutput) ToAlertRuleMachineLearningBehaviorAnalyticsArrayOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsArrayOutput

type AlertRuleMachineLearningBehaviorAnalyticsInput

type AlertRuleMachineLearningBehaviorAnalyticsInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput
}

type AlertRuleMachineLearningBehaviorAnalyticsMap

type AlertRuleMachineLearningBehaviorAnalyticsMap map[string]AlertRuleMachineLearningBehaviorAnalyticsInput

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ElementType

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput

func (i AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput

func (AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext

func (i AlertRuleMachineLearningBehaviorAnalyticsMap) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput

type AlertRuleMachineLearningBehaviorAnalyticsMapInput

type AlertRuleMachineLearningBehaviorAnalyticsMapInput interface {
	pulumi.Input

	ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput
	ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput
}

AlertRuleMachineLearningBehaviorAnalyticsMapInput is an input type that accepts AlertRuleMachineLearningBehaviorAnalyticsMap and AlertRuleMachineLearningBehaviorAnalyticsMapOutput values. You can construct a concrete instance of `AlertRuleMachineLearningBehaviorAnalyticsMapInput` via:

AlertRuleMachineLearningBehaviorAnalyticsMap{ "key": AlertRuleMachineLearningBehaviorAnalyticsArgs{...} }

type AlertRuleMachineLearningBehaviorAnalyticsMapOutput

type AlertRuleMachineLearningBehaviorAnalyticsMapOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ElementType

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) MapIndex

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput

func (o AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutput() AlertRuleMachineLearningBehaviorAnalyticsMapOutput

func (AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext

func (o AlertRuleMachineLearningBehaviorAnalyticsMapOutput) ToAlertRuleMachineLearningBehaviorAnalyticsMapOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsMapOutput

type AlertRuleMachineLearningBehaviorAnalyticsOutput

type AlertRuleMachineLearningBehaviorAnalyticsOutput struct{ *pulumi.OutputState }

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) AlertRuleTemplateGuid added in v5.5.0

The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ElementType

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) Enabled added in v5.5.0

Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) LogAnalyticsWorkspaceId added in v5.5.0

The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) Name added in v5.5.0

The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutput

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutput() AlertRuleMachineLearningBehaviorAnalyticsOutput

func (AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext

func (o AlertRuleMachineLearningBehaviorAnalyticsOutput) ToAlertRuleMachineLearningBehaviorAnalyticsOutputWithContext(ctx context.Context) AlertRuleMachineLearningBehaviorAnalyticsOutput

type AlertRuleMachineLearningBehaviorAnalyticsState

type AlertRuleMachineLearningBehaviorAnalyticsState struct {
	// The GUID of the alert rule template which is used for this Sentinel Machine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// Should this Sentinel Machine Learning Behavior Analytics Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this SentinelMachine Learning Behavior Analytics Alert Rule belongs to. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this SentinelMachine Learning Behavior Analytics Alert Rule. Changing this forces a new Sentinel Machine Learning Behavior Analytics Alert Rule to be created.
	Name pulumi.StringPtrInput
}

func (AlertRuleMachineLearningBehaviorAnalyticsState) ElementType

type AlertRuleMsSecurityIncident

type AlertRuleMsSecurityIncident struct {
	pulumi.CustomResourceState

	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrOutput `pulumi:"alertRuleTemplateGuid"`
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayOutput `pulumi:"displayNameExcludeFilters"`
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayOutput `pulumi:"displayNameFilters"`
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringOutput `pulumi:"productFilter"`
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	SeverityFilters pulumi.StringArrayOutput `pulumi:"severityFilters"`
}

Manages a Sentinel MS Security Incident Alert Rule.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleMsSecurityIncident(ctx, "exampleAlertRuleMsSecurityIncident", &sentinel.AlertRuleMsSecurityIncidentArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			ProductFilter:           pulumi.String("Microsoft Cloud App Security"),
			DisplayName:             pulumi.String("example rule"),
			SeverityFilters: pulumi.StringArray{
				pulumi.String("High"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel MS Security Incident Alert Rules can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/alertRuleMsSecurityIncident:AlertRuleMsSecurityIncident example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1

```

func GetAlertRuleMsSecurityIncident

func GetAlertRuleMsSecurityIncident(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleMsSecurityIncidentState, opts ...pulumi.ResourceOption) (*AlertRuleMsSecurityIncident, error)

GetAlertRuleMsSecurityIncident gets an existing AlertRuleMsSecurityIncident resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleMsSecurityIncident

func NewAlertRuleMsSecurityIncident(ctx *pulumi.Context,
	name string, args *AlertRuleMsSecurityIncidentArgs, opts ...pulumi.ResourceOption) (*AlertRuleMsSecurityIncident, error)

NewAlertRuleMsSecurityIncident registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleMsSecurityIncident) ElementType

func (*AlertRuleMsSecurityIncident) ElementType() reflect.Type

func (*AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutput

func (i *AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput

func (*AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutputWithContext

func (i *AlertRuleMsSecurityIncident) ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput

type AlertRuleMsSecurityIncidentArgs

type AlertRuleMsSecurityIncidentArgs struct {
	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringInput
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayInput
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayInput
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringInput
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	SeverityFilters pulumi.StringArrayInput
}

The set of arguments for constructing a AlertRuleMsSecurityIncident resource.

func (AlertRuleMsSecurityIncidentArgs) ElementType

type AlertRuleMsSecurityIncidentArray

type AlertRuleMsSecurityIncidentArray []AlertRuleMsSecurityIncidentInput

func (AlertRuleMsSecurityIncidentArray) ElementType

func (AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutput

func (i AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput

func (AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutputWithContext

func (i AlertRuleMsSecurityIncidentArray) ToAlertRuleMsSecurityIncidentArrayOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentArrayOutput

type AlertRuleMsSecurityIncidentArrayInput

type AlertRuleMsSecurityIncidentArrayInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput
	ToAlertRuleMsSecurityIncidentArrayOutputWithContext(context.Context) AlertRuleMsSecurityIncidentArrayOutput
}

AlertRuleMsSecurityIncidentArrayInput is an input type that accepts AlertRuleMsSecurityIncidentArray and AlertRuleMsSecurityIncidentArrayOutput values. You can construct a concrete instance of `AlertRuleMsSecurityIncidentArrayInput` via:

AlertRuleMsSecurityIncidentArray{ AlertRuleMsSecurityIncidentArgs{...} }

type AlertRuleMsSecurityIncidentArrayOutput

type AlertRuleMsSecurityIncidentArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentArrayOutput) ElementType

func (AlertRuleMsSecurityIncidentArrayOutput) Index

func (AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutput

func (o AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutput() AlertRuleMsSecurityIncidentArrayOutput

func (AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutputWithContext

func (o AlertRuleMsSecurityIncidentArrayOutput) ToAlertRuleMsSecurityIncidentArrayOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentArrayOutput

type AlertRuleMsSecurityIncidentInput

type AlertRuleMsSecurityIncidentInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput
	ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput
}

type AlertRuleMsSecurityIncidentMap

type AlertRuleMsSecurityIncidentMap map[string]AlertRuleMsSecurityIncidentInput

func (AlertRuleMsSecurityIncidentMap) ElementType

func (AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutput

func (i AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput

func (AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutputWithContext

func (i AlertRuleMsSecurityIncidentMap) ToAlertRuleMsSecurityIncidentMapOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentMapOutput

type AlertRuleMsSecurityIncidentMapInput

type AlertRuleMsSecurityIncidentMapInput interface {
	pulumi.Input

	ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput
	ToAlertRuleMsSecurityIncidentMapOutputWithContext(context.Context) AlertRuleMsSecurityIncidentMapOutput
}

AlertRuleMsSecurityIncidentMapInput is an input type that accepts AlertRuleMsSecurityIncidentMap and AlertRuleMsSecurityIncidentMapOutput values. You can construct a concrete instance of `AlertRuleMsSecurityIncidentMapInput` via:

AlertRuleMsSecurityIncidentMap{ "key": AlertRuleMsSecurityIncidentArgs{...} }

type AlertRuleMsSecurityIncidentMapOutput

type AlertRuleMsSecurityIncidentMapOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentMapOutput) ElementType

func (AlertRuleMsSecurityIncidentMapOutput) MapIndex

func (AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutput

func (o AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutput() AlertRuleMsSecurityIncidentMapOutput

func (AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutputWithContext

func (o AlertRuleMsSecurityIncidentMapOutput) ToAlertRuleMsSecurityIncidentMapOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentMapOutput

type AlertRuleMsSecurityIncidentOutput

type AlertRuleMsSecurityIncidentOutput struct{ *pulumi.OutputState }

func (AlertRuleMsSecurityIncidentOutput) AlertRuleTemplateGuid added in v5.5.0

func (o AlertRuleMsSecurityIncidentOutput) AlertRuleTemplateGuid() pulumi.StringPtrOutput

The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.

func (AlertRuleMsSecurityIncidentOutput) Description added in v5.5.0

The description of this Sentinel MS Security Incident Alert Rule.

func (AlertRuleMsSecurityIncidentOutput) DisplayName added in v5.5.0

The friendly name of this Sentinel MS Security Incident Alert Rule.

func (AlertRuleMsSecurityIncidentOutput) DisplayNameExcludeFilters added in v5.5.0

func (o AlertRuleMsSecurityIncidentOutput) DisplayNameExcludeFilters() pulumi.StringArrayOutput

Only create incidents when the alert display name doesn't contain text from this list.

func (AlertRuleMsSecurityIncidentOutput) DisplayNameFilters added in v5.5.0

Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.

func (AlertRuleMsSecurityIncidentOutput) ElementType

func (AlertRuleMsSecurityIncidentOutput) Enabled added in v5.5.0

Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.

func (AlertRuleMsSecurityIncidentOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o AlertRuleMsSecurityIncidentOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.

func (AlertRuleMsSecurityIncidentOutput) Name added in v5.5.0

The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.

func (AlertRuleMsSecurityIncidentOutput) ProductFilter added in v5.5.0

The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.

func (AlertRuleMsSecurityIncidentOutput) SeverityFilters added in v5.5.0

Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.

func (AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutput

func (o AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutput() AlertRuleMsSecurityIncidentOutput

func (AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutputWithContext

func (o AlertRuleMsSecurityIncidentOutput) ToAlertRuleMsSecurityIncidentOutputWithContext(ctx context.Context) AlertRuleMsSecurityIncidentOutput

type AlertRuleMsSecurityIncidentState

type AlertRuleMsSecurityIncidentState struct {
	// The GUID of the alert rule template which is used to create this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The description of this Sentinel MS Security Incident Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel MS Security Incident Alert Rule.
	DisplayName pulumi.StringPtrInput
	// Only create incidents when the alert display name doesn't contain text from this list.
	DisplayNameExcludeFilters pulumi.StringArrayInput
	// Only create incidents when the alert display name contain text from this list, leave empty to apply no filter.
	DisplayNameFilters pulumi.StringArrayInput
	// Should this Sentinel MS Security Incident Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace this Sentinel MS Security Incident Alert Rule belongs to. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel MS Security Incident Alert Rule. Changing this forces a new Sentinel MS Security Incident Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The Microsoft Security Service from where the alert will be generated. Possible values are `Azure Active Directory Identity Protection`, `Azure Advanced Threat Protection`, `Azure Security Center`, `Azure Security Center for IoT`, `Microsoft Cloud App Security`, `Microsoft Defender Advanced Threat Protection` and `Office 365 Advanced Threat Protection`.
	ProductFilter pulumi.StringPtrInput
	// Only create incidents from alerts when alert severity level is contained in this list. Possible values are `High`, `Medium`, `Low` and `Informational`.
	SeverityFilters pulumi.StringArrayInput
}

func (AlertRuleMsSecurityIncidentState) ElementType

type AlertRuleScheduled

type AlertRuleScheduled struct {
	pulumi.CustomResourceState

	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleScheduledAlertDetailsOverrideArrayOutput `pulumi:"alertDetailsOverrides"`
	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrOutput `pulumi:"alertRuleTemplateGuid"`
	// The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateVersion pulumi.StringPtrOutput `pulumi:"alertRuleTemplateVersion"`
	// A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapOutput `pulumi:"customDetails"`
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleScheduledEntityMappingArrayOutput `pulumi:"entityMappings"`
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrOutput `pulumi:"eventGrouping"`
	// A `incidentConfiguration` block as defined below.
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationOutput `pulumi:"incidentConfiguration"`
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringOutput `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrOutput `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	QueryPeriod pulumi.StringPtrOutput `pulumi:"queryPeriod"`
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringOutput `pulumi:"severity"`
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrOutput `pulumi:"suppressionDuration"`
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrOutput `pulumi:"suppressionEnabled"`
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
	Tactics pulumi.StringArrayOutput `pulumi:"tactics"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
	TriggerOperator pulumi.StringPtrOutput `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
	TriggerThreshold pulumi.IntPtrOutput `pulumi:"triggerThreshold"`
}

Manages a Sentinel Scheduled Alert Rule.

## Example Usage

```go package main

import (

"fmt"

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAlertRuleScheduled(ctx, "exampleAlertRuleScheduled", &sentinel.AlertRuleScheduledArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			DisplayName:             pulumi.String("example"),
			Severity:                pulumi.String("High"),
			Query:                   pulumi.String(fmt.Sprintf("%v%v%v%v", "AzureActivity |\n", "  where OperationName == \"Create or Update Virtual Machine\" or OperationName ==\"Create Deployment\" |\n", "  where ActivityStatus == \"Succeeded\" |\n", "  make-series dcount(ResourceId) default=0 on EventSubmissionTimestamp in range(ago(7d), now(), 1d) by Caller\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Scheduled Alert Rules can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/alertRuleScheduled:AlertRuleScheduled example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/alertRules/rule1

```

func GetAlertRuleScheduled

func GetAlertRuleScheduled(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AlertRuleScheduledState, opts ...pulumi.ResourceOption) (*AlertRuleScheduled, error)

GetAlertRuleScheduled gets an existing AlertRuleScheduled resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlertRuleScheduled

func NewAlertRuleScheduled(ctx *pulumi.Context,
	name string, args *AlertRuleScheduledArgs, opts ...pulumi.ResourceOption) (*AlertRuleScheduled, error)

NewAlertRuleScheduled registers a new resource with the given unique name, arguments, and options.

func (*AlertRuleScheduled) ElementType

func (*AlertRuleScheduled) ElementType() reflect.Type

func (*AlertRuleScheduled) ToAlertRuleScheduledOutput

func (i *AlertRuleScheduled) ToAlertRuleScheduledOutput() AlertRuleScheduledOutput

func (*AlertRuleScheduled) ToAlertRuleScheduledOutputWithContext

func (i *AlertRuleScheduled) ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput

type AlertRuleScheduledAlertDetailsOverride

type AlertRuleScheduledAlertDetailsOverride struct {
	// The format containing columns name(s) to override the description of this Sentinel Alert Rule.
	DescriptionFormat *string `pulumi:"descriptionFormat"`
	// The format containing columns name(s) to override the name of this Sentinel Alert Rule.
	DisplayNameFormat *string `pulumi:"displayNameFormat"`
	// The column name to take the alert severity from.
	SeverityColumnName *string `pulumi:"severityColumnName"`
	// The column name to take the alert tactics from.
	TacticsColumnName *string `pulumi:"tacticsColumnName"`
}

type AlertRuleScheduledAlertDetailsOverrideArgs

type AlertRuleScheduledAlertDetailsOverrideArgs struct {
	// The format containing columns name(s) to override the description of this Sentinel Alert Rule.
	DescriptionFormat pulumi.StringPtrInput `pulumi:"descriptionFormat"`
	// The format containing columns name(s) to override the name of this Sentinel Alert Rule.
	DisplayNameFormat pulumi.StringPtrInput `pulumi:"displayNameFormat"`
	// The column name to take the alert severity from.
	SeverityColumnName pulumi.StringPtrInput `pulumi:"severityColumnName"`
	// The column name to take the alert tactics from.
	TacticsColumnName pulumi.StringPtrInput `pulumi:"tacticsColumnName"`
}

func (AlertRuleScheduledAlertDetailsOverrideArgs) ElementType

func (AlertRuleScheduledAlertDetailsOverrideArgs) ToAlertRuleScheduledAlertDetailsOverrideOutput

func (i AlertRuleScheduledAlertDetailsOverrideArgs) ToAlertRuleScheduledAlertDetailsOverrideOutput() AlertRuleScheduledAlertDetailsOverrideOutput

func (AlertRuleScheduledAlertDetailsOverrideArgs) ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext

func (i AlertRuleScheduledAlertDetailsOverrideArgs) ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideOutput

type AlertRuleScheduledAlertDetailsOverrideArray

type AlertRuleScheduledAlertDetailsOverrideArray []AlertRuleScheduledAlertDetailsOverrideInput

func (AlertRuleScheduledAlertDetailsOverrideArray) ElementType

func (AlertRuleScheduledAlertDetailsOverrideArray) ToAlertRuleScheduledAlertDetailsOverrideArrayOutput

func (i AlertRuleScheduledAlertDetailsOverrideArray) ToAlertRuleScheduledAlertDetailsOverrideArrayOutput() AlertRuleScheduledAlertDetailsOverrideArrayOutput

func (AlertRuleScheduledAlertDetailsOverrideArray) ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext

func (i AlertRuleScheduledAlertDetailsOverrideArray) ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideArrayOutput

type AlertRuleScheduledAlertDetailsOverrideArrayInput

type AlertRuleScheduledAlertDetailsOverrideArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledAlertDetailsOverrideArrayOutput() AlertRuleScheduledAlertDetailsOverrideArrayOutput
	ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext(context.Context) AlertRuleScheduledAlertDetailsOverrideArrayOutput
}

AlertRuleScheduledAlertDetailsOverrideArrayInput is an input type that accepts AlertRuleScheduledAlertDetailsOverrideArray and AlertRuleScheduledAlertDetailsOverrideArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledAlertDetailsOverrideArrayInput` via:

AlertRuleScheduledAlertDetailsOverrideArray{ AlertRuleScheduledAlertDetailsOverrideArgs{...} }

type AlertRuleScheduledAlertDetailsOverrideArrayOutput

type AlertRuleScheduledAlertDetailsOverrideArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) ElementType

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) Index

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideArrayOutput

func (o AlertRuleScheduledAlertDetailsOverrideArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideArrayOutput() AlertRuleScheduledAlertDetailsOverrideArrayOutput

func (AlertRuleScheduledAlertDetailsOverrideArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext

func (o AlertRuleScheduledAlertDetailsOverrideArrayOutput) ToAlertRuleScheduledAlertDetailsOverrideArrayOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideArrayOutput

type AlertRuleScheduledAlertDetailsOverrideInput

type AlertRuleScheduledAlertDetailsOverrideInput interface {
	pulumi.Input

	ToAlertRuleScheduledAlertDetailsOverrideOutput() AlertRuleScheduledAlertDetailsOverrideOutput
	ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext(context.Context) AlertRuleScheduledAlertDetailsOverrideOutput
}

AlertRuleScheduledAlertDetailsOverrideInput is an input type that accepts AlertRuleScheduledAlertDetailsOverrideArgs and AlertRuleScheduledAlertDetailsOverrideOutput values. You can construct a concrete instance of `AlertRuleScheduledAlertDetailsOverrideInput` via:

AlertRuleScheduledAlertDetailsOverrideArgs{...}

type AlertRuleScheduledAlertDetailsOverrideOutput

type AlertRuleScheduledAlertDetailsOverrideOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledAlertDetailsOverrideOutput) DescriptionFormat

The format containing columns name(s) to override the description of this Sentinel Alert Rule.

func (AlertRuleScheduledAlertDetailsOverrideOutput) DisplayNameFormat

The format containing columns name(s) to override the name of this Sentinel Alert Rule.

func (AlertRuleScheduledAlertDetailsOverrideOutput) ElementType

func (AlertRuleScheduledAlertDetailsOverrideOutput) SeverityColumnName

The column name to take the alert severity from.

func (AlertRuleScheduledAlertDetailsOverrideOutput) TacticsColumnName

The column name to take the alert tactics from.

func (AlertRuleScheduledAlertDetailsOverrideOutput) ToAlertRuleScheduledAlertDetailsOverrideOutput

func (o AlertRuleScheduledAlertDetailsOverrideOutput) ToAlertRuleScheduledAlertDetailsOverrideOutput() AlertRuleScheduledAlertDetailsOverrideOutput

func (AlertRuleScheduledAlertDetailsOverrideOutput) ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext

func (o AlertRuleScheduledAlertDetailsOverrideOutput) ToAlertRuleScheduledAlertDetailsOverrideOutputWithContext(ctx context.Context) AlertRuleScheduledAlertDetailsOverrideOutput

type AlertRuleScheduledArgs

type AlertRuleScheduledArgs struct {
	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleScheduledAlertDetailsOverrideArrayInput
	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateVersion pulumi.StringPtrInput
	// A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapInput
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringInput
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleScheduledEntityMappingArrayInput
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrInput
	// A `incidentConfiguration` block as defined below.
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringInput
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrInput
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	QueryPeriod pulumi.StringPtrInput
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringInput
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrInput
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
	Tactics pulumi.StringArrayInput
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
	TriggerOperator pulumi.StringPtrInput
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
	TriggerThreshold pulumi.IntPtrInput
}

The set of arguments for constructing a AlertRuleScheduled resource.

func (AlertRuleScheduledArgs) ElementType

func (AlertRuleScheduledArgs) ElementType() reflect.Type

type AlertRuleScheduledArray

type AlertRuleScheduledArray []AlertRuleScheduledInput

func (AlertRuleScheduledArray) ElementType

func (AlertRuleScheduledArray) ElementType() reflect.Type

func (AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutput

func (i AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput

func (AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutputWithContext

func (i AlertRuleScheduledArray) ToAlertRuleScheduledArrayOutputWithContext(ctx context.Context) AlertRuleScheduledArrayOutput

type AlertRuleScheduledArrayInput

type AlertRuleScheduledArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput
	ToAlertRuleScheduledArrayOutputWithContext(context.Context) AlertRuleScheduledArrayOutput
}

AlertRuleScheduledArrayInput is an input type that accepts AlertRuleScheduledArray and AlertRuleScheduledArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledArrayInput` via:

AlertRuleScheduledArray{ AlertRuleScheduledArgs{...} }

type AlertRuleScheduledArrayOutput

type AlertRuleScheduledArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledArrayOutput) ElementType

func (AlertRuleScheduledArrayOutput) Index

func (AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutput

func (o AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutput() AlertRuleScheduledArrayOutput

func (AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutputWithContext

func (o AlertRuleScheduledArrayOutput) ToAlertRuleScheduledArrayOutputWithContext(ctx context.Context) AlertRuleScheduledArrayOutput

type AlertRuleScheduledEntityMapping

type AlertRuleScheduledEntityMapping struct {
	// The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	EntityType string `pulumi:"entityType"`
	// A list of `fieldMapping` blocks as defined below.
	FieldMappings []AlertRuleScheduledEntityMappingFieldMapping `pulumi:"fieldMappings"`
}

type AlertRuleScheduledEntityMappingArgs

type AlertRuleScheduledEntityMappingArgs struct {
	// The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	EntityType pulumi.StringInput `pulumi:"entityType"`
	// A list of `fieldMapping` blocks as defined below.
	FieldMappings AlertRuleScheduledEntityMappingFieldMappingArrayInput `pulumi:"fieldMappings"`
}

func (AlertRuleScheduledEntityMappingArgs) ElementType

func (AlertRuleScheduledEntityMappingArgs) ToAlertRuleScheduledEntityMappingOutput

func (i AlertRuleScheduledEntityMappingArgs) ToAlertRuleScheduledEntityMappingOutput() AlertRuleScheduledEntityMappingOutput

func (AlertRuleScheduledEntityMappingArgs) ToAlertRuleScheduledEntityMappingOutputWithContext

func (i AlertRuleScheduledEntityMappingArgs) ToAlertRuleScheduledEntityMappingOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingOutput

type AlertRuleScheduledEntityMappingArray

type AlertRuleScheduledEntityMappingArray []AlertRuleScheduledEntityMappingInput

func (AlertRuleScheduledEntityMappingArray) ElementType

func (AlertRuleScheduledEntityMappingArray) ToAlertRuleScheduledEntityMappingArrayOutput

func (i AlertRuleScheduledEntityMappingArray) ToAlertRuleScheduledEntityMappingArrayOutput() AlertRuleScheduledEntityMappingArrayOutput

func (AlertRuleScheduledEntityMappingArray) ToAlertRuleScheduledEntityMappingArrayOutputWithContext

func (i AlertRuleScheduledEntityMappingArray) ToAlertRuleScheduledEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingArrayOutput

type AlertRuleScheduledEntityMappingArrayInput

type AlertRuleScheduledEntityMappingArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledEntityMappingArrayOutput() AlertRuleScheduledEntityMappingArrayOutput
	ToAlertRuleScheduledEntityMappingArrayOutputWithContext(context.Context) AlertRuleScheduledEntityMappingArrayOutput
}

AlertRuleScheduledEntityMappingArrayInput is an input type that accepts AlertRuleScheduledEntityMappingArray and AlertRuleScheduledEntityMappingArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledEntityMappingArrayInput` via:

AlertRuleScheduledEntityMappingArray{ AlertRuleScheduledEntityMappingArgs{...} }

type AlertRuleScheduledEntityMappingArrayOutput

type AlertRuleScheduledEntityMappingArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEntityMappingArrayOutput) ElementType

func (AlertRuleScheduledEntityMappingArrayOutput) Index

func (AlertRuleScheduledEntityMappingArrayOutput) ToAlertRuleScheduledEntityMappingArrayOutput

func (o AlertRuleScheduledEntityMappingArrayOutput) ToAlertRuleScheduledEntityMappingArrayOutput() AlertRuleScheduledEntityMappingArrayOutput

func (AlertRuleScheduledEntityMappingArrayOutput) ToAlertRuleScheduledEntityMappingArrayOutputWithContext

func (o AlertRuleScheduledEntityMappingArrayOutput) ToAlertRuleScheduledEntityMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingArrayOutput

type AlertRuleScheduledEntityMappingFieldMapping

type AlertRuleScheduledEntityMappingFieldMapping struct {
	// The column name to be mapped to the identifier.
	ColumnName string `pulumi:"columnName"`
	// The identifier of the entity.
	Identifier string `pulumi:"identifier"`
}

type AlertRuleScheduledEntityMappingFieldMappingArgs

type AlertRuleScheduledEntityMappingFieldMappingArgs struct {
	// The column name to be mapped to the identifier.
	ColumnName pulumi.StringInput `pulumi:"columnName"`
	// The identifier of the entity.
	Identifier pulumi.StringInput `pulumi:"identifier"`
}

func (AlertRuleScheduledEntityMappingFieldMappingArgs) ElementType

func (AlertRuleScheduledEntityMappingFieldMappingArgs) ToAlertRuleScheduledEntityMappingFieldMappingOutput

func (i AlertRuleScheduledEntityMappingFieldMappingArgs) ToAlertRuleScheduledEntityMappingFieldMappingOutput() AlertRuleScheduledEntityMappingFieldMappingOutput

func (AlertRuleScheduledEntityMappingFieldMappingArgs) ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext

func (i AlertRuleScheduledEntityMappingFieldMappingArgs) ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingFieldMappingOutput

type AlertRuleScheduledEntityMappingFieldMappingArray

type AlertRuleScheduledEntityMappingFieldMappingArray []AlertRuleScheduledEntityMappingFieldMappingInput

func (AlertRuleScheduledEntityMappingFieldMappingArray) ElementType

func (AlertRuleScheduledEntityMappingFieldMappingArray) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput

func (i AlertRuleScheduledEntityMappingFieldMappingArray) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput() AlertRuleScheduledEntityMappingFieldMappingArrayOutput

func (AlertRuleScheduledEntityMappingFieldMappingArray) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext

func (i AlertRuleScheduledEntityMappingFieldMappingArray) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingFieldMappingArrayOutput

type AlertRuleScheduledEntityMappingFieldMappingArrayInput

type AlertRuleScheduledEntityMappingFieldMappingArrayInput interface {
	pulumi.Input

	ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput() AlertRuleScheduledEntityMappingFieldMappingArrayOutput
	ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext(context.Context) AlertRuleScheduledEntityMappingFieldMappingArrayOutput
}

AlertRuleScheduledEntityMappingFieldMappingArrayInput is an input type that accepts AlertRuleScheduledEntityMappingFieldMappingArray and AlertRuleScheduledEntityMappingFieldMappingArrayOutput values. You can construct a concrete instance of `AlertRuleScheduledEntityMappingFieldMappingArrayInput` via:

AlertRuleScheduledEntityMappingFieldMappingArray{ AlertRuleScheduledEntityMappingFieldMappingArgs{...} }

type AlertRuleScheduledEntityMappingFieldMappingArrayOutput

type AlertRuleScheduledEntityMappingFieldMappingArrayOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ElementType

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) Index

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutput

func (AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext

func (o AlertRuleScheduledEntityMappingFieldMappingArrayOutput) ToAlertRuleScheduledEntityMappingFieldMappingArrayOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingFieldMappingArrayOutput

type AlertRuleScheduledEntityMappingFieldMappingInput

type AlertRuleScheduledEntityMappingFieldMappingInput interface {
	pulumi.Input

	ToAlertRuleScheduledEntityMappingFieldMappingOutput() AlertRuleScheduledEntityMappingFieldMappingOutput
	ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext(context.Context) AlertRuleScheduledEntityMappingFieldMappingOutput
}

AlertRuleScheduledEntityMappingFieldMappingInput is an input type that accepts AlertRuleScheduledEntityMappingFieldMappingArgs and AlertRuleScheduledEntityMappingFieldMappingOutput values. You can construct a concrete instance of `AlertRuleScheduledEntityMappingFieldMappingInput` via:

AlertRuleScheduledEntityMappingFieldMappingArgs{...}

type AlertRuleScheduledEntityMappingFieldMappingOutput

type AlertRuleScheduledEntityMappingFieldMappingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ColumnName

The column name to be mapped to the identifier.

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ElementType

func (AlertRuleScheduledEntityMappingFieldMappingOutput) Identifier

The identifier of the entity.

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ToAlertRuleScheduledEntityMappingFieldMappingOutput

func (o AlertRuleScheduledEntityMappingFieldMappingOutput) ToAlertRuleScheduledEntityMappingFieldMappingOutput() AlertRuleScheduledEntityMappingFieldMappingOutput

func (AlertRuleScheduledEntityMappingFieldMappingOutput) ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext

func (o AlertRuleScheduledEntityMappingFieldMappingOutput) ToAlertRuleScheduledEntityMappingFieldMappingOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingFieldMappingOutput

type AlertRuleScheduledEntityMappingInput

type AlertRuleScheduledEntityMappingInput interface {
	pulumi.Input

	ToAlertRuleScheduledEntityMappingOutput() AlertRuleScheduledEntityMappingOutput
	ToAlertRuleScheduledEntityMappingOutputWithContext(context.Context) AlertRuleScheduledEntityMappingOutput
}

AlertRuleScheduledEntityMappingInput is an input type that accepts AlertRuleScheduledEntityMappingArgs and AlertRuleScheduledEntityMappingOutput values. You can construct a concrete instance of `AlertRuleScheduledEntityMappingInput` via:

AlertRuleScheduledEntityMappingArgs{...}

type AlertRuleScheduledEntityMappingOutput

type AlertRuleScheduledEntityMappingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEntityMappingOutput) ElementType

func (AlertRuleScheduledEntityMappingOutput) EntityType

The type of the entity. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleScheduledEntityMappingOutput) FieldMappings

A list of `fieldMapping` blocks as defined below.

func (AlertRuleScheduledEntityMappingOutput) ToAlertRuleScheduledEntityMappingOutput

func (o AlertRuleScheduledEntityMappingOutput) ToAlertRuleScheduledEntityMappingOutput() AlertRuleScheduledEntityMappingOutput

func (AlertRuleScheduledEntityMappingOutput) ToAlertRuleScheduledEntityMappingOutputWithContext

func (o AlertRuleScheduledEntityMappingOutput) ToAlertRuleScheduledEntityMappingOutputWithContext(ctx context.Context) AlertRuleScheduledEntityMappingOutput

type AlertRuleScheduledEventGrouping

type AlertRuleScheduledEventGrouping struct {
	// The aggregation type of grouping the events.
	AggregationMethod string `pulumi:"aggregationMethod"`
}

type AlertRuleScheduledEventGroupingArgs

type AlertRuleScheduledEventGroupingArgs struct {
	// The aggregation type of grouping the events.
	AggregationMethod pulumi.StringInput `pulumi:"aggregationMethod"`
}

func (AlertRuleScheduledEventGroupingArgs) ElementType

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutput

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutputWithContext

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutput

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutputWithContext

func (i AlertRuleScheduledEventGroupingArgs) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledEventGroupingInput

type AlertRuleScheduledEventGroupingInput interface {
	pulumi.Input

	ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput
	ToAlertRuleScheduledEventGroupingOutputWithContext(context.Context) AlertRuleScheduledEventGroupingOutput
}

AlertRuleScheduledEventGroupingInput is an input type that accepts AlertRuleScheduledEventGroupingArgs and AlertRuleScheduledEventGroupingOutput values. You can construct a concrete instance of `AlertRuleScheduledEventGroupingInput` via:

AlertRuleScheduledEventGroupingArgs{...}

type AlertRuleScheduledEventGroupingOutput

type AlertRuleScheduledEventGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEventGroupingOutput) AggregationMethod

The aggregation type of grouping the events.

func (AlertRuleScheduledEventGroupingOutput) ElementType

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutput

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutput() AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutputWithContext

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutput

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext

func (o AlertRuleScheduledEventGroupingOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledEventGroupingPtrInput

type AlertRuleScheduledEventGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput
	ToAlertRuleScheduledEventGroupingPtrOutputWithContext(context.Context) AlertRuleScheduledEventGroupingPtrOutput
}

AlertRuleScheduledEventGroupingPtrInput is an input type that accepts AlertRuleScheduledEventGroupingArgs, AlertRuleScheduledEventGroupingPtr and AlertRuleScheduledEventGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledEventGroupingPtrInput` via:

        AlertRuleScheduledEventGroupingArgs{...}

or:

        nil

type AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledEventGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledEventGroupingPtrOutput) AggregationMethod

The aggregation type of grouping the events.

func (AlertRuleScheduledEventGroupingPtrOutput) Elem

func (AlertRuleScheduledEventGroupingPtrOutput) ElementType

func (AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutput

func (o AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutput() AlertRuleScheduledEventGroupingPtrOutput

func (AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext

func (o AlertRuleScheduledEventGroupingPtrOutput) ToAlertRuleScheduledEventGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledEventGroupingPtrOutput

type AlertRuleScheduledIncidentConfiguration

type AlertRuleScheduledIncidentConfiguration struct {
	// Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?
	CreateIncident bool `pulumi:"createIncident"`
	// A `grouping` block as defined below.
	Grouping AlertRuleScheduledIncidentConfigurationGrouping `pulumi:"grouping"`
}

type AlertRuleScheduledIncidentConfigurationArgs

type AlertRuleScheduledIncidentConfigurationArgs struct {
	// Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?
	CreateIncident pulumi.BoolInput `pulumi:"createIncident"`
	// A `grouping` block as defined below.
	Grouping AlertRuleScheduledIncidentConfigurationGroupingInput `pulumi:"grouping"`
}

func (AlertRuleScheduledIncidentConfigurationArgs) ElementType

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutput

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutputWithContext

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutput

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext

func (i AlertRuleScheduledIncidentConfigurationArgs) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledIncidentConfigurationGrouping

type AlertRuleScheduledIncidentConfigurationGrouping struct {
	// Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.
	Enabled *bool `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod *string  `pulumi:"entityMatchingMethod"`
	GroupByAlertDetails  []string `pulumi:"groupByAlertDetails"`
	GroupByCustomDetails []string `pulumi:"groupByCustomDetails"`
	// A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	GroupByEntities []string `pulumi:"groupByEntities"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration *string `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents *bool `pulumi:"reopenClosedIncidents"`
}

type AlertRuleScheduledIncidentConfigurationGroupingArgs

type AlertRuleScheduledIncidentConfigurationGroupingArgs struct {
	// Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.
	Enabled pulumi.BoolPtrInput `pulumi:"enabled"`
	// The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.
	EntityMatchingMethod pulumi.StringPtrInput   `pulumi:"entityMatchingMethod"`
	GroupByAlertDetails  pulumi.StringArrayInput `pulumi:"groupByAlertDetails"`
	GroupByCustomDetails pulumi.StringArrayInput `pulumi:"groupByCustomDetails"`
	// A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.
	GroupByEntities pulumi.StringArrayInput `pulumi:"groupByEntities"`
	// Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.
	LookbackDuration pulumi.StringPtrInput `pulumi:"lookbackDuration"`
	// Whether to re-open closed matching incidents? Defaults to `false`.
	ReopenClosedIncidents pulumi.BoolPtrInput `pulumi:"reopenClosedIncidents"`
}

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ElementType

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutput

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutput() AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext

func (i AlertRuleScheduledIncidentConfigurationGroupingArgs) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationGroupingInput

type AlertRuleScheduledIncidentConfigurationGroupingInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationGroupingOutput() AlertRuleScheduledIncidentConfigurationGroupingOutput
	ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput
}

AlertRuleScheduledIncidentConfigurationGroupingInput is an input type that accepts AlertRuleScheduledIncidentConfigurationGroupingArgs and AlertRuleScheduledIncidentConfigurationGroupingOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationGroupingInput` via:

AlertRuleScheduledIncidentConfigurationGroupingArgs{...}

type AlertRuleScheduledIncidentConfigurationGroupingOutput

type AlertRuleScheduledIncidentConfigurationGroupingOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ElementType

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) Enabled

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) EntityMatchingMethod

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByAlertDetails

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByCustomDetails

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) GroupByEntities

A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) LookbackDuration

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ReopenClosedIncidents

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext

func (o AlertRuleScheduledIncidentConfigurationGroupingOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationGroupingPtrInput

type AlertRuleScheduledIncidentConfigurationGroupingPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput() AlertRuleScheduledIncidentConfigurationGroupingPtrOutput
	ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput
}

AlertRuleScheduledIncidentConfigurationGroupingPtrInput is an input type that accepts AlertRuleScheduledIncidentConfigurationGroupingArgs, AlertRuleScheduledIncidentConfigurationGroupingPtr and AlertRuleScheduledIncidentConfigurationGroupingPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationGroupingPtrInput` via:

        AlertRuleScheduledIncidentConfigurationGroupingArgs{...}

or:

        nil

type AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationGroupingPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Elem

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ElementType

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) Enabled

Enable grouping incidents created from alerts triggered by this Sentinel Scheduled Alert Rule. Defaults to `true`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) EntityMatchingMethod

The method used to group incidents. Possible values are `AnyAlert`, `Selected` and `AllEntities`. Defaults to `AnyAlert`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByAlertDetails

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByCustomDetails

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) GroupByEntities

A list of entity types to group by, only when the `entityMatchingMethod` is `Selected`. Possible values are `Account`, `AzureResource`, `CloudApplication`, `DNS`, `File`, `FileHash`, `Host`, `IP`, `Mailbox`, `MailCluster`, `MailMessage`, `Malware`, `Process`, `RegistryKey`, `RegistryValue`, `SecurityGroup`, `SubmissionMail`, `URL`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) LookbackDuration

Limit the group to alerts created within the lookback duration (in ISO 8601 duration format). Defaults to `PT5M`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ReopenClosedIncidents

Whether to re-open closed matching incidents? Defaults to `false`.

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutput

func (AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext

func (o AlertRuleScheduledIncidentConfigurationGroupingPtrOutput) ToAlertRuleScheduledIncidentConfigurationGroupingPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationGroupingPtrOutput

type AlertRuleScheduledIncidentConfigurationInput

type AlertRuleScheduledIncidentConfigurationInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput
	ToAlertRuleScheduledIncidentConfigurationOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationOutput
}

AlertRuleScheduledIncidentConfigurationInput is an input type that accepts AlertRuleScheduledIncidentConfigurationArgs and AlertRuleScheduledIncidentConfigurationOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationInput` via:

AlertRuleScheduledIncidentConfigurationArgs{...}

type AlertRuleScheduledIncidentConfigurationOutput

type AlertRuleScheduledIncidentConfigurationOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationOutput) CreateIncident

Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?

func (AlertRuleScheduledIncidentConfigurationOutput) ElementType

func (AlertRuleScheduledIncidentConfigurationOutput) Grouping

A `grouping` block as defined below.

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutput

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutput() AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutputWithContext

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext

func (o AlertRuleScheduledIncidentConfigurationOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledIncidentConfigurationPtrInput

type AlertRuleScheduledIncidentConfigurationPtrInput interface {
	pulumi.Input

	ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput
	ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput
}

AlertRuleScheduledIncidentConfigurationPtrInput is an input type that accepts AlertRuleScheduledIncidentConfigurationArgs, AlertRuleScheduledIncidentConfigurationPtr and AlertRuleScheduledIncidentConfigurationPtrOutput values. You can construct a concrete instance of `AlertRuleScheduledIncidentConfigurationPtrInput` via:

        AlertRuleScheduledIncidentConfigurationArgs{...}

or:

        nil

type AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledIncidentConfigurationPtrOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledIncidentConfigurationPtrOutput) CreateIncident

Whether to create an incident from alerts triggered by this Sentinel Scheduled Alert Rule?

func (AlertRuleScheduledIncidentConfigurationPtrOutput) Elem

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ElementType

func (AlertRuleScheduledIncidentConfigurationPtrOutput) Grouping

A `grouping` block as defined below.

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutput() AlertRuleScheduledIncidentConfigurationPtrOutput

func (AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext

func (o AlertRuleScheduledIncidentConfigurationPtrOutput) ToAlertRuleScheduledIncidentConfigurationPtrOutputWithContext(ctx context.Context) AlertRuleScheduledIncidentConfigurationPtrOutput

type AlertRuleScheduledInput

type AlertRuleScheduledInput interface {
	pulumi.Input

	ToAlertRuleScheduledOutput() AlertRuleScheduledOutput
	ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput
}

type AlertRuleScheduledMap

type AlertRuleScheduledMap map[string]AlertRuleScheduledInput

func (AlertRuleScheduledMap) ElementType

func (AlertRuleScheduledMap) ElementType() reflect.Type

func (AlertRuleScheduledMap) ToAlertRuleScheduledMapOutput

func (i AlertRuleScheduledMap) ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput

func (AlertRuleScheduledMap) ToAlertRuleScheduledMapOutputWithContext

func (i AlertRuleScheduledMap) ToAlertRuleScheduledMapOutputWithContext(ctx context.Context) AlertRuleScheduledMapOutput

type AlertRuleScheduledMapInput

type AlertRuleScheduledMapInput interface {
	pulumi.Input

	ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput
	ToAlertRuleScheduledMapOutputWithContext(context.Context) AlertRuleScheduledMapOutput
}

AlertRuleScheduledMapInput is an input type that accepts AlertRuleScheduledMap and AlertRuleScheduledMapOutput values. You can construct a concrete instance of `AlertRuleScheduledMapInput` via:

AlertRuleScheduledMap{ "key": AlertRuleScheduledArgs{...} }

type AlertRuleScheduledMapOutput

type AlertRuleScheduledMapOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledMapOutput) ElementType

func (AlertRuleScheduledMapOutput) MapIndex

func (AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutput

func (o AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutput() AlertRuleScheduledMapOutput

func (AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutputWithContext

func (o AlertRuleScheduledMapOutput) ToAlertRuleScheduledMapOutputWithContext(ctx context.Context) AlertRuleScheduledMapOutput

type AlertRuleScheduledOutput

type AlertRuleScheduledOutput struct{ *pulumi.OutputState }

func (AlertRuleScheduledOutput) AlertDetailsOverrides added in v5.5.0

An `alertDetailsOverride` block as defined below.

func (AlertRuleScheduledOutput) AlertRuleTemplateGuid added in v5.5.0

func (o AlertRuleScheduledOutput) AlertRuleTemplateGuid() pulumi.StringPtrOutput

The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

func (AlertRuleScheduledOutput) AlertRuleTemplateVersion added in v5.5.0

func (o AlertRuleScheduledOutput) AlertRuleTemplateVersion() pulumi.StringPtrOutput

The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

func (AlertRuleScheduledOutput) CustomDetails added in v5.5.0

A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.

func (AlertRuleScheduledOutput) Description added in v5.5.0

The description of this Sentinel Scheduled Alert Rule.

func (AlertRuleScheduledOutput) DisplayName added in v5.5.0

The friendly name of this Sentinel Scheduled Alert Rule.

func (AlertRuleScheduledOutput) ElementType

func (AlertRuleScheduledOutput) ElementType() reflect.Type

func (AlertRuleScheduledOutput) Enabled added in v5.5.0

Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.

func (AlertRuleScheduledOutput) EntityMappings added in v5.5.0

A list of `entityMapping` blocks as defined below.

func (AlertRuleScheduledOutput) EventGrouping added in v5.5.0

A `eventGrouping` block as defined below.

func (AlertRuleScheduledOutput) IncidentConfiguration added in v5.5.0

A `incidentConfiguration` block as defined below.

func (AlertRuleScheduledOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o AlertRuleScheduledOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

func (AlertRuleScheduledOutput) Name added in v5.5.0

The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.

func (AlertRuleScheduledOutput) Query added in v5.5.0

The query of this Sentinel Scheduled Alert Rule.

func (AlertRuleScheduledOutput) QueryFrequency added in v5.5.0

func (o AlertRuleScheduledOutput) QueryFrequency() pulumi.StringPtrOutput

The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.

func (AlertRuleScheduledOutput) QueryPeriod added in v5.5.0

The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.

func (AlertRuleScheduledOutput) Severity added in v5.5.0

The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.

func (AlertRuleScheduledOutput) SuppressionDuration added in v5.5.0

func (o AlertRuleScheduledOutput) SuppressionDuration() pulumi.StringPtrOutput

If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.

func (AlertRuleScheduledOutput) SuppressionEnabled added in v5.5.0

func (o AlertRuleScheduledOutput) SuppressionEnabled() pulumi.BoolPtrOutput

Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.

func (AlertRuleScheduledOutput) Tactics added in v5.5.0

A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.

func (AlertRuleScheduledOutput) ToAlertRuleScheduledOutput

func (o AlertRuleScheduledOutput) ToAlertRuleScheduledOutput() AlertRuleScheduledOutput

func (AlertRuleScheduledOutput) ToAlertRuleScheduledOutputWithContext

func (o AlertRuleScheduledOutput) ToAlertRuleScheduledOutputWithContext(ctx context.Context) AlertRuleScheduledOutput

func (AlertRuleScheduledOutput) TriggerOperator added in v5.5.0

func (o AlertRuleScheduledOutput) TriggerOperator() pulumi.StringPtrOutput

The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.

func (AlertRuleScheduledOutput) TriggerThreshold added in v5.5.0

func (o AlertRuleScheduledOutput) TriggerThreshold() pulumi.IntPtrOutput

The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.

type AlertRuleScheduledState

type AlertRuleScheduledState struct {
	// An `alertDetailsOverride` block as defined below.
	AlertDetailsOverrides AlertRuleScheduledAlertDetailsOverrideArrayInput
	// The GUID of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateGuid pulumi.StringPtrInput
	// The version of the alert rule template which is used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	AlertRuleTemplateVersion pulumi.StringPtrInput
	// A map of string key-value pairs of columns to be attached to this Sentinel Scheduled Alert Rule. The key will appear as the field name in alerts and the value is the event parameter you wish to surface in the alerts.
	CustomDetails pulumi.StringMapInput
	// The description of this Sentinel Scheduled Alert Rule.
	Description pulumi.StringPtrInput
	// The friendly name of this Sentinel Scheduled Alert Rule.
	DisplayName pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rule be enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// A list of `entityMapping` blocks as defined below.
	EntityMappings AlertRuleScheduledEntityMappingArrayInput
	// A `eventGrouping` block as defined below.
	EventGrouping AlertRuleScheduledEventGroupingPtrInput
	// A `incidentConfiguration` block as defined below.
	IncidentConfiguration AlertRuleScheduledIncidentConfigurationPtrInput
	// The ID of the Log Analytics Workspace this Sentinel Scheduled Alert Rule belongs to. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Scheduled Alert Rule. Changing this forces a new Sentinel Scheduled Alert Rule to be created.
	Name pulumi.StringPtrInput
	// The query of this Sentinel Scheduled Alert Rule.
	Query pulumi.StringPtrInput
	// The ISO 8601 timespan duration between two consecutive queries. Defaults to `PT5H`.
	QueryFrequency pulumi.StringPtrInput
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query. For example, it can query the past 10 minutes of data, or the past 6 hours of data. Defaults to `PT5H`.
	QueryPeriod pulumi.StringPtrInput
	// The alert severity of this Sentinel Scheduled Alert Rule. Possible values are `High`, `Medium`, `Low` and `Informational`.
	Severity pulumi.StringPtrInput
	// If `suppressionEnabled` is `true`, this is ISO 8601 timespan duration, which specifies the amount of time the query should stop running after alert is generated. Defaults to `PT5H`.
	SuppressionDuration pulumi.StringPtrInput
	// Should the Sentinel Scheduled Alert Rulea stop running query after alert is generated? Defaults to `false`.
	SuppressionEnabled pulumi.BoolPtrInput
	// A list of categories of attacks by which to classify the rule. Possible values are `Collection`, `CommandAndControl`, `CredentialAccess`, `DefenseEvasion`, `Discovery`, `Execution`, `Exfiltration`, `Impact`, `InitialAccess`, `LateralMovement`, `Persistence` and `PrivilegeEscalation`.
	Tactics pulumi.StringArrayInput
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule. Possible values are `Equal`, `GreaterThan`, `LessThan`, `NotEqual`.
	TriggerOperator pulumi.StringPtrInput
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule.
	TriggerThreshold pulumi.IntPtrInput
}

func (AlertRuleScheduledState) ElementType

func (AlertRuleScheduledState) ElementType() reflect.Type

type AuthomationRule deprecated

type AuthomationRule struct {
	pulumi.CustomResourceState

	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayOutput `pulumi:"actionIncidents"`
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayOutput `pulumi:"actionPlaybooks"`
	// One or more `condition` blocks as defined below.
	Conditions AuthomationRuleConditionArrayOutput `pulumi:"conditions"`
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrOutput `pulumi:"expiration"`
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntOutput `pulumi:"order"`
}

Manages a Sentinel Automation Rule.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		sentinel, err := operationalinsights.NewAnalyticsSolution(ctx, "sentinel", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAutomationRule(ctx, "exampleAutomationRule", &sentinel.AutomationRuleArgs{
			LogAnalyticsWorkspaceId: sentinel.WorkspaceResourceId,
			DisplayName:             pulumi.String("automation_rule1"),
			Order:                   pulumi.Int(1),
			ActionIncidents: sentinel.AutomationRuleActionIncidentArray{
				&sentinel.AutomationRuleActionIncidentArgs{
					Order:  pulumi.Int(1),
					Status: pulumi.String("Active"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Automation Rules can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/authomationRule:AuthomationRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/AutomationRules/rule1

```

Deprecated: azure.sentinel.AuthomationRule has been deprecated in favor of azure.sentinel.AutomationRule

func GetAuthomationRule

func GetAuthomationRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthomationRuleState, opts ...pulumi.ResourceOption) (*AuthomationRule, error)

GetAuthomationRule gets an existing AuthomationRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthomationRule

func NewAuthomationRule(ctx *pulumi.Context,
	name string, args *AuthomationRuleArgs, opts ...pulumi.ResourceOption) (*AuthomationRule, error)

NewAuthomationRule registers a new resource with the given unique name, arguments, and options.

func (*AuthomationRule) ElementType

func (*AuthomationRule) ElementType() reflect.Type

func (*AuthomationRule) ToAuthomationRuleOutput

func (i *AuthomationRule) ToAuthomationRuleOutput() AuthomationRuleOutput

func (*AuthomationRule) ToAuthomationRuleOutputWithContext

func (i *AuthomationRule) ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput

type AuthomationRuleActionIncident

type AuthomationRuleActionIncident struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	Classification *string `pulumi:"classification"`
	// The comment why the incident is to be closed.
	ClassificationComment *string `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels []string `pulumi:"labels"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId *string `pulumi:"ownerId"`
	// The severity to add to the incident.
	Severity *string `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status *string `pulumi:"status"`
}

type AuthomationRuleActionIncidentArgs

type AuthomationRuleActionIncidentArgs struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	Classification pulumi.StringPtrInput `pulumi:"classification"`
	// The comment why the incident is to be closed.
	ClassificationComment pulumi.StringPtrInput `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels pulumi.StringArrayInput `pulumi:"labels"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId pulumi.StringPtrInput `pulumi:"ownerId"`
	// The severity to add to the incident.
	Severity pulumi.StringPtrInput `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status pulumi.StringPtrInput `pulumi:"status"`
}

func (AuthomationRuleActionIncidentArgs) ElementType

func (AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutput

func (i AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput

func (AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutputWithContext

func (i AuthomationRuleActionIncidentArgs) ToAuthomationRuleActionIncidentOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentOutput

type AuthomationRuleActionIncidentArray

type AuthomationRuleActionIncidentArray []AuthomationRuleActionIncidentInput

func (AuthomationRuleActionIncidentArray) ElementType

func (AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutput

func (i AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput

func (AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutputWithContext

func (i AuthomationRuleActionIncidentArray) ToAuthomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentArrayOutput

type AuthomationRuleActionIncidentArrayInput

type AuthomationRuleActionIncidentArrayInput interface {
	pulumi.Input

	ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput
	ToAuthomationRuleActionIncidentArrayOutputWithContext(context.Context) AuthomationRuleActionIncidentArrayOutput
}

AuthomationRuleActionIncidentArrayInput is an input type that accepts AuthomationRuleActionIncidentArray and AuthomationRuleActionIncidentArrayOutput values. You can construct a concrete instance of `AuthomationRuleActionIncidentArrayInput` via:

AuthomationRuleActionIncidentArray{ AuthomationRuleActionIncidentArgs{...} }

type AuthomationRuleActionIncidentArrayOutput

type AuthomationRuleActionIncidentArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionIncidentArrayOutput) ElementType

func (AuthomationRuleActionIncidentArrayOutput) Index

func (AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutput

func (o AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutput() AuthomationRuleActionIncidentArrayOutput

func (AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutputWithContext

func (o AuthomationRuleActionIncidentArrayOutput) ToAuthomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentArrayOutput

type AuthomationRuleActionIncidentInput

type AuthomationRuleActionIncidentInput interface {
	pulumi.Input

	ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput
	ToAuthomationRuleActionIncidentOutputWithContext(context.Context) AuthomationRuleActionIncidentOutput
}

AuthomationRuleActionIncidentInput is an input type that accepts AuthomationRuleActionIncidentArgs and AuthomationRuleActionIncidentOutput values. You can construct a concrete instance of `AuthomationRuleActionIncidentInput` via:

AuthomationRuleActionIncidentArgs{...}

type AuthomationRuleActionIncidentOutput

type AuthomationRuleActionIncidentOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionIncidentOutput) Classification

The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.

func (AuthomationRuleActionIncidentOutput) ClassificationComment

The comment why the incident is to be closed.

func (AuthomationRuleActionIncidentOutput) ElementType

func (AuthomationRuleActionIncidentOutput) Labels

Specifies a list of labels to add to the incident.

func (AuthomationRuleActionIncidentOutput) Order

The execution order of this action.

func (AuthomationRuleActionIncidentOutput) OwnerId

The object ID of the entity this incident is assigned to.

func (AuthomationRuleActionIncidentOutput) Severity

The severity to add to the incident.

func (AuthomationRuleActionIncidentOutput) Status

The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.

func (AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutput

func (o AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutput() AuthomationRuleActionIncidentOutput

func (AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutputWithContext

func (o AuthomationRuleActionIncidentOutput) ToAuthomationRuleActionIncidentOutputWithContext(ctx context.Context) AuthomationRuleActionIncidentOutput

type AuthomationRuleActionPlaybook

type AuthomationRuleActionPlaybook struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId string `pulumi:"logicAppId"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId *string `pulumi:"tenantId"`
}

type AuthomationRuleActionPlaybookArgs

type AuthomationRuleActionPlaybookArgs struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId pulumi.StringInput `pulumi:"logicAppId"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
}

func (AuthomationRuleActionPlaybookArgs) ElementType

func (AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutput

func (i AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput

func (AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutputWithContext

func (i AuthomationRuleActionPlaybookArgs) ToAuthomationRuleActionPlaybookOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookOutput

type AuthomationRuleActionPlaybookArray

type AuthomationRuleActionPlaybookArray []AuthomationRuleActionPlaybookInput

func (AuthomationRuleActionPlaybookArray) ElementType

func (AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutput

func (i AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput

func (AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutputWithContext

func (i AuthomationRuleActionPlaybookArray) ToAuthomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookArrayOutput

type AuthomationRuleActionPlaybookArrayInput

type AuthomationRuleActionPlaybookArrayInput interface {
	pulumi.Input

	ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput
	ToAuthomationRuleActionPlaybookArrayOutputWithContext(context.Context) AuthomationRuleActionPlaybookArrayOutput
}

AuthomationRuleActionPlaybookArrayInput is an input type that accepts AuthomationRuleActionPlaybookArray and AuthomationRuleActionPlaybookArrayOutput values. You can construct a concrete instance of `AuthomationRuleActionPlaybookArrayInput` via:

AuthomationRuleActionPlaybookArray{ AuthomationRuleActionPlaybookArgs{...} }

type AuthomationRuleActionPlaybookArrayOutput

type AuthomationRuleActionPlaybookArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionPlaybookArrayOutput) ElementType

func (AuthomationRuleActionPlaybookArrayOutput) Index

func (AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutput

func (o AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutput() AuthomationRuleActionPlaybookArrayOutput

func (AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutputWithContext

func (o AuthomationRuleActionPlaybookArrayOutput) ToAuthomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookArrayOutput

type AuthomationRuleActionPlaybookInput

type AuthomationRuleActionPlaybookInput interface {
	pulumi.Input

	ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput
	ToAuthomationRuleActionPlaybookOutputWithContext(context.Context) AuthomationRuleActionPlaybookOutput
}

AuthomationRuleActionPlaybookInput is an input type that accepts AuthomationRuleActionPlaybookArgs and AuthomationRuleActionPlaybookOutput values. You can construct a concrete instance of `AuthomationRuleActionPlaybookInput` via:

AuthomationRuleActionPlaybookArgs{...}

type AuthomationRuleActionPlaybookOutput

type AuthomationRuleActionPlaybookOutput struct{ *pulumi.OutputState }

func (AuthomationRuleActionPlaybookOutput) ElementType

func (AuthomationRuleActionPlaybookOutput) LogicAppId

The ID of the Logic App that defines the playbook's logic.

func (AuthomationRuleActionPlaybookOutput) Order

The execution order of this action.

func (AuthomationRuleActionPlaybookOutput) TenantId

The ID of the Tenant that owns the playbook.

func (AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutput

func (o AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutput() AuthomationRuleActionPlaybookOutput

func (AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutputWithContext

func (o AuthomationRuleActionPlaybookOutput) ToAuthomationRuleActionPlaybookOutputWithContext(ctx context.Context) AuthomationRuleActionPlaybookOutput

type AuthomationRuleArgs

type AuthomationRuleArgs struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayInput
	// One or more `condition` blocks as defined below.
	Conditions AuthomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntInput
}

The set of arguments for constructing a AuthomationRule resource.

func (AuthomationRuleArgs) ElementType

func (AuthomationRuleArgs) ElementType() reflect.Type

type AuthomationRuleArray

type AuthomationRuleArray []AuthomationRuleInput

func (AuthomationRuleArray) ElementType

func (AuthomationRuleArray) ElementType() reflect.Type

func (AuthomationRuleArray) ToAuthomationRuleArrayOutput

func (i AuthomationRuleArray) ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput

func (AuthomationRuleArray) ToAuthomationRuleArrayOutputWithContext

func (i AuthomationRuleArray) ToAuthomationRuleArrayOutputWithContext(ctx context.Context) AuthomationRuleArrayOutput

type AuthomationRuleArrayInput

type AuthomationRuleArrayInput interface {
	pulumi.Input

	ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput
	ToAuthomationRuleArrayOutputWithContext(context.Context) AuthomationRuleArrayOutput
}

AuthomationRuleArrayInput is an input type that accepts AuthomationRuleArray and AuthomationRuleArrayOutput values. You can construct a concrete instance of `AuthomationRuleArrayInput` via:

AuthomationRuleArray{ AuthomationRuleArgs{...} }

type AuthomationRuleArrayOutput

type AuthomationRuleArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleArrayOutput) ElementType

func (AuthomationRuleArrayOutput) ElementType() reflect.Type

func (AuthomationRuleArrayOutput) Index

func (AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutput

func (o AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutput() AuthomationRuleArrayOutput

func (AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutputWithContext

func (o AuthomationRuleArrayOutput) ToAuthomationRuleArrayOutputWithContext(ctx context.Context) AuthomationRuleArrayOutput

type AuthomationRuleCondition

type AuthomationRuleCondition struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator string `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.
	Property string `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values []string `pulumi:"values"`
}

type AuthomationRuleConditionArgs

type AuthomationRuleConditionArgs struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator pulumi.StringInput `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.
	Property pulumi.StringInput `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (AuthomationRuleConditionArgs) ElementType

func (AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutput

func (i AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput

func (AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutputWithContext

func (i AuthomationRuleConditionArgs) ToAuthomationRuleConditionOutputWithContext(ctx context.Context) AuthomationRuleConditionOutput

type AuthomationRuleConditionArray

type AuthomationRuleConditionArray []AuthomationRuleConditionInput

func (AuthomationRuleConditionArray) ElementType

func (AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutput

func (i AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput

func (AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutputWithContext

func (i AuthomationRuleConditionArray) ToAuthomationRuleConditionArrayOutputWithContext(ctx context.Context) AuthomationRuleConditionArrayOutput

type AuthomationRuleConditionArrayInput

type AuthomationRuleConditionArrayInput interface {
	pulumi.Input

	ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput
	ToAuthomationRuleConditionArrayOutputWithContext(context.Context) AuthomationRuleConditionArrayOutput
}

AuthomationRuleConditionArrayInput is an input type that accepts AuthomationRuleConditionArray and AuthomationRuleConditionArrayOutput values. You can construct a concrete instance of `AuthomationRuleConditionArrayInput` via:

AuthomationRuleConditionArray{ AuthomationRuleConditionArgs{...} }

type AuthomationRuleConditionArrayOutput

type AuthomationRuleConditionArrayOutput struct{ *pulumi.OutputState }

func (AuthomationRuleConditionArrayOutput) ElementType

func (AuthomationRuleConditionArrayOutput) Index

func (AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutput

func (o AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutput() AuthomationRuleConditionArrayOutput

func (AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutputWithContext

func (o AuthomationRuleConditionArrayOutput) ToAuthomationRuleConditionArrayOutputWithContext(ctx context.Context) AuthomationRuleConditionArrayOutput

type AuthomationRuleConditionInput

type AuthomationRuleConditionInput interface {
	pulumi.Input

	ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput
	ToAuthomationRuleConditionOutputWithContext(context.Context) AuthomationRuleConditionOutput
}

AuthomationRuleConditionInput is an input type that accepts AuthomationRuleConditionArgs and AuthomationRuleConditionOutput values. You can construct a concrete instance of `AuthomationRuleConditionInput` via:

AuthomationRuleConditionArgs{...}

type AuthomationRuleConditionOutput

type AuthomationRuleConditionOutput struct{ *pulumi.OutputState }

func (AuthomationRuleConditionOutput) ElementType

func (AuthomationRuleConditionOutput) Operator

The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.

func (AuthomationRuleConditionOutput) Property

The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.

func (AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutput

func (o AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutput() AuthomationRuleConditionOutput

func (AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutputWithContext

func (o AuthomationRuleConditionOutput) ToAuthomationRuleConditionOutputWithContext(ctx context.Context) AuthomationRuleConditionOutput

func (AuthomationRuleConditionOutput) Values

Specifies a list of values to use for evaluate the condition.

type AuthomationRuleInput

type AuthomationRuleInput interface {
	pulumi.Input

	ToAuthomationRuleOutput() AuthomationRuleOutput
	ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput
}

type AuthomationRuleMap

type AuthomationRuleMap map[string]AuthomationRuleInput

func (AuthomationRuleMap) ElementType

func (AuthomationRuleMap) ElementType() reflect.Type

func (AuthomationRuleMap) ToAuthomationRuleMapOutput

func (i AuthomationRuleMap) ToAuthomationRuleMapOutput() AuthomationRuleMapOutput

func (AuthomationRuleMap) ToAuthomationRuleMapOutputWithContext

func (i AuthomationRuleMap) ToAuthomationRuleMapOutputWithContext(ctx context.Context) AuthomationRuleMapOutput

type AuthomationRuleMapInput

type AuthomationRuleMapInput interface {
	pulumi.Input

	ToAuthomationRuleMapOutput() AuthomationRuleMapOutput
	ToAuthomationRuleMapOutputWithContext(context.Context) AuthomationRuleMapOutput
}

AuthomationRuleMapInput is an input type that accepts AuthomationRuleMap and AuthomationRuleMapOutput values. You can construct a concrete instance of `AuthomationRuleMapInput` via:

AuthomationRuleMap{ "key": AuthomationRuleArgs{...} }

type AuthomationRuleMapOutput

type AuthomationRuleMapOutput struct{ *pulumi.OutputState }

func (AuthomationRuleMapOutput) ElementType

func (AuthomationRuleMapOutput) ElementType() reflect.Type

func (AuthomationRuleMapOutput) MapIndex

func (AuthomationRuleMapOutput) ToAuthomationRuleMapOutput

func (o AuthomationRuleMapOutput) ToAuthomationRuleMapOutput() AuthomationRuleMapOutput

func (AuthomationRuleMapOutput) ToAuthomationRuleMapOutputWithContext

func (o AuthomationRuleMapOutput) ToAuthomationRuleMapOutputWithContext(ctx context.Context) AuthomationRuleMapOutput

type AuthomationRuleOutput

type AuthomationRuleOutput struct{ *pulumi.OutputState }

func (AuthomationRuleOutput) ActionIncidents added in v5.5.0

One or more `actionIncident` blocks as defined below.

func (AuthomationRuleOutput) ActionPlaybooks added in v5.5.0

One or more `actionPlaybook` blocks as defined below.

func (AuthomationRuleOutput) Conditions added in v5.5.0

One or more `condition` blocks as defined below.

func (AuthomationRuleOutput) DisplayName added in v5.5.0

func (o AuthomationRuleOutput) DisplayName() pulumi.StringOutput

The display name which should be used for this Sentinel Automation Rule.

func (AuthomationRuleOutput) ElementType

func (AuthomationRuleOutput) ElementType() reflect.Type

func (AuthomationRuleOutput) Enabled added in v5.5.0

Whether this Sentinel Automation Rule is enabled? Defaults to `true`.

func (AuthomationRuleOutput) Expiration added in v5.5.0

The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.

func (AuthomationRuleOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o AuthomationRuleOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.

func (AuthomationRuleOutput) Name added in v5.5.0

The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.

func (AuthomationRuleOutput) Order added in v5.5.0

The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.

func (AuthomationRuleOutput) ToAuthomationRuleOutput

func (o AuthomationRuleOutput) ToAuthomationRuleOutput() AuthomationRuleOutput

func (AuthomationRuleOutput) ToAuthomationRuleOutputWithContext

func (o AuthomationRuleOutput) ToAuthomationRuleOutputWithContext(ctx context.Context) AuthomationRuleOutput

type AuthomationRuleState

type AuthomationRuleState struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AuthomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AuthomationRuleActionPlaybookArrayInput
	// One or more `condition` blocks as defined below.
	Conditions AuthomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringPtrInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntPtrInput
}

func (AuthomationRuleState) ElementType

func (AuthomationRuleState) ElementType() reflect.Type

type AutomationRule

type AutomationRule struct {
	pulumi.CustomResourceState

	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayOutput `pulumi:"actionIncidents"`
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AutomationRuleActionPlaybookArrayOutput `pulumi:"actionPlaybooks"`
	// One or more `condition` blocks as defined below.
	Conditions AutomationRuleConditionArrayOutput `pulumi:"conditions"`
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrOutput `pulumi:"expiration"`
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntOutput `pulumi:"order"`
}

Manages a Sentinel Automation Rule.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		sentinel, err := operationalinsights.NewAnalyticsSolution(ctx, "sentinel", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewAutomationRule(ctx, "exampleAutomationRule", &sentinel.AutomationRuleArgs{
			LogAnalyticsWorkspaceId: sentinel.WorkspaceResourceId,
			DisplayName:             pulumi.String("automation_rule1"),
			Order:                   pulumi.Int(1),
			ActionIncidents: sentinel.AutomationRuleActionIncidentArray{
				&sentinel.AutomationRuleActionIncidentArgs{
					Order:  pulumi.Int(1),
					Status: pulumi.String("Active"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Automation Rules can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/automationRule:AutomationRule example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/AutomationRules/rule1

```

func GetAutomationRule

func GetAutomationRule(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AutomationRuleState, opts ...pulumi.ResourceOption) (*AutomationRule, error)

GetAutomationRule gets an existing AutomationRule resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAutomationRule

func NewAutomationRule(ctx *pulumi.Context,
	name string, args *AutomationRuleArgs, opts ...pulumi.ResourceOption) (*AutomationRule, error)

NewAutomationRule registers a new resource with the given unique name, arguments, and options.

func (*AutomationRule) ElementType

func (*AutomationRule) ElementType() reflect.Type

func (*AutomationRule) ToAutomationRuleOutput

func (i *AutomationRule) ToAutomationRuleOutput() AutomationRuleOutput

func (*AutomationRule) ToAutomationRuleOutputWithContext

func (i *AutomationRule) ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput

type AutomationRuleActionIncident

type AutomationRuleActionIncident struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	Classification *string `pulumi:"classification"`
	// The comment why the incident is to be closed.
	ClassificationComment *string `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels []string `pulumi:"labels"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId *string `pulumi:"ownerId"`
	// The severity to add to the incident.
	Severity *string `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status *string `pulumi:"status"`
}

type AutomationRuleActionIncidentArgs

type AutomationRuleActionIncidentArgs struct {
	// The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.
	Classification pulumi.StringPtrInput `pulumi:"classification"`
	// The comment why the incident is to be closed.
	ClassificationComment pulumi.StringPtrInput `pulumi:"classificationComment"`
	// Specifies a list of labels to add to the incident.
	Labels pulumi.StringArrayInput `pulumi:"labels"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The object ID of the entity this incident is assigned to.
	OwnerId pulumi.StringPtrInput `pulumi:"ownerId"`
	// The severity to add to the incident.
	Severity pulumi.StringPtrInput `pulumi:"severity"`
	// The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.
	Status pulumi.StringPtrInput `pulumi:"status"`
}

func (AutomationRuleActionIncidentArgs) ElementType

func (AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutput

func (i AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput

func (AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutputWithContext

func (i AutomationRuleActionIncidentArgs) ToAutomationRuleActionIncidentOutputWithContext(ctx context.Context) AutomationRuleActionIncidentOutput

type AutomationRuleActionIncidentArray

type AutomationRuleActionIncidentArray []AutomationRuleActionIncidentInput

func (AutomationRuleActionIncidentArray) ElementType

func (AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutput

func (i AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput

func (AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutputWithContext

func (i AutomationRuleActionIncidentArray) ToAutomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AutomationRuleActionIncidentArrayOutput

type AutomationRuleActionIncidentArrayInput

type AutomationRuleActionIncidentArrayInput interface {
	pulumi.Input

	ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput
	ToAutomationRuleActionIncidentArrayOutputWithContext(context.Context) AutomationRuleActionIncidentArrayOutput
}

AutomationRuleActionIncidentArrayInput is an input type that accepts AutomationRuleActionIncidentArray and AutomationRuleActionIncidentArrayOutput values. You can construct a concrete instance of `AutomationRuleActionIncidentArrayInput` via:

AutomationRuleActionIncidentArray{ AutomationRuleActionIncidentArgs{...} }

type AutomationRuleActionIncidentArrayOutput

type AutomationRuleActionIncidentArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionIncidentArrayOutput) ElementType

func (AutomationRuleActionIncidentArrayOutput) Index

func (AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutput

func (o AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutput() AutomationRuleActionIncidentArrayOutput

func (AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutputWithContext

func (o AutomationRuleActionIncidentArrayOutput) ToAutomationRuleActionIncidentArrayOutputWithContext(ctx context.Context) AutomationRuleActionIncidentArrayOutput

type AutomationRuleActionIncidentInput

type AutomationRuleActionIncidentInput interface {
	pulumi.Input

	ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput
	ToAutomationRuleActionIncidentOutputWithContext(context.Context) AutomationRuleActionIncidentOutput
}

AutomationRuleActionIncidentInput is an input type that accepts AutomationRuleActionIncidentArgs and AutomationRuleActionIncidentOutput values. You can construct a concrete instance of `AutomationRuleActionIncidentInput` via:

AutomationRuleActionIncidentArgs{...}

type AutomationRuleActionIncidentOutput

type AutomationRuleActionIncidentOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionIncidentOutput) Classification

The classification of the incident, when closing it. Possible values are: `BenignPositive_SuspiciousButExpected`, `FalsePositive_InaccurateData`, `FalsePositive_IncorrectAlertLogic`, `TruePositive_SuspiciousActivity` and `Undetermined`.

func (AutomationRuleActionIncidentOutput) ClassificationComment

func (o AutomationRuleActionIncidentOutput) ClassificationComment() pulumi.StringPtrOutput

The comment why the incident is to be closed.

func (AutomationRuleActionIncidentOutput) ElementType

func (AutomationRuleActionIncidentOutput) Labels

Specifies a list of labels to add to the incident.

func (AutomationRuleActionIncidentOutput) Order

The execution order of this action.

func (AutomationRuleActionIncidentOutput) OwnerId

The object ID of the entity this incident is assigned to.

func (AutomationRuleActionIncidentOutput) Severity

The severity to add to the incident.

func (AutomationRuleActionIncidentOutput) Status

The status to set to the incident. Possible values are: `Active`, `Closed`, `New`.

func (AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutput

func (o AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutput() AutomationRuleActionIncidentOutput

func (AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutputWithContext

func (o AutomationRuleActionIncidentOutput) ToAutomationRuleActionIncidentOutputWithContext(ctx context.Context) AutomationRuleActionIncidentOutput

type AutomationRuleActionPlaybook

type AutomationRuleActionPlaybook struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId string `pulumi:"logicAppId"`
	// The execution order of this action.
	Order int `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId *string `pulumi:"tenantId"`
}

type AutomationRuleActionPlaybookArgs

type AutomationRuleActionPlaybookArgs struct {
	// The ID of the Logic App that defines the playbook's logic.
	LogicAppId pulumi.StringInput `pulumi:"logicAppId"`
	// The execution order of this action.
	Order pulumi.IntInput `pulumi:"order"`
	// The ID of the Tenant that owns the playbook.
	TenantId pulumi.StringPtrInput `pulumi:"tenantId"`
}

func (AutomationRuleActionPlaybookArgs) ElementType

func (AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutput

func (i AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput

func (AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutputWithContext

func (i AutomationRuleActionPlaybookArgs) ToAutomationRuleActionPlaybookOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookOutput

type AutomationRuleActionPlaybookArray

type AutomationRuleActionPlaybookArray []AutomationRuleActionPlaybookInput

func (AutomationRuleActionPlaybookArray) ElementType

func (AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutput

func (i AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput

func (AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutputWithContext

func (i AutomationRuleActionPlaybookArray) ToAutomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookArrayOutput

type AutomationRuleActionPlaybookArrayInput

type AutomationRuleActionPlaybookArrayInput interface {
	pulumi.Input

	ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput
	ToAutomationRuleActionPlaybookArrayOutputWithContext(context.Context) AutomationRuleActionPlaybookArrayOutput
}

AutomationRuleActionPlaybookArrayInput is an input type that accepts AutomationRuleActionPlaybookArray and AutomationRuleActionPlaybookArrayOutput values. You can construct a concrete instance of `AutomationRuleActionPlaybookArrayInput` via:

AutomationRuleActionPlaybookArray{ AutomationRuleActionPlaybookArgs{...} }

type AutomationRuleActionPlaybookArrayOutput

type AutomationRuleActionPlaybookArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionPlaybookArrayOutput) ElementType

func (AutomationRuleActionPlaybookArrayOutput) Index

func (AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutput

func (o AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutput() AutomationRuleActionPlaybookArrayOutput

func (AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutputWithContext

func (o AutomationRuleActionPlaybookArrayOutput) ToAutomationRuleActionPlaybookArrayOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookArrayOutput

type AutomationRuleActionPlaybookInput

type AutomationRuleActionPlaybookInput interface {
	pulumi.Input

	ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput
	ToAutomationRuleActionPlaybookOutputWithContext(context.Context) AutomationRuleActionPlaybookOutput
}

AutomationRuleActionPlaybookInput is an input type that accepts AutomationRuleActionPlaybookArgs and AutomationRuleActionPlaybookOutput values. You can construct a concrete instance of `AutomationRuleActionPlaybookInput` via:

AutomationRuleActionPlaybookArgs{...}

type AutomationRuleActionPlaybookOutput

type AutomationRuleActionPlaybookOutput struct{ *pulumi.OutputState }

func (AutomationRuleActionPlaybookOutput) ElementType

func (AutomationRuleActionPlaybookOutput) LogicAppId

The ID of the Logic App that defines the playbook's logic.

func (AutomationRuleActionPlaybookOutput) Order

The execution order of this action.

func (AutomationRuleActionPlaybookOutput) TenantId

The ID of the Tenant that owns the playbook.

func (AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutput

func (o AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutput() AutomationRuleActionPlaybookOutput

func (AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutputWithContext

func (o AutomationRuleActionPlaybookOutput) ToAutomationRuleActionPlaybookOutputWithContext(ctx context.Context) AutomationRuleActionPlaybookOutput

type AutomationRuleArgs

type AutomationRuleArgs struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AutomationRuleActionPlaybookArrayInput
	// One or more `condition` blocks as defined below.
	Conditions AutomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntInput
}

The set of arguments for constructing a AutomationRule resource.

func (AutomationRuleArgs) ElementType

func (AutomationRuleArgs) ElementType() reflect.Type

type AutomationRuleArray

type AutomationRuleArray []AutomationRuleInput

func (AutomationRuleArray) ElementType

func (AutomationRuleArray) ElementType() reflect.Type

func (AutomationRuleArray) ToAutomationRuleArrayOutput

func (i AutomationRuleArray) ToAutomationRuleArrayOutput() AutomationRuleArrayOutput

func (AutomationRuleArray) ToAutomationRuleArrayOutputWithContext

func (i AutomationRuleArray) ToAutomationRuleArrayOutputWithContext(ctx context.Context) AutomationRuleArrayOutput

type AutomationRuleArrayInput

type AutomationRuleArrayInput interface {
	pulumi.Input

	ToAutomationRuleArrayOutput() AutomationRuleArrayOutput
	ToAutomationRuleArrayOutputWithContext(context.Context) AutomationRuleArrayOutput
}

AutomationRuleArrayInput is an input type that accepts AutomationRuleArray and AutomationRuleArrayOutput values. You can construct a concrete instance of `AutomationRuleArrayInput` via:

AutomationRuleArray{ AutomationRuleArgs{...} }

type AutomationRuleArrayOutput

type AutomationRuleArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleArrayOutput) ElementType

func (AutomationRuleArrayOutput) ElementType() reflect.Type

func (AutomationRuleArrayOutput) Index

func (AutomationRuleArrayOutput) ToAutomationRuleArrayOutput

func (o AutomationRuleArrayOutput) ToAutomationRuleArrayOutput() AutomationRuleArrayOutput

func (AutomationRuleArrayOutput) ToAutomationRuleArrayOutputWithContext

func (o AutomationRuleArrayOutput) ToAutomationRuleArrayOutputWithContext(ctx context.Context) AutomationRuleArrayOutput

type AutomationRuleCondition

type AutomationRuleCondition struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator string `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.
	Property string `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values []string `pulumi:"values"`
}

type AutomationRuleConditionArgs

type AutomationRuleConditionArgs struct {
	// The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.
	Operator pulumi.StringInput `pulumi:"operator"`
	// The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.
	Property pulumi.StringInput `pulumi:"property"`
	// Specifies a list of values to use for evaluate the condition.
	Values pulumi.StringArrayInput `pulumi:"values"`
}

func (AutomationRuleConditionArgs) ElementType

func (AutomationRuleConditionArgs) ToAutomationRuleConditionOutput

func (i AutomationRuleConditionArgs) ToAutomationRuleConditionOutput() AutomationRuleConditionOutput

func (AutomationRuleConditionArgs) ToAutomationRuleConditionOutputWithContext

func (i AutomationRuleConditionArgs) ToAutomationRuleConditionOutputWithContext(ctx context.Context) AutomationRuleConditionOutput

type AutomationRuleConditionArray

type AutomationRuleConditionArray []AutomationRuleConditionInput

func (AutomationRuleConditionArray) ElementType

func (AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutput

func (i AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput

func (AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutputWithContext

func (i AutomationRuleConditionArray) ToAutomationRuleConditionArrayOutputWithContext(ctx context.Context) AutomationRuleConditionArrayOutput

type AutomationRuleConditionArrayInput

type AutomationRuleConditionArrayInput interface {
	pulumi.Input

	ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput
	ToAutomationRuleConditionArrayOutputWithContext(context.Context) AutomationRuleConditionArrayOutput
}

AutomationRuleConditionArrayInput is an input type that accepts AutomationRuleConditionArray and AutomationRuleConditionArrayOutput values. You can construct a concrete instance of `AutomationRuleConditionArrayInput` via:

AutomationRuleConditionArray{ AutomationRuleConditionArgs{...} }

type AutomationRuleConditionArrayOutput

type AutomationRuleConditionArrayOutput struct{ *pulumi.OutputState }

func (AutomationRuleConditionArrayOutput) ElementType

func (AutomationRuleConditionArrayOutput) Index

func (AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutput

func (o AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutput() AutomationRuleConditionArrayOutput

func (AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutputWithContext

func (o AutomationRuleConditionArrayOutput) ToAutomationRuleConditionArrayOutputWithContext(ctx context.Context) AutomationRuleConditionArrayOutput

type AutomationRuleConditionInput

type AutomationRuleConditionInput interface {
	pulumi.Input

	ToAutomationRuleConditionOutput() AutomationRuleConditionOutput
	ToAutomationRuleConditionOutputWithContext(context.Context) AutomationRuleConditionOutput
}

AutomationRuleConditionInput is an input type that accepts AutomationRuleConditionArgs and AutomationRuleConditionOutput values. You can construct a concrete instance of `AutomationRuleConditionInput` via:

AutomationRuleConditionArgs{...}

type AutomationRuleConditionOutput

type AutomationRuleConditionOutput struct{ *pulumi.OutputState }

func (AutomationRuleConditionOutput) ElementType

func (AutomationRuleConditionOutput) Operator

The operator to use for evaluate the condition. Possible values include: `Equals`, `NotEquals`, `Contains`, `NotContains`, `StartsWith`, `NotStartsWith`, `EndsWith`, `NotEndsWith`.

func (AutomationRuleConditionOutput) Property

The property to use for evaluate the condition. Possible values include: `AccountAadTenantId`, `AccountAadUserId`, `AccountNTDomain`, `AccountName`, `AccountObjectGuid`, `AccountPUID`, `AccountSid`, `AccountUPNSuffix`, `AzureResourceResourceId`, `AzureResourceSubscriptionId`, `CloudApplicationAppId`, `CloudApplicationAppName`, `DNSDomainName`, `FileDirectory`, `FileHashValue`, `FileName`, `HostAzureID`, `HostNTDomain`, `HostName`, `HostNetBiosName`, `HostOSVersion`, `IPAddress`, `IncidentDescription`, `IncidentProviderName`, `IncidentRelatedAnalyticRuleIds`, `IncidentSeverity`, `IncidentStatus`, `IncidentTactics`, `IncidentTitle`, `IoTDeviceId`, `IoTDeviceModel`, `IoTDeviceName`, `IoTDeviceOperatingSystem`, `IoTDeviceType`, `IoTDeviceVendor`, `MailMessageDeliveryAction`, `MailMessageDeliveryLocation`, `MailMessageP1Sender`, `MailMessageP2Sender`, `MailMessageRecipient`, `MailMessageSenderIP`, `MailMessageSubject`, `MailboxDisplayName`, `MailboxPrimaryAddress`, `MailboxUPN`, `MalwareCategory`, `MalwareName`, `ProcessCommandLine`, `ProcessId`, `RegistryKey`, `RegistryValueData`, `Url`.

func (AutomationRuleConditionOutput) ToAutomationRuleConditionOutput

func (o AutomationRuleConditionOutput) ToAutomationRuleConditionOutput() AutomationRuleConditionOutput

func (AutomationRuleConditionOutput) ToAutomationRuleConditionOutputWithContext

func (o AutomationRuleConditionOutput) ToAutomationRuleConditionOutputWithContext(ctx context.Context) AutomationRuleConditionOutput

func (AutomationRuleConditionOutput) Values

Specifies a list of values to use for evaluate the condition.

type AutomationRuleInput

type AutomationRuleInput interface {
	pulumi.Input

	ToAutomationRuleOutput() AutomationRuleOutput
	ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput
}

type AutomationRuleMap

type AutomationRuleMap map[string]AutomationRuleInput

func (AutomationRuleMap) ElementType

func (AutomationRuleMap) ElementType() reflect.Type

func (AutomationRuleMap) ToAutomationRuleMapOutput

func (i AutomationRuleMap) ToAutomationRuleMapOutput() AutomationRuleMapOutput

func (AutomationRuleMap) ToAutomationRuleMapOutputWithContext

func (i AutomationRuleMap) ToAutomationRuleMapOutputWithContext(ctx context.Context) AutomationRuleMapOutput

type AutomationRuleMapInput

type AutomationRuleMapInput interface {
	pulumi.Input

	ToAutomationRuleMapOutput() AutomationRuleMapOutput
	ToAutomationRuleMapOutputWithContext(context.Context) AutomationRuleMapOutput
}

AutomationRuleMapInput is an input type that accepts AutomationRuleMap and AutomationRuleMapOutput values. You can construct a concrete instance of `AutomationRuleMapInput` via:

AutomationRuleMap{ "key": AutomationRuleArgs{...} }

type AutomationRuleMapOutput

type AutomationRuleMapOutput struct{ *pulumi.OutputState }

func (AutomationRuleMapOutput) ElementType

func (AutomationRuleMapOutput) ElementType() reflect.Type

func (AutomationRuleMapOutput) MapIndex

func (AutomationRuleMapOutput) ToAutomationRuleMapOutput

func (o AutomationRuleMapOutput) ToAutomationRuleMapOutput() AutomationRuleMapOutput

func (AutomationRuleMapOutput) ToAutomationRuleMapOutputWithContext

func (o AutomationRuleMapOutput) ToAutomationRuleMapOutputWithContext(ctx context.Context) AutomationRuleMapOutput

type AutomationRuleOutput

type AutomationRuleOutput struct{ *pulumi.OutputState }

func (AutomationRuleOutput) ActionIncidents added in v5.5.0

One or more `actionIncident` blocks as defined below.

func (AutomationRuleOutput) ActionPlaybooks added in v5.5.0

One or more `actionPlaybook` blocks as defined below.

func (AutomationRuleOutput) Conditions added in v5.5.0

One or more `condition` blocks as defined below.

func (AutomationRuleOutput) DisplayName added in v5.5.0

func (o AutomationRuleOutput) DisplayName() pulumi.StringOutput

The display name which should be used for this Sentinel Automation Rule.

func (AutomationRuleOutput) ElementType

func (AutomationRuleOutput) ElementType() reflect.Type

func (AutomationRuleOutput) Enabled added in v5.5.0

Whether this Sentinel Automation Rule is enabled? Defaults to `true`.

func (AutomationRuleOutput) Expiration added in v5.5.0

The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.

func (AutomationRuleOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o AutomationRuleOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.

func (AutomationRuleOutput) Name added in v5.5.0

The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.

func (AutomationRuleOutput) Order added in v5.5.0

The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.

func (AutomationRuleOutput) ToAutomationRuleOutput

func (o AutomationRuleOutput) ToAutomationRuleOutput() AutomationRuleOutput

func (AutomationRuleOutput) ToAutomationRuleOutputWithContext

func (o AutomationRuleOutput) ToAutomationRuleOutputWithContext(ctx context.Context) AutomationRuleOutput

type AutomationRuleState

type AutomationRuleState struct {
	// One or more `actionIncident` blocks as defined below.
	ActionIncidents AutomationRuleActionIncidentArrayInput
	// One or more `actionPlaybook` blocks as defined below.
	ActionPlaybooks AutomationRuleActionPlaybookArrayInput
	// One or more `condition` blocks as defined below.
	Conditions AutomationRuleConditionArrayInput
	// The display name which should be used for this Sentinel Automation Rule.
	DisplayName pulumi.StringPtrInput
	// Whether this Sentinel Automation Rule is enabled? Defaults to `true`.
	Enabled pulumi.BoolPtrInput
	// The time in RFC3339 format of kind `UTC` that determines when this Automation Rule should expire and be disabled.
	Expiration pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace where this Sentinel applies to. Changing this forces a new Sentinel Automation Rule to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The UUID which should be used for this Sentinel Automation Rule. Changing this forces a new Sentinel Automation Rule to be created.
	Name pulumi.StringPtrInput
	// The order of this Sentinel Automation Rule. Possible values varies between `1` and `1000`.
	Order pulumi.IntPtrInput
}

func (AutomationRuleState) ElementType

func (AutomationRuleState) ElementType() reflect.Type

type DataConnectorAwsCloudTrail

type DataConnectorAwsCloudTrail struct {
	pulumi.CustomResourceState

	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringOutput `pulumi:"awsRoleArn"`
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a AWS CloudTrail Data Connector.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAwsCloudTrail(ctx, "exampleDataConnectorAwsCloudTrail", &sentinel.DataConnectorAwsCloudTrailArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AwsRoleArn:              pulumi.String("arn:aws:iam::000000000000:role/role1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS CloudTrail Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorAwsCloudTrail:DataConnectorAwsCloudTrail example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAwsCloudTrail

func GetDataConnectorAwsCloudTrail(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAwsCloudTrailState, opts ...pulumi.ResourceOption) (*DataConnectorAwsCloudTrail, error)

GetDataConnectorAwsCloudTrail gets an existing DataConnectorAwsCloudTrail resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAwsCloudTrail

func NewDataConnectorAwsCloudTrail(ctx *pulumi.Context,
	name string, args *DataConnectorAwsCloudTrailArgs, opts ...pulumi.ResourceOption) (*DataConnectorAwsCloudTrail, error)

NewDataConnectorAwsCloudTrail registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAwsCloudTrail) ElementType

func (*DataConnectorAwsCloudTrail) ElementType() reflect.Type

func (*DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutput

func (i *DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput

func (*DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutputWithContext

func (i *DataConnectorAwsCloudTrail) ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput

type DataConnectorAwsCloudTrailArgs

type DataConnectorAwsCloudTrailArgs struct {
	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringInput
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAwsCloudTrail resource.

func (DataConnectorAwsCloudTrailArgs) ElementType

type DataConnectorAwsCloudTrailArray

type DataConnectorAwsCloudTrailArray []DataConnectorAwsCloudTrailInput

func (DataConnectorAwsCloudTrailArray) ElementType

func (DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutput

func (i DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput

func (DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutputWithContext

func (i DataConnectorAwsCloudTrailArray) ToDataConnectorAwsCloudTrailArrayOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailArrayOutput

type DataConnectorAwsCloudTrailArrayInput

type DataConnectorAwsCloudTrailArrayInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput
	ToDataConnectorAwsCloudTrailArrayOutputWithContext(context.Context) DataConnectorAwsCloudTrailArrayOutput
}

DataConnectorAwsCloudTrailArrayInput is an input type that accepts DataConnectorAwsCloudTrailArray and DataConnectorAwsCloudTrailArrayOutput values. You can construct a concrete instance of `DataConnectorAwsCloudTrailArrayInput` via:

DataConnectorAwsCloudTrailArray{ DataConnectorAwsCloudTrailArgs{...} }

type DataConnectorAwsCloudTrailArrayOutput

type DataConnectorAwsCloudTrailArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailArrayOutput) ElementType

func (DataConnectorAwsCloudTrailArrayOutput) Index

func (DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutput

func (o DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutput() DataConnectorAwsCloudTrailArrayOutput

func (DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutputWithContext

func (o DataConnectorAwsCloudTrailArrayOutput) ToDataConnectorAwsCloudTrailArrayOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailArrayOutput

type DataConnectorAwsCloudTrailInput

type DataConnectorAwsCloudTrailInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput
	ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput
}

type DataConnectorAwsCloudTrailMap

type DataConnectorAwsCloudTrailMap map[string]DataConnectorAwsCloudTrailInput

func (DataConnectorAwsCloudTrailMap) ElementType

func (DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutput

func (i DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput

func (DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutputWithContext

func (i DataConnectorAwsCloudTrailMap) ToDataConnectorAwsCloudTrailMapOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailMapOutput

type DataConnectorAwsCloudTrailMapInput

type DataConnectorAwsCloudTrailMapInput interface {
	pulumi.Input

	ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput
	ToDataConnectorAwsCloudTrailMapOutputWithContext(context.Context) DataConnectorAwsCloudTrailMapOutput
}

DataConnectorAwsCloudTrailMapInput is an input type that accepts DataConnectorAwsCloudTrailMap and DataConnectorAwsCloudTrailMapOutput values. You can construct a concrete instance of `DataConnectorAwsCloudTrailMapInput` via:

DataConnectorAwsCloudTrailMap{ "key": DataConnectorAwsCloudTrailArgs{...} }

type DataConnectorAwsCloudTrailMapOutput

type DataConnectorAwsCloudTrailMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailMapOutput) ElementType

func (DataConnectorAwsCloudTrailMapOutput) MapIndex

func (DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutput

func (o DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutput() DataConnectorAwsCloudTrailMapOutput

func (DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutputWithContext

func (o DataConnectorAwsCloudTrailMapOutput) ToDataConnectorAwsCloudTrailMapOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailMapOutput

type DataConnectorAwsCloudTrailOutput

type DataConnectorAwsCloudTrailOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsCloudTrailOutput) AwsRoleArn added in v5.5.0

The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.

func (DataConnectorAwsCloudTrailOutput) ElementType

func (DataConnectorAwsCloudTrailOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o DataConnectorAwsCloudTrailOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.

func (DataConnectorAwsCloudTrailOutput) Name added in v5.5.0

The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.

func (DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutput

func (o DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutput() DataConnectorAwsCloudTrailOutput

func (DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutputWithContext

func (o DataConnectorAwsCloudTrailOutput) ToDataConnectorAwsCloudTrailOutputWithContext(ctx context.Context) DataConnectorAwsCloudTrailOutput

type DataConnectorAwsCloudTrailState

type DataConnectorAwsCloudTrailState struct {
	// The ARN of the AWS CloudTrail role, which is connected to this AWS CloudTrail Data Connector.
	AwsRoleArn pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace that this AWS CloudTrail Data Connector resides in. Changing this forces a new AWS CloudTrail Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this AWS CloudTrail Data Connector. Changing this forces a new AWS CloudTrail Data Connector to be created.
	Name pulumi.StringPtrInput
}

func (DataConnectorAwsCloudTrailState) ElementType

type DataConnectorAwsS3 added in v5.6.0

type DataConnectorAwsS3 struct {
	pulumi.CustomResourceState

	// The ARN of the AWS role, which is connected to this AWS CloudTrail Data Connector. See the [Azure document](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3#create-an-aws-assumed-role-and-grant-access-to-the-aws-sentinel-account) for details.
	AwsRoleArn pulumi.StringOutput `pulumi:"awsRoleArn"`
	// The name of the Log Analytics table that will store the ingested data.
	DestinationTable pulumi.StringOutput `pulumi:"destinationTable"`
	// The ID of the Log Analytics Workspace that this AWS S3 Data Connector resides in. Changing this forces a new AWS S3 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this AWS S3 Data Connector. Changing this forces a new AWS S3 Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// Specifies a list of AWS SQS urls for the AWS S3 Data Connector.
	SqsUrls pulumi.StringArrayOutput `pulumi:"sqsUrls"`
}

Manages a AWS S3 Data Connector.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAwsS3(ctx, "exampleDataConnectorAwsS3", &sentinel.DataConnectorAwsS3Args{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			AwsRoleArn:              pulumi.String("arn:aws:iam::000000000000:role/role1"),
			DestinationTable:        pulumi.String("AWSGuardDuty"),
			SqsUrls: pulumi.StringArray{
				pulumi.String("https://sqs.us-east-1.amazonaws.com/000000000000/example"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleAnalyticsSolution,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS S3 Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorAwsS3:DataConnectorAwsS3 example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAwsS3 added in v5.6.0

func GetDataConnectorAwsS3(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAwsS3State, opts ...pulumi.ResourceOption) (*DataConnectorAwsS3, error)

GetDataConnectorAwsS3 gets an existing DataConnectorAwsS3 resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAwsS3 added in v5.6.0

func NewDataConnectorAwsS3(ctx *pulumi.Context,
	name string, args *DataConnectorAwsS3Args, opts ...pulumi.ResourceOption) (*DataConnectorAwsS3, error)

NewDataConnectorAwsS3 registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAwsS3) ElementType added in v5.6.0

func (*DataConnectorAwsS3) ElementType() reflect.Type

func (*DataConnectorAwsS3) ToDataConnectorAwsS3Output added in v5.6.0

func (i *DataConnectorAwsS3) ToDataConnectorAwsS3Output() DataConnectorAwsS3Output

func (*DataConnectorAwsS3) ToDataConnectorAwsS3OutputWithContext added in v5.6.0

func (i *DataConnectorAwsS3) ToDataConnectorAwsS3OutputWithContext(ctx context.Context) DataConnectorAwsS3Output

type DataConnectorAwsS3Args added in v5.6.0

type DataConnectorAwsS3Args struct {
	// The ARN of the AWS role, which is connected to this AWS CloudTrail Data Connector. See the [Azure document](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3#create-an-aws-assumed-role-and-grant-access-to-the-aws-sentinel-account) for details.
	AwsRoleArn pulumi.StringInput
	// The name of the Log Analytics table that will store the ingested data.
	DestinationTable pulumi.StringInput
	// The ID of the Log Analytics Workspace that this AWS S3 Data Connector resides in. Changing this forces a new AWS S3 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this AWS S3 Data Connector. Changing this forces a new AWS S3 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Specifies a list of AWS SQS urls for the AWS S3 Data Connector.
	SqsUrls pulumi.StringArrayInput
}

The set of arguments for constructing a DataConnectorAwsS3 resource.

func (DataConnectorAwsS3Args) ElementType added in v5.6.0

func (DataConnectorAwsS3Args) ElementType() reflect.Type

type DataConnectorAwsS3Array added in v5.6.0

type DataConnectorAwsS3Array []DataConnectorAwsS3Input

func (DataConnectorAwsS3Array) ElementType added in v5.6.0

func (DataConnectorAwsS3Array) ElementType() reflect.Type

func (DataConnectorAwsS3Array) ToDataConnectorAwsS3ArrayOutput added in v5.6.0

func (i DataConnectorAwsS3Array) ToDataConnectorAwsS3ArrayOutput() DataConnectorAwsS3ArrayOutput

func (DataConnectorAwsS3Array) ToDataConnectorAwsS3ArrayOutputWithContext added in v5.6.0

func (i DataConnectorAwsS3Array) ToDataConnectorAwsS3ArrayOutputWithContext(ctx context.Context) DataConnectorAwsS3ArrayOutput

type DataConnectorAwsS3ArrayInput added in v5.6.0

type DataConnectorAwsS3ArrayInput interface {
	pulumi.Input

	ToDataConnectorAwsS3ArrayOutput() DataConnectorAwsS3ArrayOutput
	ToDataConnectorAwsS3ArrayOutputWithContext(context.Context) DataConnectorAwsS3ArrayOutput
}

DataConnectorAwsS3ArrayInput is an input type that accepts DataConnectorAwsS3Array and DataConnectorAwsS3ArrayOutput values. You can construct a concrete instance of `DataConnectorAwsS3ArrayInput` via:

DataConnectorAwsS3Array{ DataConnectorAwsS3Args{...} }

type DataConnectorAwsS3ArrayOutput added in v5.6.0

type DataConnectorAwsS3ArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsS3ArrayOutput) ElementType added in v5.6.0

func (DataConnectorAwsS3ArrayOutput) Index added in v5.6.0

func (DataConnectorAwsS3ArrayOutput) ToDataConnectorAwsS3ArrayOutput added in v5.6.0

func (o DataConnectorAwsS3ArrayOutput) ToDataConnectorAwsS3ArrayOutput() DataConnectorAwsS3ArrayOutput

func (DataConnectorAwsS3ArrayOutput) ToDataConnectorAwsS3ArrayOutputWithContext added in v5.6.0

func (o DataConnectorAwsS3ArrayOutput) ToDataConnectorAwsS3ArrayOutputWithContext(ctx context.Context) DataConnectorAwsS3ArrayOutput

type DataConnectorAwsS3Input added in v5.6.0

type DataConnectorAwsS3Input interface {
	pulumi.Input

	ToDataConnectorAwsS3Output() DataConnectorAwsS3Output
	ToDataConnectorAwsS3OutputWithContext(ctx context.Context) DataConnectorAwsS3Output
}

type DataConnectorAwsS3Map added in v5.6.0

type DataConnectorAwsS3Map map[string]DataConnectorAwsS3Input

func (DataConnectorAwsS3Map) ElementType added in v5.6.0

func (DataConnectorAwsS3Map) ElementType() reflect.Type

func (DataConnectorAwsS3Map) ToDataConnectorAwsS3MapOutput added in v5.6.0

func (i DataConnectorAwsS3Map) ToDataConnectorAwsS3MapOutput() DataConnectorAwsS3MapOutput

func (DataConnectorAwsS3Map) ToDataConnectorAwsS3MapOutputWithContext added in v5.6.0

func (i DataConnectorAwsS3Map) ToDataConnectorAwsS3MapOutputWithContext(ctx context.Context) DataConnectorAwsS3MapOutput

type DataConnectorAwsS3MapInput added in v5.6.0

type DataConnectorAwsS3MapInput interface {
	pulumi.Input

	ToDataConnectorAwsS3MapOutput() DataConnectorAwsS3MapOutput
	ToDataConnectorAwsS3MapOutputWithContext(context.Context) DataConnectorAwsS3MapOutput
}

DataConnectorAwsS3MapInput is an input type that accepts DataConnectorAwsS3Map and DataConnectorAwsS3MapOutput values. You can construct a concrete instance of `DataConnectorAwsS3MapInput` via:

DataConnectorAwsS3Map{ "key": DataConnectorAwsS3Args{...} }

type DataConnectorAwsS3MapOutput added in v5.6.0

type DataConnectorAwsS3MapOutput struct{ *pulumi.OutputState }

func (DataConnectorAwsS3MapOutput) ElementType added in v5.6.0

func (DataConnectorAwsS3MapOutput) MapIndex added in v5.6.0

func (DataConnectorAwsS3MapOutput) ToDataConnectorAwsS3MapOutput added in v5.6.0

func (o DataConnectorAwsS3MapOutput) ToDataConnectorAwsS3MapOutput() DataConnectorAwsS3MapOutput

func (DataConnectorAwsS3MapOutput) ToDataConnectorAwsS3MapOutputWithContext added in v5.6.0

func (o DataConnectorAwsS3MapOutput) ToDataConnectorAwsS3MapOutputWithContext(ctx context.Context) DataConnectorAwsS3MapOutput

type DataConnectorAwsS3Output added in v5.6.0

type DataConnectorAwsS3Output struct{ *pulumi.OutputState }

func (DataConnectorAwsS3Output) AwsRoleArn added in v5.6.0

The ARN of the AWS role, which is connected to this AWS CloudTrail Data Connector. See the [Azure document](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3#create-an-aws-assumed-role-and-grant-access-to-the-aws-sentinel-account) for details.

func (DataConnectorAwsS3Output) DestinationTable added in v5.6.0

func (o DataConnectorAwsS3Output) DestinationTable() pulumi.StringOutput

The name of the Log Analytics table that will store the ingested data.

func (DataConnectorAwsS3Output) ElementType added in v5.6.0

func (DataConnectorAwsS3Output) ElementType() reflect.Type

func (DataConnectorAwsS3Output) LogAnalyticsWorkspaceId added in v5.6.0

func (o DataConnectorAwsS3Output) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this AWS S3 Data Connector resides in. Changing this forces a new AWS S3 Data Connector to be created.

func (DataConnectorAwsS3Output) Name added in v5.6.0

The name which should be used for this AWS S3 Data Connector. Changing this forces a new AWS S3 Data Connector to be created.

func (DataConnectorAwsS3Output) SqsUrls added in v5.6.0

Specifies a list of AWS SQS urls for the AWS S3 Data Connector.

func (DataConnectorAwsS3Output) ToDataConnectorAwsS3Output added in v5.6.0

func (o DataConnectorAwsS3Output) ToDataConnectorAwsS3Output() DataConnectorAwsS3Output

func (DataConnectorAwsS3Output) ToDataConnectorAwsS3OutputWithContext added in v5.6.0

func (o DataConnectorAwsS3Output) ToDataConnectorAwsS3OutputWithContext(ctx context.Context) DataConnectorAwsS3Output

type DataConnectorAwsS3State added in v5.6.0

type DataConnectorAwsS3State struct {
	// The ARN of the AWS role, which is connected to this AWS CloudTrail Data Connector. See the [Azure document](https://docs.microsoft.com/azure/sentinel/connect-aws?tabs=s3#create-an-aws-assumed-role-and-grant-access-to-the-aws-sentinel-account) for details.
	AwsRoleArn pulumi.StringPtrInput
	// The name of the Log Analytics table that will store the ingested data.
	DestinationTable pulumi.StringPtrInput
	// The ID of the Log Analytics Workspace that this AWS S3 Data Connector resides in. Changing this forces a new AWS S3 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this AWS S3 Data Connector. Changing this forces a new AWS S3 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Specifies a list of AWS SQS urls for the AWS S3 Data Connector.
	SqsUrls pulumi.StringArrayInput
}

func (DataConnectorAwsS3State) ElementType added in v5.6.0

func (DataConnectorAwsS3State) ElementType() reflect.Type

type DataConnectorAzureActiveDirectory

type DataConnectorAzureActiveDirectory struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Azure Active Directory Data Connector.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureActiveDirectory(ctx, "exampleDataConnectorAzureActiveDirectory", &sentinel.DataConnectorAzureActiveDirectoryArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Active Directory Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorAzureActiveDirectory:DataConnectorAzureActiveDirectory example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAzureActiveDirectory

func GetDataConnectorAzureActiveDirectory(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureActiveDirectoryState, opts ...pulumi.ResourceOption) (*DataConnectorAzureActiveDirectory, error)

GetDataConnectorAzureActiveDirectory gets an existing DataConnectorAzureActiveDirectory resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureActiveDirectory

func NewDataConnectorAzureActiveDirectory(ctx *pulumi.Context,
	name string, args *DataConnectorAzureActiveDirectoryArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureActiveDirectory, error)

NewDataConnectorAzureActiveDirectory registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureActiveDirectory) ElementType

func (*DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutput

func (i *DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput

func (*DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutputWithContext

func (i *DataConnectorAzureActiveDirectory) ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput

type DataConnectorAzureActiveDirectoryArgs

type DataConnectorAzureActiveDirectoryArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureActiveDirectory resource.

func (DataConnectorAzureActiveDirectoryArgs) ElementType

type DataConnectorAzureActiveDirectoryArray

type DataConnectorAzureActiveDirectoryArray []DataConnectorAzureActiveDirectoryInput

func (DataConnectorAzureActiveDirectoryArray) ElementType

func (DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutput

func (i DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput

func (DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext

func (i DataConnectorAzureActiveDirectoryArray) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryArrayOutput

type DataConnectorAzureActiveDirectoryArrayInput

type DataConnectorAzureActiveDirectoryArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput
	ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(context.Context) DataConnectorAzureActiveDirectoryArrayOutput
}

DataConnectorAzureActiveDirectoryArrayInput is an input type that accepts DataConnectorAzureActiveDirectoryArray and DataConnectorAzureActiveDirectoryArrayOutput values. You can construct a concrete instance of `DataConnectorAzureActiveDirectoryArrayInput` via:

DataConnectorAzureActiveDirectoryArray{ DataConnectorAzureActiveDirectoryArgs{...} }

type DataConnectorAzureActiveDirectoryArrayOutput

type DataConnectorAzureActiveDirectoryArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryArrayOutput) ElementType

func (DataConnectorAzureActiveDirectoryArrayOutput) Index

func (DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutput

func (o DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutput() DataConnectorAzureActiveDirectoryArrayOutput

func (DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext

func (o DataConnectorAzureActiveDirectoryArrayOutput) ToDataConnectorAzureActiveDirectoryArrayOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryArrayOutput

type DataConnectorAzureActiveDirectoryInput

type DataConnectorAzureActiveDirectoryInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput
	ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput
}

type DataConnectorAzureActiveDirectoryMap

type DataConnectorAzureActiveDirectoryMap map[string]DataConnectorAzureActiveDirectoryInput

func (DataConnectorAzureActiveDirectoryMap) ElementType

func (DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutput

func (i DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput

func (DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutputWithContext

func (i DataConnectorAzureActiveDirectoryMap) ToDataConnectorAzureActiveDirectoryMapOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryMapOutput

type DataConnectorAzureActiveDirectoryMapInput

type DataConnectorAzureActiveDirectoryMapInput interface {
	pulumi.Input

	ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput
	ToDataConnectorAzureActiveDirectoryMapOutputWithContext(context.Context) DataConnectorAzureActiveDirectoryMapOutput
}

DataConnectorAzureActiveDirectoryMapInput is an input type that accepts DataConnectorAzureActiveDirectoryMap and DataConnectorAzureActiveDirectoryMapOutput values. You can construct a concrete instance of `DataConnectorAzureActiveDirectoryMapInput` via:

DataConnectorAzureActiveDirectoryMap{ "key": DataConnectorAzureActiveDirectoryArgs{...} }

type DataConnectorAzureActiveDirectoryMapOutput

type DataConnectorAzureActiveDirectoryMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryMapOutput) ElementType

func (DataConnectorAzureActiveDirectoryMapOutput) MapIndex

func (DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutput

func (o DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutput() DataConnectorAzureActiveDirectoryMapOutput

func (DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutputWithContext

func (o DataConnectorAzureActiveDirectoryMapOutput) ToDataConnectorAzureActiveDirectoryMapOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryMapOutput

type DataConnectorAzureActiveDirectoryOutput

type DataConnectorAzureActiveDirectoryOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureActiveDirectoryOutput) ElementType

func (DataConnectorAzureActiveDirectoryOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o DataConnectorAzureActiveDirectoryOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.

func (DataConnectorAzureActiveDirectoryOutput) Name added in v5.5.0

The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.

func (DataConnectorAzureActiveDirectoryOutput) TenantId added in v5.5.0

The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.

func (DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutput

func (o DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutput() DataConnectorAzureActiveDirectoryOutput

func (DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutputWithContext

func (o DataConnectorAzureActiveDirectoryOutput) ToDataConnectorAzureActiveDirectoryOutputWithContext(ctx context.Context) DataConnectorAzureActiveDirectoryOutput

type DataConnectorAzureActiveDirectoryState

type DataConnectorAzureActiveDirectoryState struct {
	// The ID of the Log Analytics Workspace that this Azure Active Directory Data Connector resides in. Changing this forces a new Azure Active Directory Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Active Directory Data Connector. Changing this forces a new Azure Active Directory Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Active Directory Data Connector connects to. Changing this forces a new Azure Active Directory Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorAzureActiveDirectoryState) ElementType

type DataConnectorAzureAdvancedThreadProtection

type DataConnectorAzureAdvancedThreadProtection struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Azure Advanced Threat Protection Data Connector.

!> **NOTE:** This resource requires that [Enterprise Mobility + Security E5](https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security) is enabled on the tenant being connected to.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureAdvancedThreadProtection(ctx, "exampleDataConnectorAzureAdvancedThreadProtection", &sentinel.DataConnectorAzureAdvancedThreadProtectionArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Advanced Threat Protection Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorAzureAdvancedThreadProtection:DataConnectorAzureAdvancedThreadProtection example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAzureAdvancedThreadProtection

func GetDataConnectorAzureAdvancedThreadProtection(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureAdvancedThreadProtectionState, opts ...pulumi.ResourceOption) (*DataConnectorAzureAdvancedThreadProtection, error)

GetDataConnectorAzureAdvancedThreadProtection gets an existing DataConnectorAzureAdvancedThreadProtection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureAdvancedThreadProtection

func NewDataConnectorAzureAdvancedThreadProtection(ctx *pulumi.Context,
	name string, args *DataConnectorAzureAdvancedThreadProtectionArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureAdvancedThreadProtection, error)

NewDataConnectorAzureAdvancedThreadProtection registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureAdvancedThreadProtection) ElementType

func (*DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutput

func (i *DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput

func (*DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext

func (i *DataConnectorAzureAdvancedThreadProtection) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput

type DataConnectorAzureAdvancedThreadProtectionArgs

type DataConnectorAzureAdvancedThreadProtectionArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureAdvancedThreadProtection resource.

func (DataConnectorAzureAdvancedThreadProtectionArgs) ElementType

type DataConnectorAzureAdvancedThreadProtectionArray

type DataConnectorAzureAdvancedThreadProtectionArray []DataConnectorAzureAdvancedThreadProtectionInput

func (DataConnectorAzureAdvancedThreadProtectionArray) ElementType

func (DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput

func (i DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput() DataConnectorAzureAdvancedThreadProtectionArrayOutput

func (DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext

func (i DataConnectorAzureAdvancedThreadProtectionArray) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput

type DataConnectorAzureAdvancedThreadProtectionArrayInput

type DataConnectorAzureAdvancedThreadProtectionArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionArrayOutput() DataConnectorAzureAdvancedThreadProtectionArrayOutput
	ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput
}

DataConnectorAzureAdvancedThreadProtectionArrayInput is an input type that accepts DataConnectorAzureAdvancedThreadProtectionArray and DataConnectorAzureAdvancedThreadProtectionArrayOutput values. You can construct a concrete instance of `DataConnectorAzureAdvancedThreadProtectionArrayInput` via:

DataConnectorAzureAdvancedThreadProtectionArray{ DataConnectorAzureAdvancedThreadProtectionArgs{...} }

type DataConnectorAzureAdvancedThreadProtectionArrayOutput

type DataConnectorAzureAdvancedThreadProtectionArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ElementType

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) Index

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutput

func (DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext

func (o DataConnectorAzureAdvancedThreadProtectionArrayOutput) ToDataConnectorAzureAdvancedThreadProtectionArrayOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionArrayOutput

type DataConnectorAzureAdvancedThreadProtectionInput

type DataConnectorAzureAdvancedThreadProtectionInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput
	ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput
}

type DataConnectorAzureAdvancedThreadProtectionMap

type DataConnectorAzureAdvancedThreadProtectionMap map[string]DataConnectorAzureAdvancedThreadProtectionInput

func (DataConnectorAzureAdvancedThreadProtectionMap) ElementType

func (DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutput

func (i DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput

func (DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext

func (i DataConnectorAzureAdvancedThreadProtectionMap) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput

type DataConnectorAzureAdvancedThreadProtectionMapInput

type DataConnectorAzureAdvancedThreadProtectionMapInput interface {
	pulumi.Input

	ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput
	ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput
}

DataConnectorAzureAdvancedThreadProtectionMapInput is an input type that accepts DataConnectorAzureAdvancedThreadProtectionMap and DataConnectorAzureAdvancedThreadProtectionMapOutput values. You can construct a concrete instance of `DataConnectorAzureAdvancedThreadProtectionMapInput` via:

DataConnectorAzureAdvancedThreadProtectionMap{ "key": DataConnectorAzureAdvancedThreadProtectionArgs{...} }

type DataConnectorAzureAdvancedThreadProtectionMapOutput

type DataConnectorAzureAdvancedThreadProtectionMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ElementType

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) MapIndex

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutput

func (o DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutput() DataConnectorAzureAdvancedThreadProtectionMapOutput

func (DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext

func (o DataConnectorAzureAdvancedThreadProtectionMapOutput) ToDataConnectorAzureAdvancedThreadProtectionMapOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionMapOutput

type DataConnectorAzureAdvancedThreadProtectionOutput

type DataConnectorAzureAdvancedThreadProtectionOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureAdvancedThreadProtectionOutput) ElementType

func (DataConnectorAzureAdvancedThreadProtectionOutput) LogAnalyticsWorkspaceId added in v5.5.0

The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.

func (DataConnectorAzureAdvancedThreadProtectionOutput) Name added in v5.5.0

The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.

func (DataConnectorAzureAdvancedThreadProtectionOutput) TenantId added in v5.5.0

The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.

func (DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutput

func (o DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutput() DataConnectorAzureAdvancedThreadProtectionOutput

func (DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext

func (o DataConnectorAzureAdvancedThreadProtectionOutput) ToDataConnectorAzureAdvancedThreadProtectionOutputWithContext(ctx context.Context) DataConnectorAzureAdvancedThreadProtectionOutput

type DataConnectorAzureAdvancedThreadProtectionState

type DataConnectorAzureAdvancedThreadProtectionState struct {
	// The ID of the Log Analytics Workspace that this Azure Advanced Threat Protection Data Connector resides in. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Advanced Threat Protection Data Connector. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Azure Advanced Threat Protection Data Connector connects to. Changing this forces a new Azure Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorAzureAdvancedThreadProtectionState) ElementType

type DataConnectorAzureSecurityCenter

type DataConnectorAzureSecurityCenter struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringOutput `pulumi:"subscriptionId"`
}

Manages a Azure Security Center Data Connector.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorAzureSecurityCenter(ctx, "exampleDataConnectorAzureSecurityCenter", &sentinel.DataConnectorAzureSecurityCenterArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Azure Security Center Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorAzureSecurityCenter:DataConnectorAzureSecurityCenter example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorAzureSecurityCenter

func GetDataConnectorAzureSecurityCenter(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorAzureSecurityCenterState, opts ...pulumi.ResourceOption) (*DataConnectorAzureSecurityCenter, error)

GetDataConnectorAzureSecurityCenter gets an existing DataConnectorAzureSecurityCenter resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorAzureSecurityCenter

func NewDataConnectorAzureSecurityCenter(ctx *pulumi.Context,
	name string, args *DataConnectorAzureSecurityCenterArgs, opts ...pulumi.ResourceOption) (*DataConnectorAzureSecurityCenter, error)

NewDataConnectorAzureSecurityCenter registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorAzureSecurityCenter) ElementType

func (*DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutput

func (i *DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput

func (*DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutputWithContext

func (i *DataConnectorAzureSecurityCenter) ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput

type DataConnectorAzureSecurityCenterArgs

type DataConnectorAzureSecurityCenterArgs struct {
	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorAzureSecurityCenter resource.

func (DataConnectorAzureSecurityCenterArgs) ElementType

type DataConnectorAzureSecurityCenterArray

type DataConnectorAzureSecurityCenterArray []DataConnectorAzureSecurityCenterInput

func (DataConnectorAzureSecurityCenterArray) ElementType

func (DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutput

func (i DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput

func (DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutputWithContext

func (i DataConnectorAzureSecurityCenterArray) ToDataConnectorAzureSecurityCenterArrayOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterArrayOutput

type DataConnectorAzureSecurityCenterArrayInput

type DataConnectorAzureSecurityCenterArrayInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput
	ToDataConnectorAzureSecurityCenterArrayOutputWithContext(context.Context) DataConnectorAzureSecurityCenterArrayOutput
}

DataConnectorAzureSecurityCenterArrayInput is an input type that accepts DataConnectorAzureSecurityCenterArray and DataConnectorAzureSecurityCenterArrayOutput values. You can construct a concrete instance of `DataConnectorAzureSecurityCenterArrayInput` via:

DataConnectorAzureSecurityCenterArray{ DataConnectorAzureSecurityCenterArgs{...} }

type DataConnectorAzureSecurityCenterArrayOutput

type DataConnectorAzureSecurityCenterArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterArrayOutput) ElementType

func (DataConnectorAzureSecurityCenterArrayOutput) Index

func (DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutput

func (o DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutput() DataConnectorAzureSecurityCenterArrayOutput

func (DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutputWithContext

func (o DataConnectorAzureSecurityCenterArrayOutput) ToDataConnectorAzureSecurityCenterArrayOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterArrayOutput

type DataConnectorAzureSecurityCenterInput

type DataConnectorAzureSecurityCenterInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput
	ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput
}

type DataConnectorAzureSecurityCenterMap

type DataConnectorAzureSecurityCenterMap map[string]DataConnectorAzureSecurityCenterInput

func (DataConnectorAzureSecurityCenterMap) ElementType

func (DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutput

func (i DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput

func (DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutputWithContext

func (i DataConnectorAzureSecurityCenterMap) ToDataConnectorAzureSecurityCenterMapOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterMapOutput

type DataConnectorAzureSecurityCenterMapInput

type DataConnectorAzureSecurityCenterMapInput interface {
	pulumi.Input

	ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput
	ToDataConnectorAzureSecurityCenterMapOutputWithContext(context.Context) DataConnectorAzureSecurityCenterMapOutput
}

DataConnectorAzureSecurityCenterMapInput is an input type that accepts DataConnectorAzureSecurityCenterMap and DataConnectorAzureSecurityCenterMapOutput values. You can construct a concrete instance of `DataConnectorAzureSecurityCenterMapInput` via:

DataConnectorAzureSecurityCenterMap{ "key": DataConnectorAzureSecurityCenterArgs{...} }

type DataConnectorAzureSecurityCenterMapOutput

type DataConnectorAzureSecurityCenterMapOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterMapOutput) ElementType

func (DataConnectorAzureSecurityCenterMapOutput) MapIndex

func (DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutput

func (o DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutput() DataConnectorAzureSecurityCenterMapOutput

func (DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutputWithContext

func (o DataConnectorAzureSecurityCenterMapOutput) ToDataConnectorAzureSecurityCenterMapOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterMapOutput

type DataConnectorAzureSecurityCenterOutput

type DataConnectorAzureSecurityCenterOutput struct{ *pulumi.OutputState }

func (DataConnectorAzureSecurityCenterOutput) ElementType

func (DataConnectorAzureSecurityCenterOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o DataConnectorAzureSecurityCenterOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.

func (DataConnectorAzureSecurityCenterOutput) Name added in v5.5.0

The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.

func (DataConnectorAzureSecurityCenterOutput) SubscriptionId added in v5.5.0

The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.

func (DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutput

func (o DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutput() DataConnectorAzureSecurityCenterOutput

func (DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutputWithContext

func (o DataConnectorAzureSecurityCenterOutput) ToDataConnectorAzureSecurityCenterOutputWithContext(ctx context.Context) DataConnectorAzureSecurityCenterOutput

type DataConnectorAzureSecurityCenterState

type DataConnectorAzureSecurityCenterState struct {
	// The ID of the Log Analytics Workspace that this Azure Security Center Data Connector resides in. Changing this forces a new Azure Security Center Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Azure Security Center Data Connector. Changing this forces a new Azure Security Center Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the subscription that this Azure Security Center Data Connector connects to. Changing this forces a new Azure Security Center Data Connector to be created.
	SubscriptionId pulumi.StringPtrInput
}

func (DataConnectorAzureSecurityCenterState) ElementType

type DataConnectorMicrosoftCloudAppSecurity

type DataConnectorMicrosoftCloudAppSecurity struct {
	pulumi.CustomResourceState

	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrOutput `pulumi:"alertsEnabled"`
	// Should the Discovery Logs be enabled? Defaults to `true`.
	DiscoveryLogsEnabled pulumi.BoolPtrOutput `pulumi:"discoveryLogsEnabled"`
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Microsoft Cloud App Security Data Connector.

!> **NOTE:** This resource requires that [Enterprise Mobility + Security E5](https://www.microsoft.com/en-us/microsoft-365/enterprise-mobility-security) is enabled on the tenant being connected to.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorMicrosoftCloudAppSecurity(ctx, "exampleDataConnectorMicrosoftCloudAppSecurity", &sentinel.DataConnectorMicrosoftCloudAppSecurityArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Microsoft Cloud App Security Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorMicrosoftCloudAppSecurity:DataConnectorMicrosoftCloudAppSecurity example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorMicrosoftCloudAppSecurity

func GetDataConnectorMicrosoftCloudAppSecurity(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorMicrosoftCloudAppSecurityState, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftCloudAppSecurity, error)

GetDataConnectorMicrosoftCloudAppSecurity gets an existing DataConnectorMicrosoftCloudAppSecurity resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorMicrosoftCloudAppSecurity

func NewDataConnectorMicrosoftCloudAppSecurity(ctx *pulumi.Context,
	name string, args *DataConnectorMicrosoftCloudAppSecurityArgs, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftCloudAppSecurity, error)

NewDataConnectorMicrosoftCloudAppSecurity registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorMicrosoftCloudAppSecurity) ElementType

func (*DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutput

func (i *DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput

func (*DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext

func (i *DataConnectorMicrosoftCloudAppSecurity) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput

type DataConnectorMicrosoftCloudAppSecurityArgs

type DataConnectorMicrosoftCloudAppSecurityArgs struct {
	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrInput
	// Should the Discovery Logs be enabled? Defaults to `true`.
	DiscoveryLogsEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorMicrosoftCloudAppSecurity resource.

func (DataConnectorMicrosoftCloudAppSecurityArgs) ElementType

type DataConnectorMicrosoftCloudAppSecurityArray

type DataConnectorMicrosoftCloudAppSecurityArray []DataConnectorMicrosoftCloudAppSecurityInput

func (DataConnectorMicrosoftCloudAppSecurityArray) ElementType

func (DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput

func (i DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput

func (DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext

func (i DataConnectorMicrosoftCloudAppSecurityArray) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput

type DataConnectorMicrosoftCloudAppSecurityArrayInput

type DataConnectorMicrosoftCloudAppSecurityArrayInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput
	ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput
}

DataConnectorMicrosoftCloudAppSecurityArrayInput is an input type that accepts DataConnectorMicrosoftCloudAppSecurityArray and DataConnectorMicrosoftCloudAppSecurityArrayOutput values. You can construct a concrete instance of `DataConnectorMicrosoftCloudAppSecurityArrayInput` via:

DataConnectorMicrosoftCloudAppSecurityArray{ DataConnectorMicrosoftCloudAppSecurityArgs{...} }

type DataConnectorMicrosoftCloudAppSecurityArrayOutput

type DataConnectorMicrosoftCloudAppSecurityArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ElementType

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) Index

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput

func (o DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutput() DataConnectorMicrosoftCloudAppSecurityArrayOutput

func (DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext

func (o DataConnectorMicrosoftCloudAppSecurityArrayOutput) ToDataConnectorMicrosoftCloudAppSecurityArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityArrayOutput

type DataConnectorMicrosoftCloudAppSecurityInput

type DataConnectorMicrosoftCloudAppSecurityInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput
	ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput
}

type DataConnectorMicrosoftCloudAppSecurityMap

type DataConnectorMicrosoftCloudAppSecurityMap map[string]DataConnectorMicrosoftCloudAppSecurityInput

func (DataConnectorMicrosoftCloudAppSecurityMap) ElementType

func (DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutput

func (i DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput

func (DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext

func (i DataConnectorMicrosoftCloudAppSecurityMap) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput

type DataConnectorMicrosoftCloudAppSecurityMapInput

type DataConnectorMicrosoftCloudAppSecurityMapInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput
	ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput
}

DataConnectorMicrosoftCloudAppSecurityMapInput is an input type that accepts DataConnectorMicrosoftCloudAppSecurityMap and DataConnectorMicrosoftCloudAppSecurityMapOutput values. You can construct a concrete instance of `DataConnectorMicrosoftCloudAppSecurityMapInput` via:

DataConnectorMicrosoftCloudAppSecurityMap{ "key": DataConnectorMicrosoftCloudAppSecurityArgs{...} }

type DataConnectorMicrosoftCloudAppSecurityMapOutput

type DataConnectorMicrosoftCloudAppSecurityMapOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ElementType

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) MapIndex

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutput

func (o DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutput() DataConnectorMicrosoftCloudAppSecurityMapOutput

func (DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext

func (o DataConnectorMicrosoftCloudAppSecurityMapOutput) ToDataConnectorMicrosoftCloudAppSecurityMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityMapOutput

type DataConnectorMicrosoftCloudAppSecurityOutput

type DataConnectorMicrosoftCloudAppSecurityOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftCloudAppSecurityOutput) AlertsEnabled added in v5.5.0

Should the alerts be enabled? Defaults to `true`.

func (DataConnectorMicrosoftCloudAppSecurityOutput) DiscoveryLogsEnabled added in v5.5.0

Should the Discovery Logs be enabled? Defaults to `true`.

func (DataConnectorMicrosoftCloudAppSecurityOutput) ElementType

func (DataConnectorMicrosoftCloudAppSecurityOutput) LogAnalyticsWorkspaceId added in v5.5.0

The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.

func (DataConnectorMicrosoftCloudAppSecurityOutput) Name added in v5.5.0

The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.

func (DataConnectorMicrosoftCloudAppSecurityOutput) TenantId added in v5.5.0

The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.

func (DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutput

func (o DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutput() DataConnectorMicrosoftCloudAppSecurityOutput

func (DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext

func (o DataConnectorMicrosoftCloudAppSecurityOutput) ToDataConnectorMicrosoftCloudAppSecurityOutputWithContext(ctx context.Context) DataConnectorMicrosoftCloudAppSecurityOutput

type DataConnectorMicrosoftCloudAppSecurityState

type DataConnectorMicrosoftCloudAppSecurityState struct {
	// Should the alerts be enabled? Defaults to `true`.
	AlertsEnabled pulumi.BoolPtrInput
	// Should the Discovery Logs be enabled? Defaults to `true`.
	DiscoveryLogsEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Microsoft Cloud App Security Data Connector resides in. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Microsoft Cloud App Security Data Connector. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the Tenant that this Microsoft Cloud App Security Data Connector connects to. Changing this forces a new Microsoft Cloud App Security Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorMicrosoftCloudAppSecurityState) ElementType

type DataConnectorMicrosoftDefenderAdvancedThreatProtection

type DataConnectorMicrosoftDefenderAdvancedThreatProtection struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Microsoft Defender Advanced Threat Protection Data Connector.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("west europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorMicrosoftDefenderAdvancedThreatProtection(ctx, "exampleDataConnectorMicrosoftDefenderAdvancedThreatProtection", &sentinel.DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Microsoft Defender Advanced Threat Protection Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorMicrosoftDefenderAdvancedThreatProtection:DataConnectorMicrosoftDefenderAdvancedThreatProtection example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorMicrosoftDefenderAdvancedThreatProtection

GetDataConnectorMicrosoftDefenderAdvancedThreatProtection gets an existing DataConnectorMicrosoftDefenderAdvancedThreatProtection resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorMicrosoftDefenderAdvancedThreatProtection

func NewDataConnectorMicrosoftDefenderAdvancedThreatProtection(ctx *pulumi.Context,
	name string, args *DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs, opts ...pulumi.ResourceOption) (*DataConnectorMicrosoftDefenderAdvancedThreatProtection, error)

NewDataConnectorMicrosoftDefenderAdvancedThreatProtection registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ElementType

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (i *DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (*DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext

func (i *DataConnectorMicrosoftDefenderAdvancedThreatProtection) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs struct {
	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorMicrosoftDefenderAdvancedThreatProtection resource.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs) ElementType

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray []DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ElementType

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput
}

DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput is an input type that accepts DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray and DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput values. You can construct a concrete instance of `DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayInput` via:

DataConnectorMicrosoftDefenderAdvancedThreatProtectionArray{ DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{...} }

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ElementType

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) Index

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionArrayOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput
}

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap map[string]DataConnectorMicrosoftDefenderAdvancedThreatProtectionInput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ElementType

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext

func (i DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput interface {
	pulumi.Input

	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput() DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput
	ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput
}

DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput is an input type that accepts DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap and DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput values. You can construct a concrete instance of `DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapInput` via:

DataConnectorMicrosoftDefenderAdvancedThreatProtectionMap{ "key": DataConnectorMicrosoftDefenderAdvancedThreatProtectionArgs{...} }

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ElementType

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionMapOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput struct{ *pulumi.OutputState }

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ElementType

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) LogAnalyticsWorkspaceId added in v5.5.0

The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) Name added in v5.5.0

The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) TenantId added in v5.5.0

The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext

func (o DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput) ToDataConnectorMicrosoftDefenderAdvancedThreatProtectionOutputWithContext(ctx context.Context) DataConnectorMicrosoftDefenderAdvancedThreatProtectionOutput

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionState

type DataConnectorMicrosoftDefenderAdvancedThreatProtectionState struct {
	// The ID of the Log Analytics Workspace that this Microsoft Defender Advanced Threat Protection Data Connector resides in. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Microsoft Defender Advanced Threat Protection Data Connector. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Microsoft Defender Advanced Threat Protection Data Connector connects to. Changing this forces a new Microsoft Defender Advanced Threat Protection Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorMicrosoftDefenderAdvancedThreatProtectionState) ElementType

type DataConnectorOffice365

type DataConnectorOffice365 struct {
	pulumi.CustomResourceState

	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrOutput `pulumi:"exchangeEnabled"`
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrOutput `pulumi:"sharepointEnabled"`
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	TeamsEnabled pulumi.BoolPtrOutput `pulumi:"teamsEnabled"`
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Office 365 Data Connector.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorOffice365(ctx, "exampleDataConnectorOffice365", &sentinel.DataConnectorOffice365Args{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Office 365 Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorOffice365:DataConnectorOffice365 example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorOffice365

func GetDataConnectorOffice365(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorOffice365State, opts ...pulumi.ResourceOption) (*DataConnectorOffice365, error)

GetDataConnectorOffice365 gets an existing DataConnectorOffice365 resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorOffice365

func NewDataConnectorOffice365(ctx *pulumi.Context,
	name string, args *DataConnectorOffice365Args, opts ...pulumi.ResourceOption) (*DataConnectorOffice365, error)

NewDataConnectorOffice365 registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorOffice365) ElementType

func (*DataConnectorOffice365) ElementType() reflect.Type

func (*DataConnectorOffice365) ToDataConnectorOffice365Output

func (i *DataConnectorOffice365) ToDataConnectorOffice365Output() DataConnectorOffice365Output

func (*DataConnectorOffice365) ToDataConnectorOffice365OutputWithContext

func (i *DataConnectorOffice365) ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output

type DataConnectorOffice365Args

type DataConnectorOffice365Args struct {
	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrInput
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	TeamsEnabled pulumi.BoolPtrInput
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorOffice365 resource.

func (DataConnectorOffice365Args) ElementType

func (DataConnectorOffice365Args) ElementType() reflect.Type

type DataConnectorOffice365Array

type DataConnectorOffice365Array []DataConnectorOffice365Input

func (DataConnectorOffice365Array) ElementType

func (DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutput

func (i DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput

func (DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutputWithContext

func (i DataConnectorOffice365Array) ToDataConnectorOffice365ArrayOutputWithContext(ctx context.Context) DataConnectorOffice365ArrayOutput

type DataConnectorOffice365ArrayInput

type DataConnectorOffice365ArrayInput interface {
	pulumi.Input

	ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput
	ToDataConnectorOffice365ArrayOutputWithContext(context.Context) DataConnectorOffice365ArrayOutput
}

DataConnectorOffice365ArrayInput is an input type that accepts DataConnectorOffice365Array and DataConnectorOffice365ArrayOutput values. You can construct a concrete instance of `DataConnectorOffice365ArrayInput` via:

DataConnectorOffice365Array{ DataConnectorOffice365Args{...} }

type DataConnectorOffice365ArrayOutput

type DataConnectorOffice365ArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365ArrayOutput) ElementType

func (DataConnectorOffice365ArrayOutput) Index

func (DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutput

func (o DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutput() DataConnectorOffice365ArrayOutput

func (DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutputWithContext

func (o DataConnectorOffice365ArrayOutput) ToDataConnectorOffice365ArrayOutputWithContext(ctx context.Context) DataConnectorOffice365ArrayOutput

type DataConnectorOffice365Input

type DataConnectorOffice365Input interface {
	pulumi.Input

	ToDataConnectorOffice365Output() DataConnectorOffice365Output
	ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output
}

type DataConnectorOffice365Map

type DataConnectorOffice365Map map[string]DataConnectorOffice365Input

func (DataConnectorOffice365Map) ElementType

func (DataConnectorOffice365Map) ElementType() reflect.Type

func (DataConnectorOffice365Map) ToDataConnectorOffice365MapOutput

func (i DataConnectorOffice365Map) ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput

func (DataConnectorOffice365Map) ToDataConnectorOffice365MapOutputWithContext

func (i DataConnectorOffice365Map) ToDataConnectorOffice365MapOutputWithContext(ctx context.Context) DataConnectorOffice365MapOutput

type DataConnectorOffice365MapInput

type DataConnectorOffice365MapInput interface {
	pulumi.Input

	ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput
	ToDataConnectorOffice365MapOutputWithContext(context.Context) DataConnectorOffice365MapOutput
}

DataConnectorOffice365MapInput is an input type that accepts DataConnectorOffice365Map and DataConnectorOffice365MapOutput values. You can construct a concrete instance of `DataConnectorOffice365MapInput` via:

DataConnectorOffice365Map{ "key": DataConnectorOffice365Args{...} }

type DataConnectorOffice365MapOutput

type DataConnectorOffice365MapOutput struct{ *pulumi.OutputState }

func (DataConnectorOffice365MapOutput) ElementType

func (DataConnectorOffice365MapOutput) MapIndex

func (DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutput

func (o DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutput() DataConnectorOffice365MapOutput

func (DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutputWithContext

func (o DataConnectorOffice365MapOutput) ToDataConnectorOffice365MapOutputWithContext(ctx context.Context) DataConnectorOffice365MapOutput

type DataConnectorOffice365Output

type DataConnectorOffice365Output struct{ *pulumi.OutputState }

func (DataConnectorOffice365Output) ElementType

func (DataConnectorOffice365Output) ExchangeEnabled added in v5.5.0

Should the Exchange data connector be enabled? Defaults to `true`.

func (DataConnectorOffice365Output) LogAnalyticsWorkspaceId added in v5.5.0

func (o DataConnectorOffice365Output) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.

func (DataConnectorOffice365Output) Name added in v5.5.0

The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.

func (DataConnectorOffice365Output) SharepointEnabled added in v5.5.0

func (o DataConnectorOffice365Output) SharepointEnabled() pulumi.BoolPtrOutput

Should the SharePoint data connector be enabled? Defaults to `true`.

func (DataConnectorOffice365Output) TeamsEnabled added in v5.5.0

Should the Microsoft Teams data connector be enabled? Defaults to `true`.

func (DataConnectorOffice365Output) TenantId added in v5.5.0

The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.

func (DataConnectorOffice365Output) ToDataConnectorOffice365Output

func (o DataConnectorOffice365Output) ToDataConnectorOffice365Output() DataConnectorOffice365Output

func (DataConnectorOffice365Output) ToDataConnectorOffice365OutputWithContext

func (o DataConnectorOffice365Output) ToDataConnectorOffice365OutputWithContext(ctx context.Context) DataConnectorOffice365Output

type DataConnectorOffice365State

type DataConnectorOffice365State struct {
	// Should the Exchange data connector be enabled? Defaults to `true`.
	ExchangeEnabled pulumi.BoolPtrInput
	// The ID of the Log Analytics Workspace that this Office 365 Data Connector resides in. Changing this forces a new Office 365 Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Office 365 Data Connector. Changing this forces a new Office 365 Data Connector to be created.
	Name pulumi.StringPtrInput
	// Should the SharePoint data connector be enabled? Defaults to `true`.
	SharepointEnabled pulumi.BoolPtrInput
	// Should the Microsoft Teams data connector be enabled? Defaults to `true`.
	TeamsEnabled pulumi.BoolPtrInput
	// The ID of the Tenant that this Office 365 Data Connector connects to. Changing this forces a new Office 365 Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorOffice365State) ElementType

type DataConnectorThreatIntelligence

type DataConnectorThreatIntelligence struct {
	pulumi.CustomResourceState

	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	TenantId pulumi.StringOutput `pulumi:"tenantId"`
}

Manages a Threat Intelligence Data Connector.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewDataConnectorThreatIntelligence(ctx, "exampleDataConnectorThreatIntelligence", &sentinel.DataConnectorThreatIntelligenceArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Threat Intelligence Data Connectors can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/dataConnectorThreatIntelligence:DataConnectorThreatIntelligence example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/dataConnectors/dc1

```

func GetDataConnectorThreatIntelligence

func GetDataConnectorThreatIntelligence(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DataConnectorThreatIntelligenceState, opts ...pulumi.ResourceOption) (*DataConnectorThreatIntelligence, error)

GetDataConnectorThreatIntelligence gets an existing DataConnectorThreatIntelligence resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewDataConnectorThreatIntelligence

func NewDataConnectorThreatIntelligence(ctx *pulumi.Context,
	name string, args *DataConnectorThreatIntelligenceArgs, opts ...pulumi.ResourceOption) (*DataConnectorThreatIntelligence, error)

NewDataConnectorThreatIntelligence registers a new resource with the given unique name, arguments, and options.

func (*DataConnectorThreatIntelligence) ElementType

func (*DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutput

func (i *DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput

func (*DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutputWithContext

func (i *DataConnectorThreatIntelligence) ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput

type DataConnectorThreatIntelligenceArgs

type DataConnectorThreatIntelligenceArgs struct {
	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

The set of arguments for constructing a DataConnectorThreatIntelligence resource.

func (DataConnectorThreatIntelligenceArgs) ElementType

type DataConnectorThreatIntelligenceArray

type DataConnectorThreatIntelligenceArray []DataConnectorThreatIntelligenceInput

func (DataConnectorThreatIntelligenceArray) ElementType

func (DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutput

func (i DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput

func (DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutputWithContext

func (i DataConnectorThreatIntelligenceArray) ToDataConnectorThreatIntelligenceArrayOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceArrayOutput

type DataConnectorThreatIntelligenceArrayInput

type DataConnectorThreatIntelligenceArrayInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput
	ToDataConnectorThreatIntelligenceArrayOutputWithContext(context.Context) DataConnectorThreatIntelligenceArrayOutput
}

DataConnectorThreatIntelligenceArrayInput is an input type that accepts DataConnectorThreatIntelligenceArray and DataConnectorThreatIntelligenceArrayOutput values. You can construct a concrete instance of `DataConnectorThreatIntelligenceArrayInput` via:

DataConnectorThreatIntelligenceArray{ DataConnectorThreatIntelligenceArgs{...} }

type DataConnectorThreatIntelligenceArrayOutput

type DataConnectorThreatIntelligenceArrayOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceArrayOutput) ElementType

func (DataConnectorThreatIntelligenceArrayOutput) Index

func (DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutput

func (o DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutput() DataConnectorThreatIntelligenceArrayOutput

func (DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutputWithContext

func (o DataConnectorThreatIntelligenceArrayOutput) ToDataConnectorThreatIntelligenceArrayOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceArrayOutput

type DataConnectorThreatIntelligenceInput

type DataConnectorThreatIntelligenceInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput
	ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput
}

type DataConnectorThreatIntelligenceMap

type DataConnectorThreatIntelligenceMap map[string]DataConnectorThreatIntelligenceInput

func (DataConnectorThreatIntelligenceMap) ElementType

func (DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutput

func (i DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput

func (DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutputWithContext

func (i DataConnectorThreatIntelligenceMap) ToDataConnectorThreatIntelligenceMapOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceMapOutput

type DataConnectorThreatIntelligenceMapInput

type DataConnectorThreatIntelligenceMapInput interface {
	pulumi.Input

	ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput
	ToDataConnectorThreatIntelligenceMapOutputWithContext(context.Context) DataConnectorThreatIntelligenceMapOutput
}

DataConnectorThreatIntelligenceMapInput is an input type that accepts DataConnectorThreatIntelligenceMap and DataConnectorThreatIntelligenceMapOutput values. You can construct a concrete instance of `DataConnectorThreatIntelligenceMapInput` via:

DataConnectorThreatIntelligenceMap{ "key": DataConnectorThreatIntelligenceArgs{...} }

type DataConnectorThreatIntelligenceMapOutput

type DataConnectorThreatIntelligenceMapOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceMapOutput) ElementType

func (DataConnectorThreatIntelligenceMapOutput) MapIndex

func (DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutput

func (o DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutput() DataConnectorThreatIntelligenceMapOutput

func (DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutputWithContext

func (o DataConnectorThreatIntelligenceMapOutput) ToDataConnectorThreatIntelligenceMapOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceMapOutput

type DataConnectorThreatIntelligenceOutput

type DataConnectorThreatIntelligenceOutput struct{ *pulumi.OutputState }

func (DataConnectorThreatIntelligenceOutput) ElementType

func (DataConnectorThreatIntelligenceOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o DataConnectorThreatIntelligenceOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.

func (DataConnectorThreatIntelligenceOutput) Name added in v5.5.0

The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.

func (DataConnectorThreatIntelligenceOutput) TenantId added in v5.5.0

The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.

func (DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutput

func (o DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutput() DataConnectorThreatIntelligenceOutput

func (DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutputWithContext

func (o DataConnectorThreatIntelligenceOutput) ToDataConnectorThreatIntelligenceOutputWithContext(ctx context.Context) DataConnectorThreatIntelligenceOutput

type DataConnectorThreatIntelligenceState

type DataConnectorThreatIntelligenceState struct {
	// The ID of the Log Analytics Workspace that this Threat Intelligence Data Connector resides in. Changing this forces a new Threat Intelligence Data Connector to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Threat Intelligence Data Connector. Changing this forces a new Threat Intelligence Data Connector to be created.
	Name pulumi.StringPtrInput
	// The ID of the tenant that this Threat Intelligence Data Connector connects to. Changing this forces a new Threat Intelligence Data Connector to be created.
	TenantId pulumi.StringPtrInput
}

func (DataConnectorThreatIntelligenceState) ElementType

type GetAlertRuleArgs

type GetAlertRuleArgs struct {
	// The ID of the Log Analytics Workspace this Sentinel Alert Rule belongs to.
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Alert Rule.
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getAlertRule.

type GetAlertRuleOutputArgs

type GetAlertRuleOutputArgs struct {
	// The ID of the Log Analytics Workspace this Sentinel Alert Rule belongs to.
	LogAnalyticsWorkspaceId pulumi.StringInput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Alert Rule.
	Name pulumi.StringInput `pulumi:"name"`
}

A collection of arguments for invoking getAlertRule.

func (GetAlertRuleOutputArgs) ElementType

func (GetAlertRuleOutputArgs) ElementType() reflect.Type

type GetAlertRuleResult

type GetAlertRuleResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id                      string `pulumi:"id"`
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	Name                    string `pulumi:"name"`
}

A collection of values returned by getAlertRule.

func GetAlertRule

func GetAlertRule(ctx *pulumi.Context, args *GetAlertRuleArgs, opts ...pulumi.InvokeOption) (*GetAlertRuleResult, error)

Use this data source to access information about an existing Sentinel Alert Rule.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleAnalyticsWorkspace, err := operationalinsights.LookupAnalyticsWorkspace(ctx, &operationalinsights.LookupAnalyticsWorkspaceArgs{
			Name:              "example",
			ResourceGroupName: "example-resources",
		}, nil)
		if err != nil {
			return err
		}
		exampleAlertRule, err := sentinel.GetAlertRule(ctx, &sentinel.GetAlertRuleArgs{
			Name:                    "existing",
			LogAnalyticsWorkspaceId: exampleAnalyticsWorkspace.Id,
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", exampleAlertRule.Id)
		return nil
	})
}

```

type GetAlertRuleResultOutput

type GetAlertRuleResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAlertRule.

func (GetAlertRuleResultOutput) ElementType

func (GetAlertRuleResultOutput) ElementType() reflect.Type

func (GetAlertRuleResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (GetAlertRuleResultOutput) LogAnalyticsWorkspaceId

func (o GetAlertRuleResultOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

func (GetAlertRuleResultOutput) Name

func (GetAlertRuleResultOutput) ToGetAlertRuleResultOutput

func (o GetAlertRuleResultOutput) ToGetAlertRuleResultOutput() GetAlertRuleResultOutput

func (GetAlertRuleResultOutput) ToGetAlertRuleResultOutputWithContext

func (o GetAlertRuleResultOutput) ToGetAlertRuleResultOutputWithContext(ctx context.Context) GetAlertRuleResultOutput

type GetAlertRuleTemplateArgs

type GetAlertRuleTemplateArgs struct {
	// The display name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	DisplayName *string `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace.
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	// The name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name *string `pulumi:"name"`
}

A collection of arguments for invoking getAlertRuleTemplate.

type GetAlertRuleTemplateOutputArgs

type GetAlertRuleTemplateOutputArgs struct {
	// The display name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	DisplayName pulumi.StringPtrInput `pulumi:"displayName"`
	// The ID of the Log Analytics Workspace.
	LogAnalyticsWorkspaceId pulumi.StringInput `pulumi:"logAnalyticsWorkspaceId"`
	// The name of this Sentinel Alert Rule Template. Either `displayName` or `name` have to be specified.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

A collection of arguments for invoking getAlertRuleTemplate.

func (GetAlertRuleTemplateOutputArgs) ElementType

type GetAlertRuleTemplateResult

type GetAlertRuleTemplateResult struct {
	DisplayName string `pulumi:"displayName"`
	// The provider-assigned unique ID for this managed resource.
	Id                      string `pulumi:"id"`
	LogAnalyticsWorkspaceId string `pulumi:"logAnalyticsWorkspaceId"`
	Name                    string `pulumi:"name"`
	// A `scheduledTemplate` block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.
	ScheduledTemplates []GetAlertRuleTemplateScheduledTemplate `pulumi:"scheduledTemplates"`
	// A `securityIncidentTemplate` block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.
	SecurityIncidentTemplates []GetAlertRuleTemplateSecurityIncidentTemplate `pulumi:"securityIncidentTemplates"`
}

A collection of values returned by getAlertRuleTemplate.

func GetAlertRuleTemplate

func GetAlertRuleTemplate(ctx *pulumi.Context, args *GetAlertRuleTemplateArgs, opts ...pulumi.InvokeOption) (*GetAlertRuleTemplateResult, error)

Use this data source to access information about an existing Sentinel Alert Rule Template.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := sentinel.GetAlertRuleTemplate(ctx, &sentinel.GetAlertRuleTemplateArgs{
			LogAnalyticsWorkspaceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1",
			DisplayName:             pulumi.StringRef("Create incidents based on Azure Security Center for IoT alerts"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", example.Id)
		return nil
	})
}

```

type GetAlertRuleTemplateResultOutput

type GetAlertRuleTemplateResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAlertRuleTemplate.

func (GetAlertRuleTemplateResultOutput) DisplayName

func (GetAlertRuleTemplateResultOutput) ElementType

func (GetAlertRuleTemplateResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (GetAlertRuleTemplateResultOutput) LogAnalyticsWorkspaceId

func (o GetAlertRuleTemplateResultOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

func (GetAlertRuleTemplateResultOutput) Name

func (GetAlertRuleTemplateResultOutput) ScheduledTemplates

A `scheduledTemplate` block as defined below. This only applies to Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateResultOutput) SecurityIncidentTemplates

A `securityIncidentTemplate` block as defined below. This only applies to Sentinel MS Security Incident Alert Rule Template.

func (GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutput

func (o GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutput() GetAlertRuleTemplateResultOutput

func (GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutputWithContext

func (o GetAlertRuleTemplateResultOutput) ToGetAlertRuleTemplateResultOutputWithContext(ctx context.Context) GetAlertRuleTemplateResultOutput

type GetAlertRuleTemplateScheduledTemplate

type GetAlertRuleTemplateScheduledTemplate struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description string `pulumi:"description"`
	// The query of this Sentinel Scheduled Alert Rule Template.
	Query string `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries.
	QueryFrequency string `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
	QueryPeriod string `pulumi:"queryPeriod"`
	// The alert severity of this Sentinel Scheduled Alert Rule Template.
	Severity string `pulumi:"severity"`
	// A list of categories of attacks by which to classify the rule.
	Tactics []string `pulumi:"tactics"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerOperator string `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerThreshold int `pulumi:"triggerThreshold"`
}

type GetAlertRuleTemplateScheduledTemplateArgs

type GetAlertRuleTemplateScheduledTemplateArgs struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description pulumi.StringInput `pulumi:"description"`
	// The query of this Sentinel Scheduled Alert Rule Template.
	Query pulumi.StringInput `pulumi:"query"`
	// The ISO 8601 timespan duration between two consecutive queries.
	QueryFrequency pulumi.StringInput `pulumi:"queryFrequency"`
	// The ISO 8601 timespan duration, which determine the time period of the data covered by the query.
	QueryPeriod pulumi.StringInput `pulumi:"queryPeriod"`
	// The alert severity of this Sentinel Scheduled Alert Rule Template.
	Severity pulumi.StringInput `pulumi:"severity"`
	// A list of categories of attacks by which to classify the rule.
	Tactics pulumi.StringArrayInput `pulumi:"tactics"`
	// The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerOperator pulumi.StringInput `pulumi:"triggerOperator"`
	// The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.
	TriggerThreshold pulumi.IntInput `pulumi:"triggerThreshold"`
}

func (GetAlertRuleTemplateScheduledTemplateArgs) ElementType

func (GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutput

func (i GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext

func (i GetAlertRuleTemplateScheduledTemplateArgs) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateOutput

type GetAlertRuleTemplateScheduledTemplateArray

type GetAlertRuleTemplateScheduledTemplateArray []GetAlertRuleTemplateScheduledTemplateInput

func (GetAlertRuleTemplateScheduledTemplateArray) ElementType

func (GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutput

func (i GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput

func (GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext

func (i GetAlertRuleTemplateScheduledTemplateArray) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput

type GetAlertRuleTemplateScheduledTemplateArrayInput

type GetAlertRuleTemplateScheduledTemplateArrayInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput
	ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput
}

GetAlertRuleTemplateScheduledTemplateArrayInput is an input type that accepts GetAlertRuleTemplateScheduledTemplateArray and GetAlertRuleTemplateScheduledTemplateArrayOutput values. You can construct a concrete instance of `GetAlertRuleTemplateScheduledTemplateArrayInput` via:

GetAlertRuleTemplateScheduledTemplateArray{ GetAlertRuleTemplateScheduledTemplateArgs{...} }

type GetAlertRuleTemplateScheduledTemplateArrayOutput

type GetAlertRuleTemplateScheduledTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ElementType

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) Index

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutput

func (o GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutput() GetAlertRuleTemplateScheduledTemplateArrayOutput

func (GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext

func (o GetAlertRuleTemplateScheduledTemplateArrayOutput) ToGetAlertRuleTemplateScheduledTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateArrayOutput

type GetAlertRuleTemplateScheduledTemplateInput

type GetAlertRuleTemplateScheduledTemplateInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput
	ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(context.Context) GetAlertRuleTemplateScheduledTemplateOutput
}

GetAlertRuleTemplateScheduledTemplateInput is an input type that accepts GetAlertRuleTemplateScheduledTemplateArgs and GetAlertRuleTemplateScheduledTemplateOutput values. You can construct a concrete instance of `GetAlertRuleTemplateScheduledTemplateInput` via:

GetAlertRuleTemplateScheduledTemplateArgs{...}

type GetAlertRuleTemplateScheduledTemplateOutput

type GetAlertRuleTemplateScheduledTemplateOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateScheduledTemplateOutput) Description

The description of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) ElementType

func (GetAlertRuleTemplateScheduledTemplateOutput) Query

The query of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) QueryFrequency

The ISO 8601 timespan duration between two consecutive queries.

func (GetAlertRuleTemplateScheduledTemplateOutput) QueryPeriod

The ISO 8601 timespan duration, which determine the time period of the data covered by the query.

func (GetAlertRuleTemplateScheduledTemplateOutput) Severity

The alert severity of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) Tactics

A list of categories of attacks by which to classify the rule.

func (GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutput

func (o GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutput() GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext

func (o GetAlertRuleTemplateScheduledTemplateOutput) ToGetAlertRuleTemplateScheduledTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateScheduledTemplateOutput

func (GetAlertRuleTemplateScheduledTemplateOutput) TriggerOperator

The alert trigger operator, combined with `triggerThreshold`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateScheduledTemplateOutput) TriggerThreshold

The baseline number of query results generated, combined with `triggerOperator`, setting alert threshold of this Sentinel Scheduled Alert Rule Template.

type GetAlertRuleTemplateSecurityIncidentTemplate

type GetAlertRuleTemplateSecurityIncidentTemplate struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description string `pulumi:"description"`
	// The Microsoft Security Service from where the alert will be generated.
	ProductFilter string `pulumi:"productFilter"`
}

type GetAlertRuleTemplateSecurityIncidentTemplateArgs

type GetAlertRuleTemplateSecurityIncidentTemplateArgs struct {
	// The description of this Sentinel Scheduled Alert Rule Template.
	Description pulumi.StringInput `pulumi:"description"`
	// The Microsoft Security Service from where the alert will be generated.
	ProductFilter pulumi.StringInput `pulumi:"productFilter"`
}

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ElementType

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput

func (i GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext

func (i GetAlertRuleTemplateSecurityIncidentTemplateArgs) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput

type GetAlertRuleTemplateSecurityIncidentTemplateArray

type GetAlertRuleTemplateSecurityIncidentTemplateArray []GetAlertRuleTemplateSecurityIncidentTemplateInput

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ElementType

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

func (i GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext

func (i GetAlertRuleTemplateSecurityIncidentTemplateArray) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

type GetAlertRuleTemplateSecurityIncidentTemplateArrayInput

type GetAlertRuleTemplateSecurityIncidentTemplateArrayInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput() GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput
	ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput
}

GetAlertRuleTemplateSecurityIncidentTemplateArrayInput is an input type that accepts GetAlertRuleTemplateSecurityIncidentTemplateArray and GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput values. You can construct a concrete instance of `GetAlertRuleTemplateSecurityIncidentTemplateArrayInput` via:

GetAlertRuleTemplateSecurityIncidentTemplateArray{ GetAlertRuleTemplateSecurityIncidentTemplateArgs{...} }

type GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

type GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ElementType

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) Index

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext

func (o GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateArrayOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateArrayOutput

type GetAlertRuleTemplateSecurityIncidentTemplateInput

type GetAlertRuleTemplateSecurityIncidentTemplateInput interface {
	pulumi.Input

	ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput
	ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput
}

GetAlertRuleTemplateSecurityIncidentTemplateInput is an input type that accepts GetAlertRuleTemplateSecurityIncidentTemplateArgs and GetAlertRuleTemplateSecurityIncidentTemplateOutput values. You can construct a concrete instance of `GetAlertRuleTemplateSecurityIncidentTemplateInput` via:

GetAlertRuleTemplateSecurityIncidentTemplateArgs{...}

type GetAlertRuleTemplateSecurityIncidentTemplateOutput

type GetAlertRuleTemplateSecurityIncidentTemplateOutput struct{ *pulumi.OutputState }

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) Description

The description of this Sentinel Scheduled Alert Rule Template.

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ElementType

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ProductFilter

The Microsoft Security Service from where the alert will be generated.

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutput() GetAlertRuleTemplateSecurityIncidentTemplateOutput

func (GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext

func (o GetAlertRuleTemplateSecurityIncidentTemplateOutput) ToGetAlertRuleTemplateSecurityIncidentTemplateOutputWithContext(ctx context.Context) GetAlertRuleTemplateSecurityIncidentTemplateOutput

type Watchlist

type Watchlist struct {
	pulumi.CustomResourceState

	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrOutput `pulumi:"defaultDuration"`
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.
	ItemSearchKey pulumi.StringOutput `pulumi:"itemSearchKey"`
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayOutput `pulumi:"labels"`
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringOutput `pulumi:"logAnalyticsWorkspaceId"`
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringOutput `pulumi:"name"`
}

Manages a Sentinel Watchlist.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewWatchlist(ctx, "exampleWatchlist", &sentinel.WatchlistArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			DisplayName:             pulumi.String("example-wl"),
			ItemSearchKey:           pulumi.String("Key"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Watchlists can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/watchlist:Watchlist example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1

```

func GetWatchlist

func GetWatchlist(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WatchlistState, opts ...pulumi.ResourceOption) (*Watchlist, error)

GetWatchlist gets an existing Watchlist resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWatchlist

func NewWatchlist(ctx *pulumi.Context,
	name string, args *WatchlistArgs, opts ...pulumi.ResourceOption) (*Watchlist, error)

NewWatchlist registers a new resource with the given unique name, arguments, and options.

func (*Watchlist) ElementType

func (*Watchlist) ElementType() reflect.Type

func (*Watchlist) ToWatchlistOutput

func (i *Watchlist) ToWatchlistOutput() WatchlistOutput

func (*Watchlist) ToWatchlistOutputWithContext

func (i *Watchlist) ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput

type WatchlistArgs

type WatchlistArgs struct {
	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrInput
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrInput
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringInput
	// The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.
	ItemSearchKey pulumi.StringInput
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayInput
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringInput
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringPtrInput
}

The set of arguments for constructing a Watchlist resource.

func (WatchlistArgs) ElementType

func (WatchlistArgs) ElementType() reflect.Type

type WatchlistArray

type WatchlistArray []WatchlistInput

func (WatchlistArray) ElementType

func (WatchlistArray) ElementType() reflect.Type

func (WatchlistArray) ToWatchlistArrayOutput

func (i WatchlistArray) ToWatchlistArrayOutput() WatchlistArrayOutput

func (WatchlistArray) ToWatchlistArrayOutputWithContext

func (i WatchlistArray) ToWatchlistArrayOutputWithContext(ctx context.Context) WatchlistArrayOutput

type WatchlistArrayInput

type WatchlistArrayInput interface {
	pulumi.Input

	ToWatchlistArrayOutput() WatchlistArrayOutput
	ToWatchlistArrayOutputWithContext(context.Context) WatchlistArrayOutput
}

WatchlistArrayInput is an input type that accepts WatchlistArray and WatchlistArrayOutput values. You can construct a concrete instance of `WatchlistArrayInput` via:

WatchlistArray{ WatchlistArgs{...} }

type WatchlistArrayOutput

type WatchlistArrayOutput struct{ *pulumi.OutputState }

func (WatchlistArrayOutput) ElementType

func (WatchlistArrayOutput) ElementType() reflect.Type

func (WatchlistArrayOutput) Index

func (WatchlistArrayOutput) ToWatchlistArrayOutput

func (o WatchlistArrayOutput) ToWatchlistArrayOutput() WatchlistArrayOutput

func (WatchlistArrayOutput) ToWatchlistArrayOutputWithContext

func (o WatchlistArrayOutput) ToWatchlistArrayOutputWithContext(ctx context.Context) WatchlistArrayOutput

type WatchlistInput

type WatchlistInput interface {
	pulumi.Input

	ToWatchlistOutput() WatchlistOutput
	ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput
}

type WatchlistItem

type WatchlistItem struct {
	pulumi.CustomResourceState

	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringOutput `pulumi:"name"`
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapOutput `pulumi:"properties"`
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringOutput `pulumi:"watchlistId"`
}

Manages a Sentinel Watchlist Item.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/operationalinsights"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/sentinel"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsWorkspace, err := operationalinsights.NewAnalyticsWorkspace(ctx, "exampleAnalyticsWorkspace", &operationalinsights.AnalyticsWorkspaceArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			Sku:               pulumi.String("PerGB2018"),
		})
		if err != nil {
			return err
		}
		exampleAnalyticsSolution, err := operationalinsights.NewAnalyticsSolution(ctx, "exampleAnalyticsSolution", &operationalinsights.AnalyticsSolutionArgs{
			SolutionName:        pulumi.String("SecurityInsights"),
			Location:            exampleResourceGroup.Location,
			ResourceGroupName:   exampleResourceGroup.Name,
			WorkspaceResourceId: exampleAnalyticsWorkspace.ID(),
			WorkspaceName:       exampleAnalyticsWorkspace.Name,
			Plan: &operationalinsights.AnalyticsSolutionPlanArgs{
				Publisher: pulumi.String("Microsoft"),
				Product:   pulumi.String("OMSGallery/SecurityInsights"),
			},
		})
		if err != nil {
			return err
		}
		exampleWatchlist, err := sentinel.NewWatchlist(ctx, "exampleWatchlist", &sentinel.WatchlistArgs{
			LogAnalyticsWorkspaceId: exampleAnalyticsSolution.WorkspaceResourceId,
			DisplayName:             pulumi.String("example-wl"),
			ItemSearchKey:           pulumi.String("Key"),
		})
		if err != nil {
			return err
		}
		_, err = sentinel.NewWatchlistItem(ctx, "exampleWatchlistItem", &sentinel.WatchlistItemArgs{
			WatchlistId: exampleWatchlist.ID(),
			Properties: pulumi.StringMap{
				"k1": pulumi.String("v1"),
				"k2": pulumi.String("v2"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Sentinel Watchlist Items can be imported using the `resource id`, e.g.

```sh

$ pulumi import azure:sentinel/watchlistItem:WatchlistItem example /subscriptions/12345678-1234-9876-4563-123456789012/resourceGroups/resGroup1/providers/Microsoft.OperationalInsights/workspaces/workspace1/providers/Microsoft.SecurityInsights/watchlists/list1/watchlistItems/item1

```

func GetWatchlistItem

func GetWatchlistItem(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *WatchlistItemState, opts ...pulumi.ResourceOption) (*WatchlistItem, error)

GetWatchlistItem gets an existing WatchlistItem resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewWatchlistItem

func NewWatchlistItem(ctx *pulumi.Context,
	name string, args *WatchlistItemArgs, opts ...pulumi.ResourceOption) (*WatchlistItem, error)

NewWatchlistItem registers a new resource with the given unique name, arguments, and options.

func (*WatchlistItem) ElementType

func (*WatchlistItem) ElementType() reflect.Type

func (*WatchlistItem) ToWatchlistItemOutput

func (i *WatchlistItem) ToWatchlistItemOutput() WatchlistItemOutput

func (*WatchlistItem) ToWatchlistItemOutputWithContext

func (i *WatchlistItem) ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput

type WatchlistItemArgs

type WatchlistItemArgs struct {
	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringPtrInput
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapInput
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringInput
}

The set of arguments for constructing a WatchlistItem resource.

func (WatchlistItemArgs) ElementType

func (WatchlistItemArgs) ElementType() reflect.Type

type WatchlistItemArray

type WatchlistItemArray []WatchlistItemInput

func (WatchlistItemArray) ElementType

func (WatchlistItemArray) ElementType() reflect.Type

func (WatchlistItemArray) ToWatchlistItemArrayOutput

func (i WatchlistItemArray) ToWatchlistItemArrayOutput() WatchlistItemArrayOutput

func (WatchlistItemArray) ToWatchlistItemArrayOutputWithContext

func (i WatchlistItemArray) ToWatchlistItemArrayOutputWithContext(ctx context.Context) WatchlistItemArrayOutput

type WatchlistItemArrayInput

type WatchlistItemArrayInput interface {
	pulumi.Input

	ToWatchlistItemArrayOutput() WatchlistItemArrayOutput
	ToWatchlistItemArrayOutputWithContext(context.Context) WatchlistItemArrayOutput
}

WatchlistItemArrayInput is an input type that accepts WatchlistItemArray and WatchlistItemArrayOutput values. You can construct a concrete instance of `WatchlistItemArrayInput` via:

WatchlistItemArray{ WatchlistItemArgs{...} }

type WatchlistItemArrayOutput

type WatchlistItemArrayOutput struct{ *pulumi.OutputState }

func (WatchlistItemArrayOutput) ElementType

func (WatchlistItemArrayOutput) ElementType() reflect.Type

func (WatchlistItemArrayOutput) Index

func (WatchlistItemArrayOutput) ToWatchlistItemArrayOutput

func (o WatchlistItemArrayOutput) ToWatchlistItemArrayOutput() WatchlistItemArrayOutput

func (WatchlistItemArrayOutput) ToWatchlistItemArrayOutputWithContext

func (o WatchlistItemArrayOutput) ToWatchlistItemArrayOutputWithContext(ctx context.Context) WatchlistItemArrayOutput

type WatchlistItemInput

type WatchlistItemInput interface {
	pulumi.Input

	ToWatchlistItemOutput() WatchlistItemOutput
	ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput
}

type WatchlistItemMap

type WatchlistItemMap map[string]WatchlistItemInput

func (WatchlistItemMap) ElementType

func (WatchlistItemMap) ElementType() reflect.Type

func (WatchlistItemMap) ToWatchlistItemMapOutput

func (i WatchlistItemMap) ToWatchlistItemMapOutput() WatchlistItemMapOutput

func (WatchlistItemMap) ToWatchlistItemMapOutputWithContext

func (i WatchlistItemMap) ToWatchlistItemMapOutputWithContext(ctx context.Context) WatchlistItemMapOutput

type WatchlistItemMapInput

type WatchlistItemMapInput interface {
	pulumi.Input

	ToWatchlistItemMapOutput() WatchlistItemMapOutput
	ToWatchlistItemMapOutputWithContext(context.Context) WatchlistItemMapOutput
}

WatchlistItemMapInput is an input type that accepts WatchlistItemMap and WatchlistItemMapOutput values. You can construct a concrete instance of `WatchlistItemMapInput` via:

WatchlistItemMap{ "key": WatchlistItemArgs{...} }

type WatchlistItemMapOutput

type WatchlistItemMapOutput struct{ *pulumi.OutputState }

func (WatchlistItemMapOutput) ElementType

func (WatchlistItemMapOutput) ElementType() reflect.Type

func (WatchlistItemMapOutput) MapIndex

func (WatchlistItemMapOutput) ToWatchlistItemMapOutput

func (o WatchlistItemMapOutput) ToWatchlistItemMapOutput() WatchlistItemMapOutput

func (WatchlistItemMapOutput) ToWatchlistItemMapOutputWithContext

func (o WatchlistItemMapOutput) ToWatchlistItemMapOutputWithContext(ctx context.Context) WatchlistItemMapOutput

type WatchlistItemOutput

type WatchlistItemOutput struct{ *pulumi.OutputState }

func (WatchlistItemOutput) ElementType

func (WatchlistItemOutput) ElementType() reflect.Type

func (WatchlistItemOutput) Name added in v5.5.0

The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.

func (WatchlistItemOutput) Properties added in v5.5.0

The key value pairs of the Sentinel Watchlist Item.

func (WatchlistItemOutput) ToWatchlistItemOutput

func (o WatchlistItemOutput) ToWatchlistItemOutput() WatchlistItemOutput

func (WatchlistItemOutput) ToWatchlistItemOutputWithContext

func (o WatchlistItemOutput) ToWatchlistItemOutputWithContext(ctx context.Context) WatchlistItemOutput

func (WatchlistItemOutput) WatchlistId added in v5.5.0

func (o WatchlistItemOutput) WatchlistId() pulumi.StringOutput

The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.

type WatchlistItemState

type WatchlistItemState struct {
	// The name in UUID format which should be used for this Sentinel Watchlist Item. Changing this forces a new Sentinel Watchlist Item to be created.
	Name pulumi.StringPtrInput
	// The key value pairs of the Sentinel Watchlist Item.
	Properties pulumi.StringMapInput
	// The ID of the Sentinel Watchlist that this Item resides in. Changing this forces a new Sentinel Watchlist Item to be created.
	WatchlistId pulumi.StringPtrInput
}

func (WatchlistItemState) ElementType

func (WatchlistItemState) ElementType() reflect.Type

type WatchlistMap

type WatchlistMap map[string]WatchlistInput

func (WatchlistMap) ElementType

func (WatchlistMap) ElementType() reflect.Type

func (WatchlistMap) ToWatchlistMapOutput

func (i WatchlistMap) ToWatchlistMapOutput() WatchlistMapOutput

func (WatchlistMap) ToWatchlistMapOutputWithContext

func (i WatchlistMap) ToWatchlistMapOutputWithContext(ctx context.Context) WatchlistMapOutput

type WatchlistMapInput

type WatchlistMapInput interface {
	pulumi.Input

	ToWatchlistMapOutput() WatchlistMapOutput
	ToWatchlistMapOutputWithContext(context.Context) WatchlistMapOutput
}

WatchlistMapInput is an input type that accepts WatchlistMap and WatchlistMapOutput values. You can construct a concrete instance of `WatchlistMapInput` via:

WatchlistMap{ "key": WatchlistArgs{...} }

type WatchlistMapOutput

type WatchlistMapOutput struct{ *pulumi.OutputState }

func (WatchlistMapOutput) ElementType

func (WatchlistMapOutput) ElementType() reflect.Type

func (WatchlistMapOutput) MapIndex

func (WatchlistMapOutput) ToWatchlistMapOutput

func (o WatchlistMapOutput) ToWatchlistMapOutput() WatchlistMapOutput

func (WatchlistMapOutput) ToWatchlistMapOutputWithContext

func (o WatchlistMapOutput) ToWatchlistMapOutputWithContext(ctx context.Context) WatchlistMapOutput

type WatchlistOutput

type WatchlistOutput struct{ *pulumi.OutputState }

func (WatchlistOutput) DefaultDuration added in v5.5.0

func (o WatchlistOutput) DefaultDuration() pulumi.StringPtrOutput

The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) Description added in v5.5.0

func (o WatchlistOutput) Description() pulumi.StringPtrOutput

The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) DisplayName added in v5.5.0

func (o WatchlistOutput) DisplayName() pulumi.StringOutput

The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) ElementType

func (WatchlistOutput) ElementType() reflect.Type

func (WatchlistOutput) ItemSearchKey added in v5.5.0

func (o WatchlistOutput) ItemSearchKey() pulumi.StringOutput

The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) Labels added in v5.5.0

Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) LogAnalyticsWorkspaceId added in v5.5.0

func (o WatchlistOutput) LogAnalyticsWorkspaceId() pulumi.StringOutput

The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) Name added in v5.5.0

The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.

func (WatchlistOutput) ToWatchlistOutput

func (o WatchlistOutput) ToWatchlistOutput() WatchlistOutput

func (WatchlistOutput) ToWatchlistOutputWithContext

func (o WatchlistOutput) ToWatchlistOutputWithContext(ctx context.Context) WatchlistOutput

type WatchlistState

type WatchlistState struct {
	// The default duration in ISO8601 duration form of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DefaultDuration pulumi.StringPtrInput
	// The description of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Description pulumi.StringPtrInput
	// The display name of this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	DisplayName pulumi.StringPtrInput
	// The key used to optimize query performance when using Watchlist for joins with other data. Changing this forces a new Sentinel Watchlist to be created.
	ItemSearchKey pulumi.StringPtrInput
	// Specifies a list of labels related to this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Labels pulumi.StringArrayInput
	// The ID of the Log Analytics Workspace where this Sentinel Watchlist resides in. Changing this forces a new Sentinel Watchlist to be created.
	LogAnalyticsWorkspaceId pulumi.StringPtrInput
	// The name which should be used for this Sentinel Watchlist. Changing this forces a new Sentinel Watchlist to be created.
	Name pulumi.StringPtrInput
}

func (WatchlistState) ElementType

func (WatchlistState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL